Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Google öffnet falsche Seiten (https://www.trojaner-board.de/76388-google-oeffnet-falsche-seiten.html)

floppy 13.08.2009 20:42
Google öffnet falsche Seiten
 
Hallo Leute!

Ich habe ca. 2 Wochen ein Problem mit meinem PC! Und zwar wenn ich bei google bin und etwas über irgendein thema suche öffnen sich erst ganz normal die Suchergebnisse. Wenn ich dann aber etwas von den suchergebnissen anklicken will, werde ich auf andere seiten geleitet. Meistens auf Yahoo!!! Manchaml aber ganz wo anders hin. Habe schon Antivir, CCleaner, Tune up durchlaufen lassen haben aber nichts gefunden.
Hab hier im Forum schon ein paar Beiträge zu diesem thema gelesen und die sind nicht sehr viel versprechend. Darum bitte ich euch mal über meine Logfile zuschauen bevor ich meine Rechner "Neuaufsetze"ob es event. ne andere Lösung gibt.
Vielen Dank schon mal im Voraus!!

Hier meine Daten

Logfile of HijackThis v1.99.1
Scan saved at 20:48:18, on 13.08.2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Florian Bark\pruefung.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBF6101-72EA-470F-B215-2DC2D7F0CAD9}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{6355A4BC-332B-412C-9B31-FD8D63181990}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A743870-C13F-4C36-A49F-661C5E21FF8A}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS10\Services\Tcpip\..\{0EBF6101-72EA-470F-B215-2DC2D7F0CAD9}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS20\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CS20\Services\Tcpip\..\{0EBF6101-72EA-470F-B215-2DC2D7F0CAD9}: NameServer = 85.255.112.95,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c9e850e435bec8) (gupdate1c9e850e435bec8) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

4RobSen8 13.08.2009 21:01
Hallo...und :hallo:


Du hast eine Rufumleitung. Das siehst du an folgenden Einträgen -> O17
Normalerweise stehen dort deine Internetanbieter.
Code:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.1712
Die Einträge lassen sich nach Odessa zurück führen.

Code:
(Cached data from Saturday , 3 January 2009 01:01)

85.255.112.171 = [ ]

(Asked whois.ripe.net:43 about 85.255.112.171)

 inetnum:        85.255.112.0 - 85.255.127.255
 netname:        UkrTeleGroup
 descr:          UkrTeleGroup Ltd.
 admin-c:        UA481-RIPE
 tech-c:          UA481-RIPE
 country:        UA
 org:            ORG-UL25-RIPE
 status:        ASSIGNED PI
 mnt-by:          RIPE-NCC-HM-PI-MNT
 mnt-lower:      RIPE-NCC-HM-PI-MNT
 mnt-by:          UKRTELE-MNT
 mnt-routes:      UKRTELE-MNT
 mnt-domains:    UKRTELE-MNT
 source:        RIPE  Filtered
 organisation:  ORG-UL25-RIPE
 org-name:      UkrTeleGroup Ltd.
 org-type:      LIR
 address:        UkrTeleGroup Ltd.
                Mechnikova 58/5
                65029 Odessa
                Ukraine
 phone:          380487311011
 fax-no:        380487502499
 mnt-ref:        UKRTELE-MNT
 mnt-ref:        RIPE-NCC-HM-MNT
 mnt-by:          RIPE-NCC-HM-MNT
 source:        RIPE  Filtered
 person:        Andrew Sotov
 address:        Mechnikova 58/5 65029 Odessa
 abuse-mailbox:  abuse@ukrtelegroup.com.ua
 
 phone:          380631508855
 nic-hdl:        UA481-RIPE
 source:        RIPE  Filtered

(Asked whois.arin.net:43 about +85.255.112.171) (show)

 OrgName:    RIPE Network Coordination Centre
 OrgID:      RIPE
 Address:    P.O. Box 10096
 City:      Amsterdam
 StateProv:
 PostalCode: 1001EB
 Country:    NL
 ReferralServer: whois: //whois.ripe.net: 43
 NetRange:  85.0.0.0 - 85.255.255.255
 CIDR:      85.0.0.0/8
 NetName:    85-RIPE
 NetHandle:  NET-85-0-0-0-1
 Parent:
 NetType:    Allocated to RIPE NCC
 NameServer: NS-PRIRIPENET
 NameServer: NS3.NIC.FR
 NameServer: SEC1.APNIC.NET
 NameServer: SEC3.APNIC.NET
 NameServer: SUNIC.SUNET.SE
 NameServer: TINNIE.ARIN.NET
 NameServer: NS.LACNIC.NET
 Comment:    These addresses have been further assigned to users in
 Comment:    the RIPE NCC region. Contact information can be found in
 Comment:    the RIPE database at http://www.ripe.net/whois
 RegDate:    2004-04-01
 Updated:    2004-04-06
  ARIN WHOIS database  last updated 2009-01-02 19: 10
  Enter ? for additional hints on searching ARIN's WHOIS database.
Ich denke nicht, dass das dein regulärer Internetanbieter ist.^^
Darum lese dir bitte folgenden Link aufmerksam durch und befolge ihn.
http://www.trojaner-board.de/75622-d...ittierung.html
Bedenke bitte vor dem Neuaufsetzten dir die Anleitungen irgendwie zu sichern, falls du nur einen Rechner hast. Darum entweder einen Laptop vom Freund dazuhohlen, oder ausdrucken.

post scriptum: Zumindest kann ich dir sagen, dass das hier öfters passiert.
Vllt. heitert dich das ein wenig auf.

Wenn du deinen Rechner neuaufgesetzt hast, kannst wieder im Tb vorbei gucken und die Seite "Anleitungen" dir genau durchlesen, damit das nicht nochmal passiert. Im besonderen den Link in meiner Signatur.

floppy 13.08.2009 21:05
Danke für die schnelle Antwort..kann ne lange nacht werden:confused:


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131