| |
| |||||||
Log-Analyse und Auswertung: Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.06.2012, 18:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKLM\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{523F32BA-7501-476E-AC0C-D22EEB29AD04}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{80D6DB76-1108-49F6-A896-FEA8CB78E157}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8153DA5E-4623-4182-84EC-97BE10D92242}&mid=b1c4cd4de19f631f6d81056869bace19-19797f26317ae0b17f4a1412906e404ec3d12118&lang=en&ds=AVG&pr=fr&d=2011-12-01 21:12:09&v=8.0.0.40&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{C1E0C7A6-A8E2-4FE0-9787-1C4A8155D7D4}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{DCA623BF-EA31-4439-9168-7930D9D25A8B}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2011/11/23 12:43:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/23 12:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2012/05/20 10:51:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/31 18:51:09 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2010/12/29 14:49:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\searchplugins\iMeshWebSearch.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/23 09:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
O33 - MountPoints2\{3120a840-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{3120a921-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{574962f6-3335-11dd-a499-001e68094fde}\Shell\AutoRun\command - "" = G:\Launch.exe
O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s
O33 - MountPoints2\{5f119fdb-5119-11dd-adfe-001e68094fde}\Shell\AutoRun\command - "" = InstallSeagateManager.exe
O33 - MountPoints2\{6770080c-a034-11de-8677-001e68094fde}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{6e939d26-004f-11df-b24c-001e68094fde}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{78252484-5e57-11dd-9fdc-001e68094fde}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{7bd6b079-aa97-11de-a7e3-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell - "" = AutoRun
O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
[2012/06/06 09:40:23 | 000,000,929 | ---- | C] () -- C:\Users\Owner\log.exe
:Files
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
| Themen zu Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet |
| bingbar, bytes, compu, computer, dateisystem, fehlermeldung, firewall, gefunde, heuristiks/extra, heuristiks/shuriken, hijack, laptops, launch, malware, malware bytes, malwarebytes, nochmals, panda, plug-in, probleme, pup.mywebsearch, restart, rojaner gefunden, safer networking, scan, super, tagen, troja, trojaner, trojaner gefunden, versuch, versucht, windows internet |
Baum-Darstellung