problem mit einem hijacker.brauche hilfe

6Antworten
  1. #1
    Avatar von
    Themen Starter

    Standard problem mit einem hijacker.brauche hilfe

    hab mal wieder probleme mit einem hijacker o.ä.

    hier mal mein hijackthis log file:
    Logfile of HijackThis v1.99.0
    Scan saved at 21:15:51, on 07.08.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Programme\CA\eTrust Antivirus\InoRpc.exe
    C:\Programme\CA\eTrust Antivirus\InoRT.exe
    C:\Programme\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programme\McAfee\CPD.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\popuper.exe
    C:\WINDOWS\system32\msole32.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\system32\intmonp.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 6.exe
    C:\WINDOWS\system32\hplampc.exe
    C:\WINDOWS\system32\intmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programme\Analog Devices\SoundMAX\SMTray.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Jetico\BestCrypt\BCResident.exe
    C:\WINDOWS\system32\shnlog.exe
    C:\Programme\McAfee\CPD.EXE
    C:\Programme\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    E:\Benjamin\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bestwebslinks.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.de
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = leben.vr-networld.de
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bestwebslinks.com/search.php?qq=%1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.bestwebslinks.com/
    O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpB1D1.tmp
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 6.exe
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
    O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programme\Jetico\BestCrypt\BestCrypt.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v ... 3856314875
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - https://messenger.msn.com/download/msnme ... loader.cab
    O23 - Service: CA License Client - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.e xe (file missing)
    O23 - Service: CA License Server - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd. exe (file missing)
    O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPod Service - Unknown - C:\Programme\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Event Log Watch - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.e xe (file missing)
    O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Programme\McAfee\CPD.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

    und noch silentrunners log wenns hilft:
    "Silent Runners.vbs", revision 36, https://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run\ {++}
    "notepad.exe" = "msmsgs.exe" [null data]
    "paint.exe" = "shnlog.exe" [null data]
    "notepad2.exe" = "popuper.exe" [null data]
    "winlogon.exe" = "msole32.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "Realtime Monitor" = "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" ["Computer Associates International, Inc."]
    "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb 06.exe" ["HP"]
    "hplampc" = "C:\WINDOWS\system32\hplampc.exe" ["Hewlett-Packard"]
    "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "Smapp" = "C:\Programme\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
    "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "RegSvr32" = "C:\WINDOWS\system32\msmsgs.exe" [null data]
    "intell32.exe" = "C:\WINDOWS\system32\intell32.exe" [file not found]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
    \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
    {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hpB1D1.tmp" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
    "{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
    "{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler"
    -> {CLSID}\InProcServer32\(Default) = "E:\Programme\Quintessential Player\QCDIcons.dll" [empty string]
    "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."]
    "{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
    -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2004\sdshelex.dll"" ["TuneUp Software GmbH"]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {CLSID}\InProcServer32\(Default) = "E:\Programme\rpshell.dll" ["RealNetworks, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
    INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS]


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


    Enabled Wallpaper and Active Desktop:
    -------------------------------------

    Active Desktop is disabled.

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Dokumente und Einstellungen\Family\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1 .bmp"


    Startup items in "Family" & "All Users" startup folders:
    --------------------------------------------------------

    C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
    "BestCrypt Auto Open" -> shortcut to: "C:\Programme\Jetico\BestCrypt\BestCrypt.exe AutoOpen" ["Jetico, Inc."]


    Enabled Scheduled Tasks:
    ------------------------

    "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
    "{432A36D8-DBE9-44F1-A4C5-A8C53C1A891D}_FAMILIE_Family" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{432A36D8-DBE9-44F1-A4C5-A8C53C1A891D}_FAMILIE_Family"" [MS]
    "{4D4DF068-920D-4AF3-98EA-2908E482D7C1}_FAMILIE_Family" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{4D4DF068-920D-4AF3-98EA-2908E482D7C1}_FAMILIE_Family"" [MS]
    "{C27DA6D0-9685-4FAA-A8B6-39D4BCDBE157}_FAMILIE_Family" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{C27DA6D0-9685-4FAA-A8B6-39D4BCDBE157}_FAMILIE_Family"" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    C:\WINDOWS\system32\CSLSP.DLL ["Networks Associates Technologies, Inc."], 01 - 05, 11
    %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
    %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Konsole"
    "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
    "ButtonText" = "Mobilen Favoriten erstellen"
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\inetrepl.dll" [MS]

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
    "MenuText" = "Mobilen Favoriten erstellen..."
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\inetrepl.dll" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    eTrust Antivirus Job Server, InoTask, ""C:\Programme\CA\eTrust Antivirus\InoTask.exe"" ["Computer Associates International, Inc."]
    eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."]
    eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."]
    McAfee Firewall, McAfee Firewall, ""C:\Programme\McAfee\CPD.EXE" /SERVICE" ["Network Associates, Inc."]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programme\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]


    Keyboard Driver Filters:
    ------------------------

    HKLM\System\CurrentControlSet\Control\Class\{4D36E 96B-E325-11CE-BFC1-08002BE10318}\
    "UpperFilters" = INFECTION WARNING! "mhk" ["Jetico, Inc."]


