PC langsam (!) und sendet spam (?)

Germike · 16.03.2008, 09:51

Hallo Alle,

seit einigen Tagen fällt mir die Arbeit mit meiner Maschine immer schwerer, da sie immer langsamer wird. Ich meine nicht diesen windows-typischen schleichenden Prozess, sondern eine plötzliche, deutliche Verschlechterung.

Außerdem empfange ich erstmals Spam, der offenbar von mir selbst abgesandt wurde. So steht es jedenfalls im 'Von' Absender ... ich bin da etwas ahnungslos, sorry ...

Kann mal jemand über das Log drüberschauen, bitte.
(Die Autostart-Einträge sind ok, auch wenn sie etwas merkwürdig aussehen.)

Vielen Dank!

--Michael

--------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:30:54, on 16.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\ScanSoft\PaperPort\viperusb.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Desktop Architect\datray.exe
C:\Programme\JungleDisk\junglediskmonitor.exe
C:\Programme\SecCopy\SecCopy.exe
C:\Programme\Micros~4\Office\OUTLOOK.EXE
C:\Programme\ScanSoft\PaperPort\PaprPort.exe
D:\Michael\Projekte - Winbatch div\ssindexr-eater.exe
C:\Programme\ScanSoft\PaperPort\pplinks.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Programme\ScanSoft\PaperPort\ppscanmg.exe
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.powerquest.com/register.asp?Product=DM&SerialNumber=***
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.178.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [StrobePro] C:\Programme\ScanSoft\PaperPort\viperusb.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Desktop Architect] "C:\Programme\Desktop Architect\datray.exe" -S
O4 - Startup: Explorer.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: Laufwerk S verbinden.lnk = C:\WINDOWS\SYSTEM32\cmd.exe
O4 - Startup: Laufwerk V verbinden.lnk = C:\WINDOWS\SYSTEM32\cmd.exe
O4 - Startup: Microsoft Outlook (low).lnk = C:\WINDOWS\SYSTEM32\cmd.exe
O4 - Startup: PaperPort (low).lnk = C:\WINDOWS\SYSTEM32\cmd.exe
O4 - Startup: ssindexr-eater.lnk = D:\Michael\Projekte - Winbatch div\ssindexr-eater.exe
O4 - Startup: Task Manager.lnk = C:\WINDOWS\SYSTEM32\taskmgr.exe
O4 - Global Startup: JungleDiskMonitor.lnk = C:\Programme\JungleDisk\junglediskmonitor.exe
O4 - Global Startup: Second Copy 2000 (low).lnk = C:\WINDOWS\SYSTEM32\cmd.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Open with WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.0bw.de
O15 - Trusted Zone: *.1und1.de
O15 - Trusted Zone: *.adobe.com
O15 - Trusted Zone: *.alice-dsl.de
O15 - Trusted Zone: *.allofmp3.com
O15 - Trusted Zone: h**p://*.amazon.com
O15 - Trusted Zone: *.amazon.de
O15 - Trusted Zone: *.apple.com
O15 - Trusted Zone: h**p://www.arbeitszeitberatung.de
O15 - Trusted Zone: *.auerswald-root.de
O15 - Trusted Zone: h**p://www.auerswald.de
O15 - Trusted Zone: *.beiersdorf.de
O15 - Trusted Zone: h**p://www.betriebsratszentrum.de
O15 - Trusted Zone: *.bibi-blocksberg.de
O15 - Trusted Zone: *.bibiblocksberg.de
O15 - Trusted Zone: *.bildschirmschoner.de
O15 - Trusted Zone: *.buffalo-technology.com
O15 - Trusted Zone: *.buffalo-technology.de
O15 - Trusted Zone: *.buffalotech.com
O15 - Trusted Zone: *.bundderversicherten.de
O15 - Trusted Zone: h**p://*.bundestag.de
O15 - Trusted Zone: *.cinemaxx.de
O15 - Trusted Zone: h**p://*.citibank.de
O15 - Trusted Zone: *.clickandbuy.com
O15 - Trusted Zone: *.clickandbuy.de
O15 - Trusted Zone: *.conrad.com
O15 - Trusted Zone: *.conrad.de
O15 - Trusted Zone: h**p://product.corel.com
O15 - Trusted Zone: h**p://support.corel.com
O15 - Trusted Zone: *.deutschepost.de
O15 - Trusted Zone: *.dgb.de
O15 - Trusted Zone: *.dhm.de
O15 - Trusted Zone: h**p://www.diplom.de
O15 - Trusted Zone: *.dooyoo.de
O15 - Trusted Zone: *.douglas.de
O15 - Trusted Zone: *.dpma.de
O15 - Trusted Zone: *.ebay.de
O15 - Trusted Zone: *.ebayobjects.com
O15 - Trusted Zone: *.ef.com
O15 - Trusted Zone: h**p://www.ehrensenf.com
