hi

seit einiger zeit kann ich meinem browser (sowohl ie 7 als auch firefox) einige seiten nicht mehr aufruffen (unter anderem w**.google.de, w**.schuelervz.net)
ich wäre also froh wenn sich jemand mein log file ancshauen kann und mir vllt weiterhelfen kann:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
Tue May 08 21:04:47 2007 => Deleting Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de672a1b-f234-11da-b14f-000c76e8a6f5}
Tue May 08 21:00:24 2007 => Virus Database Date: 5/8/2007
Tue May 08 21:00:57 2007 => Virus Database Date: 5/8/2007
Tue May 08 21:01:00 2007 => Virus Database Date: 5/8/2007
Wed May 09 00:23:49 2007 => Virus Database Date: 5/8/2007
Wed May 09 00:23:57 2007 => Virus Database Date: 5/8/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue May 08 21:03:47 2007 => System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: Entries Removed.
Tue May 08 21:03:47 2007 => System found infected with stylexp Spyware/Adware ({c333cf63-767f-4831-94ac-e683d962c63c})! Action taken: Entries Removed.
Tue May 08 21:03:48 2007 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: Entries Removed.
Tue May 08 21:03:53 2007 => System found infected with smitfraud Browser Hijacker (ioctrl.dll)! Action taken: Entries Removed.
Tue May 08 21:04:14 2007 => System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed.
Tue May 08 21:04:17 2007 => System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed.
Tue May 08 21:04:26 2007 => System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed.
Tue May 08 21:04:34 2007 => System found infected with coulomb dialer Spyware/Adware (loader.exe)! Action taken: Entries Removed.
Tue May 08 21:04:45 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Entries Removed.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Tue May 08 21:54:52 2007 => File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd01/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
Tue May 08 21:55:02 2007 => File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd02/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
Tue May 08 22:54:38 2007 => File C:\Programme\DAEMON Tools\SetupDTSB.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken.
Tue May 08 22:54:38 2007 => File C:\Programme\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe tagged as "not-a-virus:AdTool.Win32.WhenU.j". No Action Taken.
Tue May 08 22:55:27 2007 => File C:\Programme\ESET\infected\VQMSB2DA.NQF//PE-Crypt.XorPE//UPX tagged as "not-a-virus:AdWare.Win32.180Solutions.as". Action Taken: File Deleted.
Tue May 08 22:55:31 2007 => File C:\Programme\ESET\infected\VYJL1GAA.NQF//PE-Crypt.XorPE//WiseSFX Dropper//WISE0023.BIN//data0001.cab/VVSN.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken.
Wed May 09 00:08:43 2007 => File C:\Programme\Uninstall My Web Search.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". No Action Taken.
Wed May 09 00:16:51 2007 => File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042491.exe//data.rar/Vista Transformation Pack Installer\Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
Wed May 09 00:17:24 2007 => File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042671.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
Wed May 09 00:17:53 2007 => File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042673.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Tue May 08 21:03:53 2007 => Offending file found: C:\WINDOWS\system32\ioctrl.dll
Tue May 08 21:04:14 2007 => Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\desktop\logo.avi
Tue May 08 21:04:17 2007 => Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\logo.avi
Tue May 08 21:04:26 2007 => Offending file found: H:\INSTAL~1\counter-strike\csbeta71\cstrikeb71\media\logo.avi
Tue May 08 21:04:34 2007 => Offending file found: H:\q3\quake3\loader.exe
Tue May 08 21:04:45 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Tue May 08 21:03:53 2007 => Offending Folder found: C:\Programme\funwebproducts
Tue May 08 21:03:53 2007 => Offending Folder found: C:\Programme\mywebsearch
Tue May 08 21:03:53 2007 => Offending Folder found: C:\Programme\powerstrip
Tue May 08 21:03:57 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\funwebproducts
Tue May 08 21:03:57 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\icq\bart\1024
Tue May 08 21:04:14 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\cbdae_lesson 01\cool stuff
Tue May 08 21:04:14 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\__macosx\cbdae_lesson 01\cool stuff
Tue May 08 21:04:30 2007 => Offending Folder found: H:\media\things\anderes ka\page ka\klassenpage\1024
Tue May 08 21:04:34 2007 => Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Startmenü\programme\powerstrip
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\savenow !!!
Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!!
Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\focusinteractive !!!
Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\fun web products !!!
Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\magnet !!!
Tue May 08 21:03:48 2007 => Offending Key found: HKLM\Software\mywebsearch !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKLM\Software\zango !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\fun web products !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\funwebproducts !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\mywebsearch !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\Software\zango !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\powerstrip !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!!
Tue May 08 21:03:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\zango !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKCU\\clientax.requiredcomponent !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKCU\\clientax.requiredcomponent.1 !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKCU\\magnet !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\scanregistry !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusave !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearch !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearchwhse !!!
Tue May 08 21:03:50 2007 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\zango !!!
Tue May 08 21:04:47 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de672a1b-f234-11da-b14f-000c76e8a6f5} !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


