hab ich ein virus? mein pc ist langsamer geworden

Diskutiere hab ich ein virus? mein pc ist langsamer geworden im Viren, Würmer, Spyware Forum im Bereich Computerprobleme; hatte schon ein thema im anderen teil des forums gepostet (Pc wird immer langsamer. Unnötige Anwendungen?) brauche ein bisschen hilfe, weil mein...

  1. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    hatte schon ein thema im anderen teil des forums gepostet (Pc wird immer langsamer. Unnötige Anwendungen?)
    brauche ein bisschen hilfe, weil mein computer langsamer geworden ist, was eigendlich nicht sein sollte

    hier meine pc-daten:


    AMD Athlon(tm) XP 1900 + 1600 MHz
    L2 Cache 265 KB
    1024 MB Arbeitsspeicher
    MSI MS-6380

    NVIDIA GeForce 6600 GT





    hier HjT:


    Logfile of HijackThis v1.99.1
    Scan saved at 20:06, on 08-05-29
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Logitech\Video\LogiTray.exe
    C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\steam.exe
    C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
    C:\PROGRA~1\ICQ6\ICQ.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\PowerArchiver\POWERARC.EXE
    C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\_PA777\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Steam] "d:\steam.exe" -silent
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
    O4 - Startup: Sygate Personal Firewall.lnk = C:\Programme\Sygate\SPF\Smc.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: GMX Firefox Update (AdminSVCff) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe


    freue mich auf antworten

    gruß milky
     
  2. Anzeige

    schau mal hier: Windows-Wartungs-Tool. Viele Probleme lassen sich damit einfach beheben. Oftmals ist der PC dann auch schneller!
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren.
  3. #2 Leonixx, 31.05.2008
    Leonixx

    Leonixx
    Moderator

    Dabei seit:
    17.10.2007
    Beiträge:
    18.904
    Zustimmungen:
    0
    Ort:
    NIX DO
    Aloha,

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL

    Diese beiden Einträge sind ein sogenannter Browser Helper, damit kann man aber auch den IE fernsteuern. Bitte im abgesicherten Modus fixen. Danach Ccleaner anwenden und neues Logfile erstellen und hier posten.

    Gruss Leonixx
     
  4. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    hab ich gemacht ;) danke für die hilfe

    hier das logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:25, on 08-05-31
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Logitech\Video\LogiTray.exe
    C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\steam.exe
    C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
    C:\PROGRA~1\ICQ6\ICQ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Steam] "d:\steam.exe" -silent
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Sygate Personal Firewall.lnk = C:\Programme\Sygate\SPF\Smc.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O23 - Service: GMX Firefox Update (AdminSVCff) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 4927 bytes
     
  5. #4 Humdinger, 31.05.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
  6. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    Malwarebytes:

    Malwarebytes' Anti-Malware 1.14
    Datenbank Version: 810

    22:18:12 08-05-31
    mbam-log-5-31-2008 (22-18-12).txt

    Scan Art: Komplett Scan (C:\|D:\|)
    Objekte gescannt: 120218
    Scan Dauer: 1 hour(s), 25 minute(s), 54 second(s)

    Infizierte Speicher Prozesse: 0
    Infizierte Speicher Module: 0
    Infizierte Registrierungsschlüssel: 91
    Infizierte Registrierungswerte: 4
    Infizierte Datei Objekte der Registrierung: 0
    Infizierte Verzeichnisse: 8
    Infizierte Dateien: 14

    Infizierte Speicher Prozesse:
    (Keine Malware Objekte gefunden)

    Infizierte Speicher Module:
    (Keine Malware Objekte gefunden)

    Infizierte Registrierungsschlüssel:
    HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0985c112-2562-46f2-8da6-92648ba4630f} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{339d8aff-0b42-4260-ad82-78ce605a9543} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sidefind.finder (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sidefind.finder.1 (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d0288a41-9855-4a9b-8316-babe243648da} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cea206e8-8057-4a04-ace9-ff0d69a92297} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\IST (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Sidefind (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sidefind (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browserhelperobject.bahelper (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Infizierte Registrierungswerte:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Infizierte Datei Objekte der Registrierung:
    (Keine Malware Objekte gefunden)

    Infizierte Verzeichnisse:
    C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\YourSiteBar (Trojan.Istbar) -> Quarantined and deleted successfully.
    C:\Programme\SideFind (Adware.ISTBar) -> Quarantined and deleted successfully.
    C:\Programme\SideFind\update (Adware.ISTBar) -> Quarantined and deleted successfully.

