Naupoint Problem

RaiPri · 17.11.2004, 14:07

Brauche Eure Hilfe,
habe mir vor Tagen die Naupoint Toolbar eingefangen und bekomme sie nicht mehr von meinem System entfernt.
Was kann ich tun?
Rainer

Logfile of HijackThis v1.98.2
Scan saved at 13:02:58, on 17.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WinFax\WFXCTL32.EXE
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\FRITZ!\FriFon32.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=...hl=de&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://hp.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://hp.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hp.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://hp.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://hp.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://hp.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [delicon] C:\Windows\delicon.bat
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [CfgDownload] C:\Programme\IXOS\IXOS-eCONtext\bin\CfgDownload.exe
O4 - HKLM\..\Run: [JREUserConfig] C:\Programme\JavaSoft\jreconf.EXE
O4 - HKLM\..\Run: [UKonfMP] C:\Programme\Windows Media Player\usersett.exe
O4 - HKLM\..\Run: [uregkeys] C:\Windows\uregkeys.bat
O4 - HKLM\..\Run: [NaimAgent_UI] C:\Programme\ePO-Agent\naimag32.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunOnce: [1C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\pft1~tmp\] C:\WINDOWS\System32\CMD /C RMDIR /s /q C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pft1~tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Controller.LNK = C:\Programme\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken 2004 Zahlungserinnerung.lnk = C:\Programme\Quicken2004\billmind.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098969802375
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.power-url.de/StarInstall.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB78E1BC-509E-4D91-8E31-C1D37036913E}: NameServer = 217.237.150.141 217.237.150.97
O21 - SSODL: eplrr9 - {A1D132E2-0641-4D28-B933-34514718D54C} - C:\WINDOWS\System32\eplrr9.dll

17.11.2004, 17:43

Scanne mal hiermit im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html

Wo wird was gefunden?

Danach poste ein neues HijackThis-Log.

17.11.2004, 17:43	#2
Christian Gast	Naupoint Problem Scanne mal hiermit im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html Wo wird was gefunden? Danach poste ein neues HijackThis-Log. __________________

Naupoint Problem

Log-Analyse und Auswertung: Naupoint Problem

Naupoint Problem

Naupoint Problem

Ähnliche Themen: Naupoint Problem