danke schonmal im vorraus

gruß osifaind

Versuch's mal bitte mit der aktuellen Version der find.bat (http://files.trojaner-board.de/find.bat) und poste dann aber auch das vollständige Log (samt Optionen und Statistiken).

sry das war alles was bei der anderen find.bat rauskam aber hier das mit der neuen

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.05.07.01

Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NORMAL

eScan Version: 9.2.2
Sprache: English
Virus Database Date: 5/8/2007

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
System found infected with funwebproducts Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: Entries Removed.
System found infected with stylexp Spyware/Adware ({c333cf63-767f-4831-94ac-e683d962c63c})! Action taken: Entries Removed.
System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: Entries Removed.
System found infected with smitfraud Browser Hijacker (ioctrl.dll)! Action taken: Entries Removed.
System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed.
System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed.
System found infected with paq keylog 5.0 Commercial KeyLogger (logo.avi)! Action taken: Entries Removed.
System found infected with coulomb dialer Spyware/Adware (loader.exe)! Action taken: Entries Removed.
System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "stylexp Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "savenow Adware" found in File System! Action Taken: Entries Removed.
Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "kraze.b Virus" found in File System! Action Taken: Entries Removed.
Object "savenow Adware" found in File System! Action Taken: Entries Removed.
Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "whenu/search Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zango Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed.
Object "paq keylog 5.0 Commercial KeyLogger" found in File System! Action Taken: Entries Removed.
Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "paq keylog 5.0 Commercial KeyLogger" found in File System! Action Taken: Entries Removed.
Object "paq keylog 5.0 Commercial KeyLogger" found in File System! Action Taken: Entries Removed.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: Entries Removed.
Object "coulomb dialer Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "savenow Adware" found in File System! Action Taken: Entries Removed.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd01/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
File C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\temvrfs9.default\Cache\EF8B9E2Dd02/Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
File C:\Programme\DAEMON Tools\SetupDTSB.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken.
File C:\Programme\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe tagged as "not-a-virus:AdTool.Win32.WhenU.j". No Action Taken.
File C:\Programme\ESET\infected\VQMSB2DA.NQF//PE-Crypt.XorPE//UPX tagged as "not-a-virus:AdWare.Win32.180Solutions.as". Action Taken: File Deleted.
File C:\Programme\ESET\infected\VYJL1GAA.NQF//PE-Crypt.XorPE//WiseSFX Dropper//WISE0023.BIN//data0001.cab/VVSN.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". No Action Taken.
File C:\Programme\Uninstall My Web Search.dll tagged as "not-a-virus:AdTool.Win32.MyWebSearch.ba". No Action Taken.
File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042491.exe//data.rar/Vista Transformation Pack Installer\Vista Transformation Pack 3.0.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042671.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
File C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042673.exe//WISE0019.BIN//WISE0005.BIN tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: File Deleted.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: C:\WINDOWS\system32\ioctrl.dll
Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\desktop\logo.avi
Offending file found: C:\DOKUME~1\FAINDS~1.OSI\Desktop\logo.avi
Offending file found: H:\INSTAL~1\counter-strike\csbeta71\cstrikeb71\media\logo.avi
Offending file found: H:\q3\quake3\loader.exe
Offending file found: C:\WINDOWS\system32\unrar.dll
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Offending Folder found: C:\Programme\funwebproducts
Offending Folder found: C:\Programme\mywebsearch
Offending Folder found: C:\Programme\powerstrip
Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\funwebproducts
Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Anwendungsdaten\icq\bart\1024
Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\cbdae_lesson 01\cool stuff
Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Desktop\desktop\tuts\cbdae_lesson_01\__macosx\cbdae_lesson 01\cool stuff
Offending Folder found: H:\media\things\anderes ka\page ka\klassenpage\1024
Offending Folder found: C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Startmenü\programme\powerstrip
