Trojaner und kein Programm hilft!!! Hilfe!

freund · 23.07.2004, 14:40

Hallo,

beim surfen durchs Internet öffnet sich immer ein Pop-Up (wahrscheinlich über active-c) mit dem Hinweis "Sicherheitswarnung" und ich werde gefragt ob ich xfullgames.exe von 64.158.165.147 downloaden möchte. Weiterer Ablauf: ich drücke "nein" -> neues Pop-Up mit der Aufforderung "Yes" zu drücken -> ich drücke "ok" -> erstes Pop-Up erscheint erneut -> ich drücke "nein" -> Das Programm fragt mich wohin ich das Programm installieren möchte -> ich drücke "Abbrechen".

Habe schon ad-aware, spybot, escan laufen lassen, jedoch ohne Erfolg. Wer kann mir dabei helfen mich von diesem echt nervigen Trojaner?! zu befreien?

Viele Grüße

23.07.2004, 15:46

Hmm, würde mich echt interessieren, auf welchen Seiten ich das Teilchen downloaden kann.

Bitte poste einmal dein HijackThis-Log.

freund · 23.07.2004, 16:00

Logfile of HijackThis v1.98.0
Scan saved at 17:00:37, on 23.07.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HOOKSYS.EXE
C:\PROGRAMME\SECRETMAKER\SECRETMAKER.EXE
C:\PROGRAMME\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = abou: blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about: blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about: blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\SYSTEM\smiehlp.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [HookSys] HookSys.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CAPItest] CAPItest.EXE /q
O4 - Startup: SECRETMAKER.lnk = C:\Programme\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - C:\Programme\Preispiraten\preispiraten.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Preispiraten 2.1.1 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O12 - Plugin for .de/handel/einzelhandel/tarifinformationen/uebersicht_der_angebote_lohn__gehalt_und_ausbildungsverguetungen_-_tv-einzelhandel_2003_: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://64.158.165.147/060570/de/fullgames/fullgames.exe

23.07.2004, 17:07

Abgesicherter Modus und dies fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = abou: blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about: blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about: blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\SYSTEM\smiehlp.dll (file missing)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

Hier liegt dein Problem - Dialer!
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://64.158.165.147/060570/de/fullgames/fullgames.exe

Solltest du diese Seite nicht kennen, bitte ebenfalls fixen:
O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com

Ich gehe davon aus, dass du diese nicht gewollt sind, oder?

Es empfiehlt sich außerdem, dass du ein Anti-Viren-Programm einsetzt. www.free-av.de ist ein deutschsprachiger, kostenloser Scanner.
Es wäre auch ratsam den Browser zu wechseln: schnell, sicher und kostenlos: www.firefox-browser.de

willscarlett · 28.09.2004, 14:01

hallo, selbes problem, gottseidank nur beim icq benutzen... den IE benutz ich gar nicht mehr...
also, hier mal ein HJT.Log, ich kenne mich damit aber nicht aus...

Logfile of HijackThis v1.98.2
Scan saved at 15:05:40, on 28.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Cherry\KeyMan\KeyMan.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\MOZILLA FIREFOX 0.9\FIREFOX.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
D:\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pyuqse.t.muxa.cc/h.php?aid=20605 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.master-search.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.master-search.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pyuqse.t.muxa.cc/h.php?aid=20605 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.t-online.de/service/redir/tosw5_internet.htm
O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Acrobat\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CherryKeyMan] C:\Programme\Cherry\KeyMan\KeyMan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Tools\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: Microsoft® JavaScript® Console - {13627BD1-2F85-4C6C-AFB7-320C3F7AA355} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {13627BD1-2F85-4C6C-AFB7-320C3F7AA355} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: (no name) - {2AB020CF-DF45-469B-A43A-E7132348E4C4} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {3EB75A4B-087F-4243-8394-94AB716D7E16} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {4F34F6D9-8AF9-4FC4-8222-EE39AB16E0B8} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {4F34F6D9-8AF9-4FC4-8222-EE39AB16E0B8} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: (no name) - {7990F95A-AA20-4014-AB57-0EB23EDC30AB} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {964EF650-1F35-42A1-A305-B479FAE9E672} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {964EF650-1F35-42A1-A305-B479FAE9E672} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {B02D4FA0-BF37-480A-BFD1-BB4CA46A6824} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {B02D4FA0-BF37-480A-BFD1-BB4CA46A6824} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Tools\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Tools\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {E0CBF1D9-17D1-4726-B9AF-969D018A54A8} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {E0CBF1D9-17D1-4726-B9AF-969D018A54A8} - C:\WINDOWS\System32\COMDLG32.OCX
O9 - Extra button: (no name) - {4F34F6D9-8AF9-4FC4-8222-EE39AB16E0B8} - (no file) (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {964EF650-1F35-42A1-A305-B479FAE9E672} - (no file) (HKCU)
O9 - Extra button: (no name) - {B02D4FA0-BF37-480A-BFD1-BB4CA46A6824} - (no file) (HKCU)
O9 - Extra button: (no name) - {E0CBF1D9-17D1-4726-B9AF-969D018A54A8} - (no file) (HKCU)
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096307016253
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://64.158.165.147/060570/de/fullgames/fullgames.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{42490CE0-2990-4414-A5EB-356438E7F06E}: NameServer = 217.237.151.225 217.237.150.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{42490CE0-2990-4414-A5EB-356438E7F06E}: NameServer = 217.237.151.225 217.237.150.225

warte auf hiiiillllffeeeee

28.09.2004, 18:46

@willscarlett

Fixe mit HijackThis dies:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pyuqse.t.muxa.cc/h.php?aid=20605 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.master-search.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.master-search.com/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pyuqse.t.muxa.cc/h.php?aid=20605 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pyuqse.t.muxa.cc/s.php?aid=20605 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no
file)
O9 - Extra button: (no name) - {4F34F6D9-8AF9-4FC4-8222-EE39AB16E0B8} - (no file) (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {964EF650-1F35-42A1-A305-B479FAE9E672} - (no file) (HKCU)
O9 - Extra button: (no name) - {B02D4FA0-BF37-480A-BFD1-BB4CA46A6824} - (no file) (HKCU)
O9 - Extra button: (no name) - {E0CBF1D9-17D1-4726-B9AF-969D018A54A8} - (no file) (HKCU)
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1096307016253
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://64.158.165.147/060570/de/fullgames/fullgames.exe

Die fullgames.exe evtl. auf einer Diskette bezügl. Beweissicherung speichern. Es handelt sich um einen illegalen Dialer.

Was ist mit diesem:

O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com

Bewusst eingetragen? Ansonsten fixe dies auch.

23.07.2004, 15:46	#2
Christian Gast	Trojaner und kein Programm hilft!!! Hilfe! Hmm, würde mich echt interessieren, auf welchen Seiten ich das Teilchen downloaden kann. Bitte poste einmal dein HijackThis-Log. __________________

Trojaner und kein Programm hilft!!! Hilfe!

Plagegeister aller Art und deren Bekämpfung: Trojaner und kein Programm hilft!!! Hilfe!