    Infizierte Dateien:
    C:\Programme\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\ScreenSaver\Images\0001DA5A.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\000BA410.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\YourSiteBar\imagemap_normal.bmp (Trojan.Istbar) -> Quarantined and deleted successfully.
    C:\Programme\YourSiteBar\version.txt (Trojan.Istbar) -> Quarantined and deleted successfully.
    C:\Programme\YourSiteBar\yoursitebar.xml (Trojan.Istbar) -> Quarantined and deleted successfully.
    C:\Programme\SideFind\sfexd001 (Adware.ISTBar) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rafiyeys_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.




    und hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:34, on 08-06-01
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Logitech\Video\LogiTray.exe
    C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\steam.exe
    C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Steam] "d:\steam.exe" -silent
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Sygate Personal Firewall.lnk = C:\Programme\Sygate\SPF\Smc.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O23 - Service: GMX Firefox Update (AdminSVCff) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

    --
    End of file - 4719 bytes



    danke nochma ;)
     
  7. #6 Humdinger, 01.06.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
    öffne das HijackThis -- Button "scan" -- vor diese Einträge ein Häkchen setzen -- Button "Fix checked" anklicken – PC nun neustarten

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)



    SDFix anwenden
    http://www.virus-protect.org/artikel/tools/sdfix.html
    Zuerst mit Sophos
    RunThis.bat doppelt klicken
    reinschreiben:
    3 : wird Sophos geladen - wähle 6 - scanne und poste den scanreport

    beenden dann

    RunThis.bat erneut doppelt klicken
    wähle 1 a-squared und 3
    poste den Report

    die Reporte liegen unter C:\SDFix
     
  8. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    so nach 4 h dauerscannen is es endlich vollbracht.
    hier die ergebnisse:
    hab ausversehen zuerst nen andren scann gemacht, falls interessant, hab ich ihn auch hochgeladen ;)

    danke für die viele hilfe hier
     

    Anhänge:

  9. #8 Humdinger, 02.06.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
    CounterSpy
    anwenden.
    Laden, installieren, Update, NICHT SCANNEN

    Boote nun in den abgesicherten Modus (bei Neustart F8 drücken)


    Starte CounterSpy, voller Scan, alle Funde löschen, dazu wähle immer REMOVE

    Neustart Normalstart

    Poste nun den Report von CounterSpy

    Hinweis:
    Scanreport finden:
    klicke : View details

    diesen Report kann man abkopieren: [mit der linken Maus-Taste über den Text fahren -> rechte Maustaste -> kopieren -> hier im Thread -> rechte Maustaste -> einfügen]


    Berichte ob noch Probleme bestehen?
     
  10. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    hier die auswertung:

    Scan History Details
    Start Date: 08-06-03 13:33:08
    End Date: 08-06-03 15:27:11
    Total Time: 114 Min 3 Sec
    Detected security risks

    C2.Lop Hijacker more information...
    Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites.
    Status: Quarantined

    Registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
    HKEY_USERS\S-1-5-21-1659004503-920026266-854245398-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN


    Altnet/Topsearch Browser Plug-in more information...
    Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
    Status: Quarantined

    Registry entries detected
    HKEY_LOCAL_MACHINE\Software\Classes\APPID\ALTNET SIGNING MODULE.EXE
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1\CLSID
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK.1\CLSID
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CLSID
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CLSID
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CurVer
    HKEY_LOCAL_MACHINE\Software\Classes\TOPSEARCH.TSLINK\CurVer


    SearchMiracle.EliteBar Browser Plug-in more information...
    Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
    Status: Quarantined

    Registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT\POST PLATFORM


    Zango Adware (General) more information...
    Details: Zango makes and distributes adware applications such as toolbars and search assistants. These adware programs display pop-up ads on the desktop and frequently accompany "free" software tools, games, videos, wallpapers, and screensavers found on the internet.
    Status: Quarantined

