Krisiy

Hallo ihr Computergenies

Ich hab da ein Problem, hoffe ihr könnt mir da helfen. Seit einer zeit kommen vom Internet Explorer immer Kästchen inden immer etwas steht des ich mit da irgendetwas gegen Viren und kostenlose Pc überprüfung usw runterladen soll. ich kann da zwischen [ok] und [Abbrechen] wählen. Egal was ich drücke, kommt da ein neues kästchen wo die ganze werbung drinne ist.Ich brauche sowas ja nich, ich habe ein antivirusprogramm. Mein Pc ist auch so schon langsam und durch diesen mist wirds noch langsamer.


Es kommen zum Beispiel solche sachen : Beachten Sie: Wenn ihr Pc von Viren befallen ist, kann es Datenverluste, Störungen bei der Arbeit, Verlangsamungen und Abbrüche zur Folge haben. Alle Viren werden noch vor der Installation auf Ihrem Pc entdeckt unt entfernt, was die Möglichkeit gibt, viele Probleme zu verhindern.

Möchten Sie NeuerSchild installieren, um Ihren PC nach schädlichen Programmen zu scannen? (empfohlen)
[ok] [Abbrechen]

Abercrombie

Fertige mal ein Logfile mit HijackThis an und poste es hier rein.

Krisiy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:36, on 28.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\TopThemes\ThemeTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Rainlendar2\Rainlendar2.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.oleco.de/einwahl.htm
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.d ll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Programme\Common Files\Paltalk\PaltalkWebLogin.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.d ll (file missing)
O4 - HKLM\..\Run: [ThemeTray] "C:\Programme\TopThemes\ThemeTray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Salestart] "C:\Programme\Gemeinsame Dateien\55\strpmon.exe" dm=http://www.topnews.ru ad=http://www.topnews.ru sd=http://painst.www.topnews.ru
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ToADiMon.exe] REM C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Internet] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [pwindicator] C:\Programme\ParaWin XP\pwic.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp instant support.lnk = C:\Programme\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm484YYDE
O8 - Extra context menu item: &5@525AB8 - C:\Programme\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
O9 - Extra button: (no name) - DctMapping - (no file)
O9 - Extra button: NIE?AO Eioa?iao 3.0 - {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - C:\Programme\Arsenal Company\SOCRAT Internet\SocratInternet.dll
O9 - Extra button: Iano?ieee NIE?AO Eioa?iao 3.0 - {71F65890-5ED6-11d4-9665-00E02962D81A} - C:\Programme\Arsenal Company\SOCRAT Internet\SocratInternetT.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Ia?aaanoe no?aieoo - {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - C:\Programme\Arsenal Company\SOCRAT Internet\SocratInternet.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted Zone: http://*.zaycev.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D612A7D4-7D12-4524-A7BC-C2711175743A}: NameServer = 217.237.150.51 217.237.148.22
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.silvi.de/wallpapers/sites...rafics/070.jpg
O24 - Desktop Component 2: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 10591 bytes

Abercrombie

Folgende Einträge Fixen:
-O4 - HKLM\..\Run: [Salestart] "C:\Programme\Gemeinsame Dateien\55\strpmon.exe" dm=http://www.topnews.ru ad=http://www.topnews.ru sd=http://painst.www.topnews.ru
-O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
-O8 - Extra context menu item: &Search - ?p=ZCxdm484YYDE
-O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll

Krisiy

ich habe es gemacht. gehen jetzt diese nervigen werbungen weg?

Abercrombie

Mach einen Neustart und schau

Krisiy

nein hat nicht geklappt

ich habe da noch sowas das immer so große kästchen über den ganzen bildschirm kommen, z.b. von flit-fever.de wie mach ich solche werbungen weg? aber nicht so das es auch andere seiten sperrt wo ich z.b. auf spiele klicke und es dann blockiert. nur die werbung. weist du wie man das weg macht? ich habs schon über popupblocker und so gemacht, aber es blockiert dann auch andere seiten.