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\savenow !!!
Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!!
Offending Key found: HKLM\Software\focusinteractive !!!
Offending Key found: HKLM\Software\fun web products !!!
Offending Key found: HKLM\Software\magnet !!!
Offending Key found: HKLM\Software\mywebsearch !!!
Offending Key found: HKLM\Software\zango !!!
Offending Key found: HKCU\Software\fun web products !!!
Offending Key found: HKCU\Software\funwebproducts !!!
Offending Key found: HKCU\Software\mywebsearch !!!
Offending Key found: HKCU\Software\zango !!!
Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\powerstrip !!!
Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!!
Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!!
Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\zango !!!
Offending Key found: HKCU\\clientax.requiredcomponent !!!
Offending Key found: HKCU\\clientax.requiredcomponent.1 !!!
Offending Key found: HKCU\\magnet !!!
Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\scanregistry !!!
Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusave !!!
Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearch !!!
Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\whenusearchwhse !!!
Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\zango !!!
Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de672a1b-f234-11da-b14f-000c76e8a6f5} !!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
Invalid Entry DllName = appmgmts.dll (in key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}...
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
C:\Dokumente und Einstellungen\BabyGenial14\Lokale Einstellungen\Temp\SIntf16.dll not Scanned. Possibly password protected...
C:\Dokumente und Einstellungen\FAINDs`OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Microsoft\MBSA\2.0\Cache\mbs35.tmp not Scanned. Possibly password protected...
C:\Dokumente und Einstellungen\FAINDs`OSIFAIND.OSIFAIND\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\3d1qcwgh.default\Cache\0AF778BEd01 not Scanned. Possibly password protected...
C:\Programme\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe not Scanned. Possibly password protected...
C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042486.exe not Scanned. Possibly password protected...
C:\System Volume Information\_restore{9E170575-77BE-4473-B7BC-3F7AD0A59AA5}\RP110\A0042675.dll not Scanned. Possibly password protected...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
C:\WINDOWS\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Total Critical Objects: 0
Total Critical Objects: 53
Total Disinfected Objects: 0
Total Disinfected Objects: 0
Total Objects Renamed: 0
Total Objects Renamed: 0
Total Deleted Objects: 0
Total Deleted Objects: 598
Total Errors: 0
Total Errors: 563
Time Elapsed: 00:00:25
Time Elapsed: 03:21:46
Total Objects Scanned: 394
Total Objects Scanned: 151472
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Memory Check: Enabled
Memory Check: Enabled
Registry Check: Enabled
Registry Check: Enabled
System Folder Check: Enabled
System Folder Check: Disabled
System Area Check: Disabled
System Area Check: Disabled
Services Check: Enabled
Services Check: Enabled
Drive Check: Disabled
All Drive Check :Enabled
Drive Check: Disabled
All Drive Check :Enabled
All Drive Check :Enabled
All Drive Check :Enabled

Batchstart: 14:59:18,53
Batchende: 14:59:25,78

Besteht das Problem, welches Du eingangs beschrieben hast noch?

Poste bitte ein HJT-Log (Anleitung siehe FAQ-Sektion).

ja das problem besteht noch...

hier das hjt log file:

Logfile of HijackThis v1.99.1
Scan saved at 16:14:58, on 12.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Styler\Styler.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programme\panda software\panda internet security 2007\WebProxy.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
F:\Steam\steam.exe
G:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame

Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Styler.lnk = C:\Programme\Styler\Styler.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - h**p://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Adobe\Adobe Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft

Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft

Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet

Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda

Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet

Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet

Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programme\panda software\panda internet security

2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Internet Security

2007\PsImSvc.exe
O23 - Service: Sygate Personal Firewall Platinum (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe

es würde mich freuen wenn mir jemand helfen könnte...

das Problem ist immer noch da aber gestern konnte ich für kurze zeit die seiten wieder aufrufen...