O15 - Trusted Zone: h**p://www.ehrensenf.de
O15 - Trusted Zone: *.einfach-fuer-alle.de
O15 - Trusted Zone: *.expertise2go.com
O15 - Trusted Zone: *.fact-finder.de
O15 - Trusted Zone: h**p://www.falk.de
O15 - Trusted Zone: h**p://www.fotoporto.com
O15 - Trusted Zone: *.fotoporto.com
O15 - Trusted Zone: h**p://www.free-av.de
O15 - Trusted Zone: *.free-av.de
O15 - Trusted Zone: h**p://www.freewareweb.com
O15 - Trusted Zone: *.fritz.box
O15 - Trusted Zone: *.gi-ev.de
O15 - Trusted Zone: *.gmx.net
O15 - Trusted Zone: *.google.de
O15 - Trusted Zone: *.grc.com
O15 - Trusted Zone: h**p://server6.gs-shop.de
O15 - Trusted Zone: *.hamburg.de
O15 - Trusted Zone: *.haufe.de
O15 - Trusted Zone: *.hcu-hamburg.de
O15 - Trusted Zone: *.hoh.de
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: *.ibm.com
O15 - Trusted Zone: *.igbce.de
O15 - Trusted Zone: *.isotf.org
O15 - Trusted Zone: *.isotf.org#
O15 - Trusted Zone: h**p://*.karstadt.de
O15 - Trusted Zone: *.kiddinx.de
O15 - Trusted Zone: *.kijiji.de
O15 - Trusted Zone: *.klarmobil.de
O15 - Trusted Zone: *.legalershop.de
O15 - Trusted Zone: h**p://www.m4-software.de
O15 - Trusted Zone: h**p://*.magix.net
O15 - Trusted Zone: *.marketworks.com
O15 - Trusted Zone: h**p://www.medac.de
O15 - Trusted Zone: *.medweb.com
O15 - Trusted Zone: h**p://www.meinungsplatz.net
O15 - Trusted Zone: *.xeron.de
O15 - Trusted Zone: *.minijob-zentrale.de
O15 - Trusted Zone: h**p://www.mozilla.com
O15 - Trusted Zone: *.mozilla.com
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: h**p://*.neu.de
O15 - Trusted Zone: h**p://www.ncbi.nlm.nih.gov
O15 - Trusted Zone: *.nokia.com
O15 - Trusted Zone: *.norskit.com
O15 - Trusted Zone: *.norskit.de
O15 - Trusted Zone: *.obw.de
O15 - Trusted Zone: h**p://www.visionaustralia.org.au
O15 - Trusted Zone: *.paypal.com
O15 - Trusted Zone: *.paypal.de
O15 - Trusted Zone: h**p://www.pekavau.de
O15 - Trusted Zone: *.polderbits.com
O15 - Trusted Zone: *.portal-banking.de
O15 - Trusted Zone: *.pubmed.com
O15 - Trusted Zone: *.purenature.de
O15 - Trusted Zone: h**p://www.sage.de
O15 - Trusted Zone: h**p://landesregierung.schleswig-holstein.de
O15 - Trusted Zone: *.schule.de
O15 - Trusted Zone: *.skype.com
O15 - Trusted Zone: *.softpedia.com
O15 - Trusted Zone: *.softpedia.ro
O15 - Trusted Zone: h**p://www.spd-hamburg.de
O15 - Trusted Zone: h**p://www.spiegel.de
O15 - Trusted Zone: *.stayfriends.de
O15 - Trusted Zone: h**p://*.t-mobile.de
O15 - Trusted Zone: *.t-online.de
O15 - Trusted Zone: *.topcom.net
O15 - Trusted Zone: *.trendmicro-europe.com
O15 - Trusted Zone: *.tu-dresden.de
O15 - Trusted Zone: h**p://www.twit.tv
O15 - Trusted Zone: h**p://www.uci-kinowelt.de
O15 - Trusted Zone: *.uci-kinowelt.de
O15 - Trusted Zone: *.uni-hamburg.de
O15 - Trusted Zone: *.useit.com
O15 - Trusted Zone: *.vaa.de
O15 - Trusted Zone: *.verbraucherzentrale-nrw.de
O15 - Trusted Zone: h**p://www.viamichelin.de
O15 - Trusted Zone: *.visa.com
O15 - Trusted Zone: h**p://br-forum.waf-server.de
O15 - Trusted Zone: *.webcredible.co.uk
O15 - Trusted Zone: *.windowsupdate.com
O15 - Trusted Zone: *.xing.com
O15 - Trusted Zone: *.youtube.com
O15 - Trusted IP range: 83.222.8.32
O15 - Trusted IP range: 83.222.8.35
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - h**p://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - h**p://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - h**p://www.cult3d.com/download/cult.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205074005343
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - h**p://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7252CA11-F0FA-49F4-8B14-CB1A34317510}: NameServer = 192.168.178.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

PC langsam (!) und sendet spam (?)

Log-Analyse und Auswertung: PC langsam (!) und sendet spam (?)

PC langsam (!) und sendet spam (?)

Ähnliche Themen: PC langsam (!) und sendet spam (?)