    Registry entries detected
    HKEY_USERS\S-1-5-21-1659004503-920026266-854245398-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
    HKEY_USERS\S-1-5-21-1659004503-920026266-854245398-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore
    HKEY_USERS\S-1-5-21-1659004503-920026266-854245398-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore
    HKEY_USERS\S-1-5-21-1659004503-920026266-854245398-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore
    HKEY_USERS\S-1-5-21-1659004503-920026266-854245398-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore


    Cookie: Tracking Cookies Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\dokumente und einstellungen\alexandrius\cookies\alexandrius@2o7[1].txt
    c:\dokumente und einstellungen\alexandrius\cookies\alexandrius@atdmt[2].txt
    c:\dokumente und einstellungen\alexandrius\cookies\alexandrius@tradedoubler[1].txt
    c:\dokumente und einstellungen\alexandrius\cookies\alexandrius@weborama[2].txt

    konnte 2 löschen aber die adnren 2 nicht.
     
  11. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    hm hab das gefühl das mein pc noch langsamer egworden ist.
     
  12. #11 Humdinger, 06.06.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
  13. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:54, on 08-06-06
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Logitech\Video\LogiTray.exe
    D:\steam.exe
    C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Programme\MSN Messenger\usnsvc.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [Steam] "d:\steam.exe" -silent
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Sygate Personal Firewall.lnk = C:\Programme\Sygate\SPF\Smc.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
    O23 - Service: GMX Firefox Update (AdminSVCff) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

    --
    End of file - 4578 bytes



    und keine viren gefunden.
     
  14. #13 Humdinger, 07.06.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
  15. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    virustotal:



    Datei adminsvcff.exe empfangen 2008.06.07 12:05:23 (CET)
    Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
    Ergebnis: 1/32 (3.13%)
    Laden der Serverinformationen...
    Ihre Datei wartet momentan auf Position: ___.
    Geschätzte Startzeit is zwischen ___ und ___ .
    Dieses Fenster bis zum Abschluss des Scans nicht schließen.
    Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
    Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
    Ihre Datei wird momentan von VirusTotal überprüft,
    Ergebnisse werden sofort nach der Generierung angezeigt.
    Filter Filter
    Drucken der Ergebnisse Drucken der Ergebnisse
    Datei existiert nicht oder dessen Lebensdauer wurde überschritten
    Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

    SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
    Email:

    Antivirus Version letzte aktualisierung Ergebnis
    AhnLab-V3 2008.5.30.1 2008.06.05 -
    AntiVir 7.8.0.55 2008.06.06 -
    Authentium 5.1.0.4 2008.06.06 -
    Avast 4.8.1195.0 2008.06.07 -
    AVG 7.5.0.516 2008.06.06 -
    BitDefender 7.2 2008.06.07 -
    CAT-QuickHeal 9.50 2008.06.07 -
    ClamAV 0.92.1 2008.06.07 -
    DrWeb 4.44.0.09170 2008.06.07 -
    eSafe 7.0.15.0 2008.06.05 -
    eTrust-Vet 31.6.5855 2008.06.06 -
    Ewido 4.0 2008.06.06 -
    F-Prot 4.4.4.56 2008.06.06 -
    F-Secure 6.70.13260.0 2008.06.06 -
    Fortinet 3.14.0.0 2008.06.07 -
    GData 2.0.7306.1023 2008.06.07 -
    Ikarus T3.1.1.26.0 2008.06.07 -
    Kaspersky 7.0.0.125 2008.06.07 -
    McAfee 5312 2008.06.06 -
    Microsoft 1.3604 2008.06.07 -
    NOD32v2 3165 2008.06.06 -
    Norman 5.80.02 2008.06.06 -
    Panda 9.0.0.4 2008.06.06 -
    Prevx1 V2 2008.06.07 Malicious Software
    Rising 20.47.42.00 2008.06.06 -
    Sophos 4.30.0 2008.06.07 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.07 -
    TheHacker 6.2.92.339 2008.06.07 -
    VBA32 3.12.6.7 2008.06.06 -
    VirusBuster 4.3.26:9 2008.06.06 -
    Webwasher-Gateway 6.6.2 2008.06.06 -
    weitere Informationen
    File size: 180224 bytes
    MD5...: 460268db66ad23c98a9dd553c69d27bf
    SHA1..: 3d07b06aa9c389230fedb8c15d99b006202f8ebc
    SHA256: 9030dc0958f3f59ca01ac0346201046b03a0c86664cbb5a698f5e2c76599d0e5
    SHA512: bbdacfdba7916a970b6a4fac801f55138d08512c97e97f6bbc4a371e7d1ffb9e
    96c8a3c8bc73443d4873e1c33c696dc2425aee76050a0ceaf88716c6d7ecc396
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x40cf52
    timedatestamp.....: 0x4551b4ed (Wed Nov 08 10:43:57 2006)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1fb14 0x20000 6.60 ef74a9e53c47e26383fe4b245e0b643c
    .rdata 0x21000 0x7e18 0x8000 4.97 9aab6d803c2e8f125fbe1ebea4643498
    .data 0x29000 0x7934 0x2000 3.66 10d41be473bd541de07e6007c4b0944d
    .rsrc 0x31000 0x4c0 0x1000 1.24 23da5d3e982b7d7fe30f04577d5a6133

