Hallo zusammen.
Ich hatte ein kleines Problem mit ein paar Viren und Malware.
Nachdem ich malwarebytes
Anti-Malware quickscan durchgeführt und die funde entfernt habe, ging nach dem neustart das internet nicht mehr.
laut IE diagnose :
"Überprüfen Sie die Firewalleinstellungen für den HTTP-Port (80), den HTTPS-Port (443) und den FTP-Port (21)."
was mir persönlich nichts sagt, denn mit sowas kenne ich mich leider nicht aus
Ich habe euch hier mal das Log-File von
Malwarebytes anti-malware
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6255
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03.04.2011 16:51:27
mbam-log-2011-04-03 (16-51-27).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181471
Laufzeit: 7 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 11
Infizierte Dateien: 23
Infizierte Speicherprozesse:
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> 1740 -> Unloaded process successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> 2304 -> Unloaded process successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery\spacequery167.exe (Adware.SpaceQuery) -> 1448 -> Unloaded process successfully.
c:\programme\spacequery\spacequery.exe (Adware.SpaceQuery) -> 1396 -> Unloaded process successfully.
Infizierte Speichermodule:
c:\programme\spacequery\spacequery.dll (Adware.Agent.Gen) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B2C7C9D-716D-4E9E-9358-B9C80A81B7ED} (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPACEQUERY_SERVICE (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWANGIE_SERVICE (PUP.Zwangi) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpaceQuery Service (Adware.SpaceQuery) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOKUME~1\UMUTGC~1\LOKALE~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://home.adbsearch.com/) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9} (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults\preferences (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c} (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences (PUP.Zwangi) -> Not selected for removal.
c:\programme\spacequery (Adware.SpaceQuery) -> Delete on reboot.
c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programme\spacequery\spacequery.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.
c:\dokumente und einstellungen\***\anwendungsdaten\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\anwendungsdaten\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2279412749-2558116402-30164335-1006\Dc78.exe (Adware.Mirar) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\39C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SPA12.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\spacequery\spacequery167.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\chrome\spacequery.jar (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{0a328249-98df-476c-9d25-3853c961dab9}\defaults\preferences\prefs.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome.manifest (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\install.rdf (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\chrome\zwangie.jar (PUP.Zwangi) -> Not selected for removal.
c:\programme\mozilla firefox\extensions\{fd47cf56-e0f7-42fb-91d5-03e50a5cbe8c}\defaults\preferences\prefs.js (PUP.Zwangi) -> Not selected for removal.
c:\programme\spacequery\spacequery.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\programme\spacequery\uninstall.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.
c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
|
Ich hoffe Ihr könnt mir weiterhelfen
Falls Ihr noch irgendwelche Informationen benötigt einfach melden
03.04.2011, 16:26
Baum-Darstellung