Viren, Spyware, Datenschutz 11.241 Themen, 94.650 Beiträge

Habe mir irgendetwas eingefangen, was ich aber nicht haben möcht

Andreas Kühn / 18 Antworten / Flachansicht Nickles

Hallo Leute, bei mir hat sich automatisch beim surfen irgendein Müll installiert, den ich nicht mehr los bekomme. Es will sich beim hochfahren ins www wählen, ist aber kein 0190 Dialer. Da ich dsl habe wäre das ja sowieso nicht drin. Mir ist aufgefallen, dass ich plötzlich im Taskmanager jede Menge Prozesse laufen habe. Ich habe einmal herumgestöbert welche Prozesse zu Win gehören. Ich liste hier deshalb nur die Prozesse auf, auf welche ich keine Antwort gefunden habe, und welche direkt nach dem hochfahren laufen:


AcroTray
eutcuh
Mounter
hpztsbo4
5 MAL svchost
persfw
naviagent
mdm
AVKWCtl
AVKService
alg
services



Außerdem öffnet sich nach kurzer Zeit immer ein pop-up. Nun habe ich SP1 und weitere Sicherheitsupdates von der Microsoft Seite installiert und das pop-up will sich öffnen, schließt sich aber gleich wieder.
Ich habe bereits Adaware und einen Virenkit scannen lassen, welches aber das Problem nicht beheben konnte.


Ich hoffe einer von Euch kann mir helfen...
Danke vorab.
Andreas

bei Antwort benachrichtigen
Max Meier Andreas Kühn „Habe mir irgendetwas eingefangen, was ich aber nicht haben möcht“
Optionen

Hallo Andreas,

die Seiten



und



beschreiben einige deiner Hintergrundprogramme wie folgt:

AcroTray =
Adobe Acrobat Assistant. This background task is installed when you install the full version of Adobe Acrobat. It comes into action when you create PDF files from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller.Recommendation : Usually harmless. Only disable with The Ultimate Troubleshooter if you specifically experience problems with it.

persfw=
This is the main component program of the Tiny Personal Firewall (oder Kerio PF), started at Windows start-up to protect your PC when it is on the Internet.
Recommendation : Leave alone – Essential for the proper functioning of Tiny Personal Firewall.

hpztsbo4 =
Background print job spooling tasks associated with some HP DeskJet printers (eg. DJ-930C, DJ-990C, DJ‑3580). This task also displays an icon in the System Tray called the HP Toolbox which enables the end-user to do various things such as cleaning the heads, aligning the heads, checking the ink level, etc... Recommendation :
Essential under most versions of Windows – leave alone. Under Windows 2000/XP, however, it is no longer essential to printing as, as long as the “Print Spooler” service is enabled (which it always is by default), printing to the printer will be fine. It then becomes a matter of preference as to whether you want to have the HP Toolbox in your System Tray or not. If you choose to disable it, you can do so with The Ultimate Troubleshooter.

5 MAL svchost =
Service Host – Generic Host Process for Win32 Services. The full path to this file should be shown as C:\WinNT\System32\Svchost.exe or C:\Windows\System3\Svchost.exe. Windows 2000/XP/2003 only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question). Under Windows XP Professional and Windows 2003 you can find out what DLL-based services SVCHOST is running by typing Tasklist /SVC at a Command/MS‑DOS Prompt (this command is not available in Windows XP Home), while under Windows 2000 you need to use the TLIST –s command from a Command Prompt (MS-DOS Prompt) (depending on how Windows 2000 was installed you may need to download TLIST from the Microsoft website or install it from one of the miscellaneous folders on the Windows 2000 CD). Recommendation :
An integral part of the operating system, leave alone – multiple instances of SVCHOST is a normal occurrence. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting. However, if you experience a lot of SVCHOST errors, and particularly, if the full path to SVCHOST.EXE is not any of the above, then you most likely have a virus (see below).

mdm=
Machine Debug Manager. Windows 98/ME/2000/XP/2003. This is used purely by Technically Advanced Users and Developers, and in very specific cases at that. It is not needed in most normal day-to-day uses of a PC. Recommendation :
There is a bug with MDM where it will regularly create zero-length temporary files in the Windows folder and not delete them. If you do not do regular housekeeping you can end up with hundreds of such files. Disable. Note, MDM has a way of restarting of its own when Windows encounters certain conditions – to prevent it from starting altogether many advanced users, ourselves included, resort to renaming MDM.EXE to MDM.EXE.OLD; that solves the problem permanently.

alg=
Application Layer Gateway service found only on Windows XP. ALG is an integral part of ICS (Internet Connection Sharing) and ICF (Internet Connection Firewall) in Windows XP. Microsoft’s description : "Provides support for 3rd Party protocol plug-ins for ICS and ICF". Recommendation : If you use Windows XP’s Internet Connection Firewall, you must have ALG running. If you use a 3rd Party firewall, set ALG to manual in "Control Panel \ Administrative Tools \ Services".

services=
Windows NT4/2000/XP/2003 only. This is the Services Control Manager which is responsible for starting, stopping, and interacting with system services. It’s full path as shown in The Ultimate Troubleshooter is either C:\WINNT\System32\Services.exe in Windows NT4/2000, or C:\Windows\System32\Services.exe in Windows XP/2003. Recommendation : An integral part of the operating system, leave alone.

oder:

If you have Windows NT4/2000/XP/2003 and the full path to this program is C:\WinNT\Services.exe or C:\Windows\Services.exe, then you most probably have the W32.Netsky@mm virus. If you have Windows 95/98/ME and this task is running in the background, then you most probably have that virus too.

Zum Rest hab ich auf die schnelle auch nichts gefunden.
Installiere auf jedenfall Fall mal ein ordentliches Antivirenprogramm.


Gruss
MM





bei Antwort benachrichtigen