    ( 11 imports )
    > KERNEL32.dll: FormatMessageA, GlobalUnlock, GlobalLock, GlobalAlloc, GlobalFree, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, SetEndOfFile, GetCurrentProcess, lstrcpyA, CreateFileA, lstrcpynA, LoadLibraryA, RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetModuleHandleA, lstrcmpW, lstrcatA, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, InterlockedDecrement, LocalAlloc, LeaveCriticalSection, GlobalReAlloc, GlobalHandle, EnterCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, InterlockedIncrement, lstrcmpA, GlobalFlags, GetCPInfo, GetOEMCP, RtlUnwind, GetSystemTimeAsFileTime, GetTimeFormatA, GetDateFormatA, HeapFree, GetLocalTime, GetTimeZoneInformation, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, ExitProcess, HeapReAlloc, HeapSize, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle, SetEnvironmentVariableA, GetLocaleInfoW, LocalFree, FreeLibrary, SetLastError, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, MultiByteToWideChar, CreateThread, CloseHandle, CreateMutexA, WaitForSingleObject, ReleaseMutex, GetCurrentThreadId, CreateProcessA, Sleep, TerminateProcess, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetLastError, GetProcAddress, GetModuleFileNameA
    > USER32.dll: RegisterWindowMessageA, TabbedTextOutA, DrawTextA, DrawTextExA, GrayStringA, ClientToScreen, GetDC, ReleaseDC, ValidateRect, SetWindowTextA, IsWindowEnabled, LoadBitmapA, GetMenuCheckMarkDimensions, CheckMenuItem, EnableMenuItem, ModifyMenuA, SetMenuItemBitmaps, GetSysColorBrush, LoadCursorA, DestroyMenu, PostQuitMessage, GetPropA, RemovePropA, GetFocus, GetWindowTextA, GetForegroundWindow, GetLastActivePopup, GetDlgItem, GetTopWindow, DestroyWindow, UnhookWindowsHookEx, GetMessageTime, WinHelpA, LoadIconA, MapWindowPoints, MessageBoxA, GetKeyState, SetForegroundWindow, GetClientRect, GetMenu, GetSysColor, AdjustWindowRectEx, GetParent, GetClassInfoA, RegisterClassA, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, GetWindowLongA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, UnregisterClassA, GetSystemMetrics, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, EnableWindow, PostMessageA, PeekMessageA, DispatchMessageA, PostThreadMessageA, GetUserObjectInformationA, GetThreadDesktop, FindWindowA, GetCapture, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassInfoExA, GetClassLongA, GetClassNameA, GetMessagePos, SetPropA, SendMessageA
    > ADVAPI32.dll: SetServiceStatus, RegisterEventSourceA, ReportEventA, DeregisterEventSource, RegCreateKeyA, RegSetValueExA, RegCloseKey, DeleteService, CreateServiceA, RegisterServiceCtrlHandlerA, ControlService, OpenSCManagerA, OpenServiceA, CloseServiceHandle, StartServiceA, StartServiceCtrlDispatcherA
    > COMCTL32.dll: -
    > WS2_32.dll: -, -, -, -, -, -, -, -
    > VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
    > WINMM.dll: timeSetEvent, timeKillEvent, timeGetDevCaps
    > OLEACC.dll: LresultFromObject, CreateStdAccessibleObject
    > GDI32.dll: GetClipBox, SetTextColor, SetBkColor, SaveDC, RestoreDC, GetStockObject, CreateBitmap, DeleteDC, SetMapMode, DeleteObject, PtVisible, RectVisible, TextOutA, ScaleWindowExtEx, OffsetViewportOrgEx, SetWindowExtEx, ScaleViewportExtEx, GetDeviceCaps, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, SetViewportExtEx
    > WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
    > OLEAUT32.dll: -, -, -