    ----------
    This report excludes default entries except where indicated.
    To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    ----------

  2. #2
    Avatar von
    Themen Starter

    Standard

    Das verwendete Hijckthis ist nicht aktuell!

    Überprüfen und ggf. Fixen:

    Code:
    C:\WINDOWS\popuper.exe 
    C:\WINDOWS\system32\msole32.exe 
    C:\WINDOWS\system32\intmonp.exe 
    C:\WINDOWS\system32\shnlog.exe 
    O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe 
    O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe 
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    Auf jedenfall Fixen:

    Code:
    C:\WINDOWS\system32\intmon.exe 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bestwebslinks.com/search.php?qq=%1 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bestwebslinks.com/bar.html 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bestwebslinks.com/search.php?qq=%1 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bestwebslinks.com/search.php?qq=%1 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bestwebslinks.com/search.php?qq=%1 
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bestwebslinks.com/search.php?qq=%1 
    O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpB1D1.tmp
    Unnötig:

    Code:
    O23 - Service: CA License Client - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) 
    O23 - Service: CA License Server - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) 
    O23 - Service: iPod Service - Unknown - C:\Programme\iPod\bin\iPodService.exe (file missing) 
    O23 - Service: Event Log Watch - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
    An deiner Stelle würde ich noch AdAware oder SpyBot drüber jagen.

  3. #3
    Avatar von Nikki
    Nikki ist offline

    Title
    Moderator
    seit
    13.01.2005
    Beiträge
    3.475

    Standard

    Hier gibt es Informationen zu dem Trojaner:

    https://www.sophos.de/virusinfo/analyses/trojpuperd.html

    Schöne Grüße
    Nikki

  4. #4
    Avatar von
    Themen Starter

    Standard

    hab jetzt mal ein wenig mit adaware und killbox rumgetueftelt udn es scheint so als hab ich alles eleminiert.
    ich werde weder von popups genervt noch ist meine startseite verstellt.
    hoff mal ich hab alles erwischt.

    danke fuer eure hilfe

  5. #5
    Avatar von
    Themen Starter

    Standard

    Jo bitte kein Problem.

  6. #6
    Avatar von
    Themen Starter

    Standard

    Ich habe auch dieses Problem. Diese Hijackers!!

  7. #7
    Avatar von El Supremo
    El Supremo ist offline

    Title
    Benutzer
    seit
    18.01.2005
    Ort
    Ilsfeld, Lkr. Heilbronn, BW
    Beiträge
    1.552

    Standard

    lass am besten ein aktuelles virenprogramm sowie ad-aware über deinen rechner laufen. wenn du danach immernoch probleme hast, poste am besten die logfile von hijackthis. eine anleitung von dirk im umgang mit hijackthis gibts unter: https://www.dirks-computerecke.de/hijack ... eitung.htm

Ähnliche Themen

  1. XP Boot Problem! Brauche Hilfe!

    Von jojora im Forum Windows XP
    Antworten: 2
    Letzter Beitrag: 27.12.2011, 11:56
  2. Problem von einem Nixchecker mit win7

    Von GoZie im Forum Windows 7
    Antworten: 6
    Letzter Beitrag: 06.01.2011, 17:59
  3. Bräuchte Hilfe bei einem HijackThis-Logfile

    Von Spyx im Forum Antivirus und PC Sicherheit
    Antworten: 3
    Letzter Beitrag: 12.09.2006, 18:42
  4. Hilfe! Bitte um Problemlösung gegen Hijacker

    Von im Forum Antivirus und PC Sicherheit
    Antworten: 1
    Letzter Beitrag: 24.01.2006, 07:41
  5. Problem bei DVD-Brenner und CD-Laufwerk in einem PC

    Von im Forum Festplatten und Laufwerke
    Antworten: 5
    Letzter Beitrag: 23.09.2005, 12:54

Benutzer, die dieses Thema gelesen haben: 0

Derzeit gibt es keine Benutzer zum Anzeigen.
Diese Seite benutzt Cookies Durch die weitere Nutzung der Seite stimmen Sie der Verwendung von Cookies zu. Infos zum Datenschutz