|
Problem beim Aufrufen einiger Internetseiten hi seit einiger zeit kann ich meinem browser (sowohl ie 7 als auch firefox) einige seiten nicht mehr aufruffen (unter anderem w**.google.de, w**.schuelervz.net) ich wäre also froh wenn sich jemand mein log file ancshauen kann und mir vllt weiterhelfen kann: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Microsoft Windows XP [Version 5.1.2600] Tue May 08 21:04:47 2007 => Deleting Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de672a1b-f234-11da-b14f-000c76e8a6f5} Tue May 08 21:00:24 2007 => Virus Database Date: 5/8/2007 Tue May 08 21:00:57 2007 => Virus Database Date: 5/8/2007 Tue May 08 21:01:00 2007 => Virus Database Date: 5/8/2007 Wed May 09 00:23:49 2007 => Virus Database Date: 5/8/2007 Wed May 09 00:23:57 2007 => Virus Database Date: 5/8/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue May 08 21:03:47 2007 => System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: Entries Removed. Tue May 08 21:03:47 2007 => System found infected with stylexp Spyware/Adware ({c333cf63-767f-4831-94ac-e683d962c63c})! Action taken: Entries Removed. Tue May 08 21:03:48 2007 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: Entries Removed. Tue May 08 21:03:53 2007 => System found infected with smitfraud Browser Hijacker (ioctrl.dll)! Action taken: Entries Removed. Tue May 08 21:04:14 2007 => System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed. Tue May 08 21:04:17 2007 => System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed. Tue May 08 21:04:26 2007 => System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed. Tue May 08 21:04:34 2007 => System found infected with coulomb dialer Spyware/Adware (loader.exe)! Action taken: Entries Removed. Tue May 08 21:04:45 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Entries Removed. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ Tue May 08 21:54:52 2007 => File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd01/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. Tue May 08 21:55:02 2007 => File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd02/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. Tue May 08 22:54:38 2007 => File C:\Programme\DAEMON Tools\SetupDTSB.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken. Tue May 08 22:54:38 2007 => File C:\Programme\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe tagged as "not-a-virus:AdTool.Win32.WhenU.j". No Action Taken. Tue May 08 22:55:27 2007 => File C:\Programme\ESET\infected\VQMSB2DA.NQF//PE-Crypt.XorPE//UPX tagged as "not-a-virus:AdWare.Win32.180Solutions.as". Action Taken: File Deleted. Tue May 08 22:55:31 2007 => File C:\Programme\ESET\infected\VYJL1GAA.NQF//PE-Crypt.XorPE//WiseSFX Dropper//WISE0023.BIN//data0001.cab/VVSN.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken. Wed May 09 00:08:43 2007 => File C:\Programme\Uninstall My Web Search.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". No Action Taken. Wed May 09 00:16:51 2007 => File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042491.exe//data.rar/Vista Transformation Pack Installer\Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. Wed May 09 00:17:24 2007 => File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042671.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. Wed May 09 00:17:53 2007 => File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042673.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Tue May 08 21:03:53 2007 => Offending file found: C:\WINDOWS\system32\ioctrl.dll Tue May 08 21:04:14 2007 => Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\desktop\logo.avi Tue May 08 21:04:17 2007 => Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\logo.avi Tue May 08 21:04:26 2007 => Offending file found: H:\INSTAL~1\counter-strike\csbeta71\cstrikeb71\media\logo.avi Tue May 08 21:04:34 2007 => Offending file found: H:\q3\quake3\loader.exe Tue May 08 21:04:45 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Tue May 08 21:03:53 2007 => Offending Folder found: C:\Programme\funwebproducts Tue May 08 21:03:53 2007 => Offending Folder found: C:\Programme\mywebsearch Tue May 08 21:03:53 2007 => Offending Folder found: C:\Programme\powerstrip Tue May 08 21:03:57 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\funwebproducts Tue May 08 21:03:57 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\icq\bart\1024 Tue May 08 21:04:14 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\cbdae_lesson 01\cool stuff Tue May 08 21:04:14 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\__macosx\cbdae_lesson 01\cool stuff Tue May 08 21:04:30 2007 => Offending Folder found: H:\media\things\anderes ka\page ka\klassenpage\1024 Tue May 08 21:04:34 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Startmenü\programme\powerstrip ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\savenow !!! Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!! Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\focusinteractive !!! Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\fun web products !!! Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\magnet !!! Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\mywebsearch !!! Tue May 08 21:03:49 2007 => Offending Key found: HKLM\Software\zango !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\fun web products !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\funwebproducts !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\mywebsearch !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\zango !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\powerstrip !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!! Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\zango !!! Tue May 08 21:03:50 2007 => Offending Key found: HKCU\\clientax.requiredcomponent !!! Tue May 08 21:03:50 2007 => Offending Key found: HKCU\\clientax.requiredcomponent.1 !!! Tue May 08 21:03:50 2007 => Offending Key found: HKCU\\magnet !!! Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\scanregistry !!! Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusave !!! Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearch !!! Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearchwhse !!! Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\zango !!! Tue May 08 21:04:47 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de672a1b-f234-11da-b14f-000c76e8a6f5} !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ danke schonmal im vorraus gruß osifaind |
Versuch's mal bitte mit der aktuellen Version der find.bat (http://files.trojaner-board.de/find.bat) und poste dann aber auch das vollständige Log (samt Optionen und Statistiken). |
sry das war alles was bei der anderen find.bat rauskam aber hier das mit der neuen :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.05.07.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NORMAL eScan Version: 9.2.2 Sprache: English Virus Database Date: 5/8/2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: Entries Removed. System found infected with stylexp Spyware/Adware ({c333cf63-767f-4831-94ac-e683d962c63c})! Action taken: Entries Removed. System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: Entries Removed. System found infected with smitfraud Browser Hijacker (ioctrl.dll)! Action taken: Entries Removed. System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed. System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed. System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed. System found infected with coulomb dialer Spyware/Adware (loader.exe)! Action taken: Entries Removed. System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "stylexp Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "savenow Adware" found in File System! Action Taken: Entries Removed. Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "mwsoemon Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "mwsoemon Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "kraze.b Virus" found in File System! Action Taken: Entries Removed. Object "savenow Adware" found in File System! Action Taken: Entries Removed. Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "mwsoemon Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Object "paq keylog 5.0 Commercial KeyLogger" found in File System! Action Taken: Entries Removed. Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "paq keylog 5.0 Commercial KeyLogger" found in File System! Action Taken: Entries Removed. Object "paq keylog 5.0 Commercial KeyLogger" found in File System! Action Taken: Entries Removed. Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed. Object "coulomb dialer Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed. Object "savenow Adware" found in File System! Action Taken: Entries Removed. Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd01/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd02/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. File C:\Programme\DAEMON Tools\SetupDTSB.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken. File C:\Programme\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe tagged as "not-a-virus:AdTool.Win32.WhenU.j". No Action Taken. File C:\Programme\ESET\infected\VQMSB2DA.NQF//PE-Crypt.XorPE//UPX tagged as "not-a-virus:AdWare.Win32.180Solutions.as". Action Taken: File Deleted. File C:\Programme\ESET\infected\VYJL1GAA.NQF//PE-Crypt.XorPE//WiseSFX Dropper//WISE0023.BIN//data0001.cab/VVSN.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken. File C:\Programme\Uninstall My Web Search.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". No Action Taken. File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042491.exe//data.rar/Vista Transformation Pack Installer\Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042671.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042673.