Generic Host Process for Win32 Services - Fehlermeldung

stjohannboys · 09.02.2011, 17:55

Hallo zusammen,

bei jedem Systemstart kommt die obige Fehlermeldung. Wenn ich dann auf "Nicht senden" klicke, stockt der PC wie sonstwas.

Ich hab hier mich durchgeforstet und mit dem Malwarebytes Anti-Malware einen kompletten Scan durchgeführt. Die infizierten Dateien habe ich löschen lassen.

Zwar geht der PC nun jetzt wieder fast normal, doch die Meldung kommt nach wie vor. Allerdings lasse ich sie "links liegen" und kann somit normal arbeiten.

Hier meine Logdatei von Malwarebytes:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5719

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

09.02.2011 17:42:06
mbam-log-2011-02-09 (17-42-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 727871
Laufzeit: 2 Stunde(n), 13 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 12
Infizierte Dateien: 38

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{7E54CD0B-F9C1-7415-B42C-39C283A63818} (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\alexander\anwendungsdaten\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\anwendungsdaten\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\anwendungsdaten\funwebproducts\Data\alexander (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\christoph\anwendungsdaten\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\christoph\anwendungsdaten\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\christoph\anwendungsdaten\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michaela\anwendungsdaten\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michaela\anwendungsdaten\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michaela\anwendungsdaten\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Robert\anwendungsdaten\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Robert\anwendungsdaten\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Robert\anwendungsdaten\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\alexander\Desktop\Alex\fifa11textureeditor.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\Desktop\Alex\u96.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\Desktop\Alex\U98.exe (Adware.UltraReach) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\Desktop\corel.videostudio.pro.x3.multilingual.only.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\Desktop\corel.videostudio.pro.x3.multilingual.only.keymaker-core\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297019.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297020.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297021.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297022.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297023.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297024.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297025.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297026.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297027.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297028.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297029.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297030.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297031.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297032.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297033.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297034.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297035.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1005\A0297038.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1034\A0324416.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1034\A0324417.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1037\A0330814.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP1040\A0336595.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP975\A0274181.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4a03de67-62a4-4cef-b507-e1e3ab23f5d5}\RP986\A0284910.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\anwendungsdaten\funwebproducts\Data\alexander\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\christoph\anwendungsdaten\Dealio\res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\christoph\anwendungsdaten\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michaela\anwendungsdaten\Dealio\res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Michaela\anwendungsdaten\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Robert\anwendungsdaten\Dealio\res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Robert\anwendungsdaten\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Quarantined and deleted successfully.

Danke im voraus für eure Hilfe!

blow-in · 10.02.2011, 09:31

Hallo stjohannboys
Mit dieser illegalen Software

Zitat:

c:\dokumente und einstellungen\alexander\Desktop\corel.videostudio.pro.x3.multilingual.only.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\alexander\Desktop\corel.videostudio.pro.x3.multilingual.only.keymaker-core\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

hast du leider die Hilfe in diesem Forum verloren.
Für diech geht es hier weiter Neuaufsetzen und in Zukunft die Finger von solchen Keygen.
Denke auch daren, deine ganzen Passworte zu ändern.

Generic Host Process for Win32 Services - Fehlermeldung

Antiviren-, Firewall- und andere Schutzprogramme: Generic Host Process for Win32 Services - Fehlermeldung

Generic Host Process for Win32 Services - Fehlermeldung

Generic Host Process for Win32 Services - Fehlermeldung

Ähnliche Themen: Generic Host Process for Win32 Services - Fehlermeldung