    ( 0 exports )
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=11336B1A0085DA57C07D025EDF3B370079A33822






    smitfraudfix:

    SmitFraudFix v2.323

    Scan done at 12:18:06.74, 08-06-07
    Run from C:\Dokumente und Einstellungen\Alexandrius\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A29A989-5E4F-4A16-9BDC-D859A71196A9}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A29A989-5E4F-4A16-9BDC-D859A71196A9}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{6A29A989-5E4F-4A16-9BDC-D859A71196A9}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  16. #15 Humdinger, 07.06.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
    Schicke mir mal die exe, das sieht merkwürdig aus

    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe

    per mail an
    MalwareTEAM@t-online.de


    oder als zip Datei hier hochladen

    http://www.ppf-malware-upload.de.be/


    Gebe bei Betreff / Beschreibung an:

    modernboard / Milky
     
  17. Anzeige

    Es ist generell erstmal empfehlenswert alle ggf. veralteten oder fehlerhaften Treiber zu scannen und auf neue zu aktualisieren. Hier kannst du einen Treiber-Scanner downloaden. Das erspart oftmals viel Ärger und hilft gegen diverse Probleme.
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren.
  18. #16 Humdinger, 07.06.2008
    Humdinger

    Humdinger Erfahrener Benutzer

    Dabei seit:
    31.01.2008
    Beiträge:
    476
    Zustimmungen:
    0
    Hallo

    Die Datei ist in Ordnung, Keine Malware.

    Du solltest dir mal die kostenlose Antivir Premium Version holen. Da deine Freeware Variante nicht vor Spy- und Adware schützt, wie man ja auch gesehen hat.
    http://computerguard.de/vb/forum-139.html

    Und in Zukunft zusätzlich die Freeware Sandboxie verwenden.
    http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=1136

    Die hier verwendeten Tools kannst du dann wieder löschen / deinstallieren.
     
  19. Milky

    Milky Neuer Benutzer

    Dabei seit:
    29.05.2008
    Beiträge:
    15
    Zustimmungen:
    0
    danke für die hilfe ;)
     
Thema:

hab ich ein virus? mein pc ist langsamer geworden

Die Seite wird geladen...

hab ich ein virus? mein pc ist langsamer geworden - Ähnliche Themen

  1. langsames Internet, woran liegt's - Wlan-Stick, Rechner oder Signal?

    langsames Internet, woran liegt's - Wlan-Stick, Rechner oder Signal?: Hallo zusammen, ich rege mich in letzter Zeit enorm über meine Internetverbindung an meinem stationären PC auf. Allerdings kann ich nicht ganz...
  2. Gamer PC Zusammenstellung. Hilfe und Rat !??!?!

    Gamer PC Zusammenstellung. Hilfe und Rat !??!?!: Guten Tag Leute, ich bräuchte mal eure Hilfe und zwar habe ich mir einen Rechner Zusammengestellt und wollte mal eure meinung höhren. Habe mal...
  3. Verifikation Mail von PayPal. Ist ein Virus oder nur Spass?

    Verifikation Mail von PayPal. Ist ein Virus oder nur Spass?: Hallo. Ich habe heute eine Benachrichtigung von PayPal Bezahlsystem bekommen? Wie kann ich feststellen ob das kein Spass ist? Oder ist Spass zum...
  4. Pc geht plötzlich aus

    Pc geht plötzlich aus: Mein Pc geht bei Spielen plötzlich unerwartet aus, als würde mann den Netzstecker ziehen. Der Pc ist gereinigt, Hitzestau ist ebenfalls...
  5. Pc verbindet sich nicht mit meinem neuen Fernseher (4k von Samsung)?

    Pc verbindet sich nicht mit meinem neuen Fernseher (4k von Samsung)?: Hallo, Ich habe mir heute einen neuen Fernseher zugelegt, es ist von Samsung der UE55JU6050U, und habe ihn gleich aufgebaut, mit Reciver und...