| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner an Bort? Werde falsch verlinkt!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.03.2011, 18:48
| #1 |
| |  Trojaner an Bort? Werde falsch verlinkt! Hallo Community, ich habe seit einigen Tagen das Problem dass ich bei Mozilla Firefox auf falsche Seiten geleitet werde wenn ich einen Link anklicke. Ich habe AntiVir schon x-mal suchen lassen, außerdem hijackthis, cleanup und DatFind. Es wurde vor einigen Tagen was gefunden, habe alles gelöscht und Momentan findet AntiVir nichts mehr. hjackthis: "HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:30:34, on 23.03.2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\MagicTune Premium\GammaTray.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\QuickTime\QTTask.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe F:\Download\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=16511 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\steam.exe" -silent O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: Dienst-Manager.lnk = C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: GammaTray.exe.lnk = ? O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: JetDrive WindowsClosingService - Unknown owner - C:\Windows\System32\WindowsClosingService (file missing) O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NlsSrv32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10519 bytes " dirdat (von den letzten 3 Monaten) : " Datentr„ger in Laufwerk C: ist HDD_0_System Volumeseriennummer: AE7F-A0DA Verzeichnis von c:\ 23.03.2011 18:37 0 dirdat.txt 23.03.2011 17:54 3.220.037.632 hiberfil.sys 28.02.2010 16:59 1.644 RHDSetup.log 19.02.2009 16:38 32 csb.log 19.02.2009 16:36 86 Install.log 5 Datei(en), 3.220.039.394 Bytes 0 Verzeichnis(se), 36.583.550.976 Bytes frei Datentr„ger in Laufwerk C: ist HDD_0_System Volumeseriennummer: AE7F-A0DA Verzeichnis von C:\Windows\system32 23.03.2011 18:02 13.408 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 23.03.2011 18:02 13.408 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 22.03.2011 23:02 125.584 perfc009.dat 22.03.2011 23:02 660.238 perfh009.dat 22.03.2011 23:02 709.668 perfh007.dat 22.03.2011 23:02 155.116 perfc007.dat 22.03.2011 23:02 1.646.784 PerfStringBackup.INI 22.03.2011 17:27 4.946.344 FNTCACHE.DAT 09.03.2011 17:31 39.946.696 MRT.exe 02.03.2011 12:33 22.016 jdnat.dll 02.03.2011 12:33 23.040 jddac.dll 02.03.2011 12:33 8.192 jdboot.exe 27.02.2011 09:16 175.616 msclmd.dll 19.02.2011 13:05 1.139.200 FntCache.dll 19.02.2011 13:04 1.544.192 DWrite.dll 19.02.2011 13:04 902.656 d2d1.dll 18.02.2011 16:36 4.184.352 usbaaplrc.dll 17.02.2011 09:35 22.295.040 atio6axx.dll 17.02.2011 09:35 51.200 aticalrt64.dll 17.02.2011 09:34 203.776 atiesrxx.exe 17.02.2011 09:34 16.384 atimuixx.dll 17.02.2011 09:34 354.304 atiadlxx.dll 17.02.2011 09:33 120.320 atitmm64.dll 17.02.2011 09:33 12.800 atiglpxx.dll 17.02.2011 09:33 5.316.096 atiumd64.dll 17.02.2011 09:32 756.736 atiumd6a.cap 17.02.2011 09:32 1.208.320 atiumd6v.dll 17.02.2011 09:32 143.360 atiapfxx.exe 17.02.2011 09:31 39.936 atiuxp64.dll 17.02.2011 09:31 708.608 aticfx64.dll 17.02.2011 09:31 3.222.016 atiumd6a.dll 17.02.2011 09:30 44.544 aticalcl64.dll 17.02.2011 09:30 53.760 atimpc64.dll 17.02.2011 09:30 53.760 amdpcom64.dll 17.02.2011 09:30 423.424 atipdl64.dll 17.02.2011 09:30 59.392 atiedu64.dll 17.02.2011 09:30 6.982.144 aticaldd64.dll 17.02.2011 09:30 39.936 atig6txx.dll 17.02.2011 09:30 145.280 atiapfxx.blb 17.02.2011 09:29 3.113 atipblag.dat 17.02.2011 09:29 4.847.616 atidxx64.dll 17.02.2011 09:29 462.848 ATIDEMGX.dll 17.02.2011 09:29 14.848 atig6pxx.dll 17.02.2011 09:29 38.400 atiu9p64.dll 17.02.2011 09:29 479.232 atieclxx.exe 17.02.2011 09:29 227.587 atiicdxx.dat 17.02.2011 09:29 58.880 coinst.dll 02.02.2011 17:11 270.720 MpSigStub.exe 29.01.2011 19:12 466.520 wrap_oal.dll 29.01.2011 19:12 122.968 OpenAL32.dll 07.01.2011 13:17 1.465.344 XpsPrint.dll 07.01.2011 13:17 475.648 XpsGdiConverter.dll 07.01.2011 13:16 8.995.328 mshtml.dll 07.01.2011 13:14 46.080 atmlib.dll 07.01.2011 10:51 1.638.912 mshtml.tlb 07.01.2011 10:20 366.592 atmfd.dll 05.01.2011 11:34 612.864 vbscript.dll 05.01.2011 11:32 919.040 jscript.dll 05.01.2011 07:56 3.129.344 win32k.sys 23.12.2010 11:42 1.118.720 sbe.dll 23.12.2010 11:42 961.024 CPFilters.dll 23.12.2010 11:42 723.968 EncDec.dll 23.12.2010 11:36 259.072 mpg2splt.ax 17.12.2010 12:42 214.016 winsrv.dll 17.12.2010 12:40 715.776 kerberos.dll " Ich hoffe ihr könnt mir weiterhelfen sodass das Problem bald behoben ist. MfG Verzweifelt_ Hier noch die Datei von OTL hxxp://www.file-upload.net/download-3308443/OTL2.Txt.html Was ich auch gerade bemerkt habe ist dass ich das Windows Sicherheitscenter nicht aktivieren kann. |
|
28.03.2011, 13:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner an Bort? Werde falsch verlinkt! Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
| Themen zu Trojaner an Bort? Werde falsch verlinkt! |
| adobe, adware, antivir, antivir guard, avg, avira, bho, bonjour, desktop, explorer, falsche seite, firefox, google, hijack, hijackthis, internet, internet explorer, laufwerk c, links, logfile, malware, mozilla, pando media booster, plug-in, plug-ins, problem, seiten, server, software, syswow64, tan, trojaner, usb, usb 3.0, windows |