Humdinger

CounterSpy
anwenden.
Laden, installieren, Update, NICHT SCANNEN

Boote nun in den abgesicherten Modus (bei Neustart F8 drücken)


Starte CounterSpy, voller Scan, alle Funde löschen, dazu wähle immer REMOVE

Neustart Normalstart

Poste nun den Report von CounterSpy

Hinweis:
Scanreport finden:
klicke : View details

diesen Report kann man abkopieren: [mit der linken Maus-Taste über den Text fahren -> rechte Maustaste -> kopieren -> hier im Thread -> rechte Maustaste -> einfügen]

Krisiy

Scan History Details
Start Date: 29.03.2008 22:38:11
End Date: 29.03.2008 23:45:25
Total Time: 67 Min 14 Sec
Detected security risks

AdBreak Browser Plug-in more information...
Details: AdBreak opens pop-up advertising. It also hijacks your home page.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\OPENDATA\MindSearch


Hotbar Toolbar more information...
Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, which is a "skinable" browser toolbar for Internet Explorer.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1989369280-366638064-2276033755-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\SHELLBROWSER


IEPlugin Adware (General) more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\REMOVE


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Files detected
C:\Programme\filesubmit\Blue_Waterfall.exe\NNWDAC6 38.EXE


Paltalk Low Risk Adware more information...
Details: Paltalk is an advertising-supported instant messaging client.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart\palstart.exe
C:\PROGRAMME\PALTALK MESSENGER\ReceivedFiles\brq.txt
C:\PROGRAMME\PALTALK MESSENGER
C:\PROGRAMME\PALTALK MESSENGER\RECEIVEDFILES

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\.PALTALK
HKEY_LOCAL_MACHINE\Software\Classes\.PALTALK
HKEY_LOCAL_MACHINE\Software\Classes\.PALTALK
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE\De faultIcon
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE\De faultIcon
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE\Sh ell
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE\Sh ell\Open
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE\Sh ell\Open\Command
HKEY_LOCAL_MACHINE\Software\Classes\PALTALKFILE\Sh ell\Open\Command
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3056A D2C-1727-4968-A415-DDE7FDCD14C4}\1.2\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\APP MANAGEMENT\ARPCACHE\PALTALK6_ALPHA_6.73.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\APP MANAGEMENT\ARPCACHE\PALTALK6_ALPHA_6.73.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\APP MANAGEMENT\ARPCACHE\PALTALK6_ALPHA_6.73.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\UNINSTALL\PALTALK6_ALPHA_6.73.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\UNINSTALL\PALTALK6_ALPHA_6.73.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\UNINSTALL\PALTALK6_ALPHA_6.73.1.1


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976 E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976 E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB824 8-617F-460D-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB824 8-617F-460D-9366-D71CDEDA3179}


My Search Bar Potentially Unwanted Program more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.A PPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.A PPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.A PPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.A PPLICATION.1\CLSID


Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Deleted

Files detected

HIER KOMMEN DANN DIE GANZEN MSN SACHEN DIE ICH HIER NICHT PREISGEBEN MÖCHTE

Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\sascha\cookies\sascha@2o7[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@a[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@adriver[2].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@atdmt[2].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@bannerbank[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@bs.serving-sys[2].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@com[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@list[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@overture[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@serving-sys[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@servlet[1].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@weborama[2].txt
c:\dokumente und einstellungen\sascha\cookies\sascha@yandex[1].txt


Trojan-Dropper.BHO.IC Trojan more information...
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{92860A0 2-4D69-48C1-82D7-EF6B2C609502}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1DE446 A-8770-4621-9378-F1922C74A36C}\VersionIndependentProgID


Trojan.Crypt.CFI.Gen Trojan more information...
Status: Deleted

Files detected
C:\Programme\Gemeinsame Dateien\55\strpmon.exe


Trojan-Dropper.BHO.KJ.2 Trojan Downloader more information...
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6D7B211 A-88EA-490C-BAB9-3600D8D7C503}\VersionIndependentProgID

Humdinger

scanne + lasse alles entfernen, was angezeigt wird, + poste hier den Scanreport
http://www.virus-protect.org/artikel...warebytes.html

dann poste einen neuen HijackThis log