problem mit einem hijacker.brauche hilfe

08.08.2005, 18:35

hab mal wieder probleme mit einem hijacker o.ä.

hier mal mein hijackthis log file:
Logfile of HijackThis v1.99.0
Scan saved at 21:15:51, on 07.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\McAfee\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\msole32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 6.exe
C:\WINDOWS\system32\hplampc.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Jetico\BestCrypt\BCResident.exe
C:\WINDOWS\system32\shnlog.exe
C:\Programme\McAfee\CPD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
E:\Benjamin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bestwebslinks.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = leben.vr-networld.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.bestwebslinks.com/
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpB1D1.tmp
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 6.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programme\Jetico\BestCrypt\BestCrypt.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v ... 3856314875
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - https://messenger.msn.com/download/msnme ... loader.cab
O23 - Service: CA License Client - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.e xe (file missing)
O23 - Service: CA License Server - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd. exe (file missing)
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Unknown - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Event Log Watch - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.e xe (file missing)
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Programme\McAfee\CPD.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

und noch silentrunners log wenns hilft:
"Silent Runners.vbs", revision 36, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run\ {++}
"notepad.exe" = "msmsgs.exe" [null data]
"paint.exe" = "shnlog.exe" [null data]
"notepad2.exe" = "popuper.exe" [null data]
"winlogon.exe" = "msole32.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"Realtime Monitor" = "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" ["Computer Associates International, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb 06.exe" ["HP"]
"hplampc" = "C:\WINDOWS\system32\hplampc.exe" ["Hewlett-Packard"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Smapp" = "C:\Programme\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"RegSvr32" = "C:\WINDOWS\system32\msmsgs.exe" [null data]
"intell32.exe" = "C:\WINDOWS\system32\intell32.exe" [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hpB1D1.tmp" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."]
"{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\Quintessential Player\QCDIcons.dll" [empty string]
"{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."]
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {CLSID}\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2004\sdshelex.dll"" ["TuneUp Software GmbH"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS]

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Family\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1 .bmp"

Startup items in "Family" & "All Users" startup folders:
--------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"BestCrypt Auto Open" -> shortcut to: "C:\Programme\Jetico\BestCrypt\BestCrypt.exe AutoOpen" ["Jetico, Inc."]

Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"{432A36D8-DBE9-44F1-A4C5-A8C53C1A891D}_FAMILIE_Family" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{432A36D8-DBE9-44F1-A4C5-A8C53C1A891D}_FAMILIE_Family"" [MS]
"{4D4DF068-920D-4AF3-98EA-2908E482D7C1}_FAMILIE_Family" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{4D4DF068-920D-4AF3-98EA-2908E482D7C1}_FAMILIE_Family"" [MS]
"{C27DA6D0-9685-4FAA-A8B6-39D4BCDBE157}_FAMILIE_Family" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{C27DA6D0-9685-4FAA-A8B6-39D4BCDBE157}_FAMILIE_Family"" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\CSLSP.DLL ["Networks Associates Technologies, Inc."], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Mobilen Favoriten erstellen"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\inetrepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\inetrepl.dll" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

eTrust Antivirus Job Server, InoTask, ""C:\Programme\CA\eTrust Antivirus\InoTask.exe"" ["Computer Associates International, Inc."]
eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."]
eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."]
McAfee Firewall, McAfee Firewall, ""C:\Programme\McAfee\CPD.EXE" /SERVICE" ["Network Associates, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programme\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E 96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "mhk" ["Jetico, Inc."]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

09.08.2005, 07:48

Das verwendete Hijckthis ist nicht aktuell!

Überprüfen und ggf. Fixen:

Code:

C:\WINDOWS\popuper.exe 
C:\WINDOWS\system32\msole32.exe 
C:\WINDOWS\system32\intmonp.exe 
C:\WINDOWS\system32\shnlog.exe 
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe 
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe 
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx

Auf jedenfall Fixen:

Code:

C:\WINDOWS\system32\intmon.exe 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bestwebslinks.com/search.php?qq=%1 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bestwebslinks.com/bar.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bestwebslinks.com/search.php?qq=%1 
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bestwebslinks.com/search.php?qq=%1 
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bestwebslinks.com/search.php?qq=%1 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bestwebslinks.com/search.php?qq=%1 
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpB1D1.tmp

Unnötig:

Code:

O23 - Service: CA License Client - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) 
O23 - Service: CA License Server - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) 
O23 - Service: iPod Service - Unknown - C:\Programme\iPod\bin\iPodService.exe (file missing) 
O23 - Service: Event Log Watch - Unknown - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

An deiner Stelle würde ich noch AdAware oder SpyBot drüber jagen.

09.08.2005, 12:40

Hier gibt es Informationen zu dem Trojaner:

https://www.sophos.de/virusinfo/analyses/trojpuperd.html

Schöne Grüße
Nikki

09.08.2005, 17:12

hab jetzt mal ein wenig mit adaware und killbox rumgetueftelt udn es scheint so als hab ich alles eleminiert.

ich werde weder von popups genervt noch ist meine startseite verstellt.
hoff mal ich hab alles erwischt.

danke fuer eure hilfe

10.08.2005, 07:12

Jo bitte kein Problem.

23.08.2005, 22:28

Ich habe auch dieses Problem. Diese Hijackers!!

24.08.2005, 17:58

lass am besten ein aktuelles virenprogramm sowie ad-aware über deinen rechner laufen. wenn du danach immernoch probleme hast, poste am besten die logfile von hijackthis. eine anleitung von dirk im umgang mit hijackthis gibts unter: https://www.dirks-computerecke.de/hijack ... eitung.htm

problem mit einem hijacker.brauche hilfe

problem mit einem hijacker.brauche hilfe

Ähnliche Themen

XP Boot Problem! Brauche Hilfe!

Problem von einem Nixchecker mit win7

Bräuchte Hilfe bei einem HijackThis-Logfile

Hilfe! Bitte um Problemlösung gegen Hijacker

Problem bei DVD-Brenner und CD-Laufwerk in einem PC

Benutzer, die dieses Thema gelesen haben: 0