Hallo

Zitat:

Und als abschließende Frage: Es gibt doch solche Ausführungen, dass man den Computer verschnellern kann

du meinst OC'en => Übertakten?

Zitat:

unter anderem in dem Bereich Ausführen, Begriffe eingeben, bei denen man dann in gewisse Systeme vom Computer Einblick sich verschaffen kann.

Start - Ausführen - msconfig, regedit usw. aber hier solltest du sehr vorsichtig sein, wenn du hier herum pfuscht kann es sein, dass dein ganzes System zerschossen wird!

In deinem Log kann ich nix wirklich schlimmes entdecken, aber

Zitat:

Zitat:

Zitat:

schau mal in der Historie nach wenn es sowas bei dir gibt, es währe wichtig zu wissen was (Schädlingsbezeichnung) wo (Pfad und Dateiname) gefunden wird/wurde.

was ist hiermit?

Lade dir bitte Silentrunners
und lasse es dein System scannen, anschließend poste das Log.

MFG

"Start - Ausführen - msconfig, regedit usw"... genau, dass meine ich. Was kann ich dort verändert, so dass mein Computer schneller wird. Kann doch auch mein Computer irgendwie zeitversetzen. Kann es nicht genau beschreiben. Irgendwann einmal -langer her - habe ich auch etwas mit dem Bereich "Auführen" etwas getätigt und da bin ich auf ein Bereich gestoßen, bei dem Zahlen eingeben kann, so dass, glaube ich, der Computer schneller auf die Sprünge kommt.

Hier, das, was ich durch Silent bekommen habe:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]
"D-Link AirPlus XtremeG" = "C:\Programme\D-Link\AirPlus XtremeG\AirPlusCFG.exe" ["D-Link"]
"ANIWZCS2Service" = "C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" ["Alpha Networks Inc."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"IMEKRMIG6.1" = "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [MS]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"F-Secure Manager" = ""C:\Programme\F-Secure\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
"F-Secure TNB" = ""C:\Programme\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Companion BHO"
\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar3.dll" ["Google Germany GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> ComPlusSetup\DLLName = "C:\WINDOWS\system32\catsrvut.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
SIMMenu\(Default) = "{8DD848D4-81E7-490E-9A3D-CE9058956208}"
-> {HKLM...CLSID} = "SIM_ext Class"
\InProcServer32\(Default) = "C:\Programme\SIM\simext.dll" [empty string]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SIMMenu\(Default) = "{8DD848D4-81E7-490E-9A3D-CE9058956208}"
-> {HKLM...CLSID} = "SIM_ext Class"
\InProcServer32\(Default) = "C:\Programme\SIM\simext.dll" [empty string]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Programme\F-Secure\FSPS\program\FSLSP.DLL ["F-Secure Corporation"], 01 - 19, 41
%SystemRoot%\system32\mswsock.dll [MS], 20 - 22, 25 - 40
%SystemRoot%\system32\rsvpsp.dll [MS], 23 - 24


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar3.dll" ["Google Germany GmbH"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Companion"
\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar3.dll" ["Google Germany GmbH"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Companion"
\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar3.dll" ["Google Germany GmbH"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{200DB664-75B5-47C0-8B45-A44ACCF73F02}\
"MenuText" = "Webseitenfilter &aussetzen"
"CLSIDExtension" = "{878137C3-9DAC-4a48-9625-78A054E86C1E}"
-> {HKLM...CLSID} = "F-Secure Parental Control COM menu #3"
\InProcServer32\(Default) = "C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll" [file not found]

{200DB664-75B5-47C0-8B45-A44ACCF73F03}\
"MenuText" = "Diese Website &sperren"
"CLSIDExtension" = "{A7FC740A-AC46-46d2-9262-E368D619AD17}"
-> {HKLM...CLSID} = "F-Secure Parental Control COM menu #2"
\InProcServer32\(Default) = "C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll" [file not found]

{200DB664-75B5-47C0-8B45-A44ACCF73F04}\
"MenuText" = "Diese Website &zulassen"
"CLSIDExtension" = "{C459289E-2150-486b-8556-12C706799CAC}"
-> {HKLM...CLSID} = "F-Secure Parental Control COM menu #1"
\InProcServer32\(Default) = "C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll" [file not found]

{300DB664-75B5-47C0-8B45-A44ACCF73C00}\
"ButtonText" = "IE-Schutzschild"
"MenuText" = "IE-Schutzschild..."
"CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Programme\F-Secure\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
F-Secure Automatic Update Agent, FSAUA, ""C:\Programme\F-Secure\FSAUA\program\fsaua.exe"" ["F-Secure Corporation"]
F-Secure Management Agent, FSMA, ""C:\Programme\F-Secure\Common\FSMA32.EXE"" ["F-Secure Corporation"]
FSGKHS, F-Secure Gatekeeper Handler Starter, ""C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Licensing Detect Internet Connection, DJSNETCN, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


Vielen Dank im Voraus!

Viele Grüße

8850

Werte doch mal bitte folgende Dateien nacheinander online bei Jotti oder Virustotal aus und poste sämtliche Ergebnisse:

C:\WINDOWS\system32\shmgrate.exe
C:\Programme\SIM\simext.dll

Hallo,

wie kann ich diese zwei Pfaden denn auswerten? Das andere, was ich als letzten hier herein gepostet habe, was kann man dazu sagen?
Viele Grüße
8850

Du rufst http://www.virustotal.com auf. Oben rechts gibst du die angegeben Pfade ein. Poste anschließend das vollständige Ergebnis.