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Offending file found: C:\WINDOWS\system32\ioctrl.dll Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\desktop\logo.avi Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\logo.avi Offending file found: H:\INSTAL~1\counter-strike\csbeta71\cstrikeb71\media\logo.avi Offending file found: H:\q3\quake3\loader.exe Offending file found: C:\WINDOWS\system32\unrar.dll ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ Offending Folder found: C:\Programme\funwebproducts Offending Folder found: C:\Programme\mywebsearch Offending Folder found: C:\Programme\powerstrip Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\funwebproducts Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\icq\bart\1024 Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\cbdae_lesson 01\cool stuff Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\__macosx\cbdae_lesson 01\cool stuff Offending Folder found: H:\media\things\anderes ka\page ka\klassenpage\1024 Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Startmenü\programme\powerstrip ~~~~~~~~~~~ Registry ~~~~~~~~~~~ Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\savenow !!! Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!! Offending Key found: HKLM\Software\focusinteractive !!! Offending Key found: HKLM\Software\fun web products !!! Offending Key found: HKLM\Software\magnet !!! Offending Key found: HKLM\Software\mywebsearch !!! Offending Key found: HKLM\Software\zango !!! Offending Key found: HKCU\Software\fun web products !!! Offending Key found: HKCU\Software\funwebproducts !!! Offending Key found: HKCU\Software\mywebsearch !!! Offending Key found: HKCU\Software\zango !!! Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\powerstrip !!! Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!! Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!! Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\zango !!! Offending Key found: HKCU\\clientax.requiredcomponent !!! Offending Key found: HKCU\\clientax.requiredcomponent.1 !!! Offending Key found: HKCU\\magnet !!! Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\scanregistry !!! Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusave !!! Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearch !!! Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearchwhse !!! Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\zango !!! Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de672a1b-f234-11da-b14f-000c76e8a6f5} !!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ Invalid Entry DllName = appmgmts.dll (in key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}... ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ C:\Dokumente und Einstellungen\BabyGenial14\Lokale Einstellungen\Temp\SIntf16.dll not Scanned. Possibly password protected... C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Microsoft\MBSA\2.0\Cache\mbs35.tmp not Scanned. Possibly password protected... C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\3d1qcwgh.default\Cache\0AF778BEd01 not Scanned. Possibly password protected... C:\Programme\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe not Scanned. Possibly password protected... C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042486.exe not Scanned. Possibly password protected... C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042675.dll not Scanned. Possibly password protected... ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc C:\WINDOWS\System32\drivers\etc\hosts : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total Critical Objects: 0 Total Critical Objects: 53 Total Disinfected Objects: 0 Total Disinfected Objects: 0 Total Objects Renamed: 0 Total Objects Renamed: 0 Total Deleted Objects: 0 Total Deleted Objects: 598 Total Errors: 0 Total Errors: 563 Time Elapsed: 00:00:25 Time Elapsed: 03:21:46 Total Objects Scanned: 394 Total Objects Scanned: 151472 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Memory Check: Enabled Memory Check: Enabled Registry Check: Enabled Registry Check: Enabled System Folder Check: Enabled System Folder Check: Disabled System Area Check: Disabled System Area Check: Disabled Services Check: Enabled Services Check: Enabled Drive Check: Disabled All Drive Check :Enabled Drive Check: Disabled All Drive Check :Enabled All Drive Check :Enabled All Drive Check :Enabled Batchstart: 14:59:18,53 Batchende: 14:59:25,78 |
Besteht das Problem, welches Du eingangs beschrieben hast noch? Poste bitte ein HJT-Log (Anleitung siehe FAQ-Sektion). |
ja das problem besteht noch... hier das hjt log file: Logfile of HijackThis v1.99.1 Scan saved at 16:14:58, on 12.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Sygate\SPF\smc.exe c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Styler\Styler.exe C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\programme\panda software\panda internet security 2007\WebProxy.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe F:\Steam\steam.exe G:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Styler\TB\StylerTB.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Styler.lnk = C:\Programme\Styler\Styler.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Search - h**p://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\Skype4COM.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: Sygate Personal Firewall Platinum (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe |
es würde mich freuen wenn mir jemand helfen könnte... |
das Problem ist immer noch da aber gestern konnte ich für kurze zeit die seiten wieder aufrufen... |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:22 Uhr. |
Copyright ©2000-2025, Trojaner-Board