|
res://C:\WINDOWS\SYSTEM\SHDOCLC.DLL/dnserror.htm#http://searchmiracle.com/ads/ad.php? Hallo, das nervige popup Fenster von searchmiracle.com erscheint nun auch immer wieder auf meinem Desktop ohne im Internet zu sein, wer kann hier bitte helfen? hier meine aktuelle Logfile: Logfile of HijackThis v1.99.0 Scan saved at 13:35:38, on 15.02.05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\ELITERRM32.EXE C:\WINDOWS\MSNMSGQ.EXE C:\PROGRAMME\HP\HPCORETECH\HPCMPMGR.EXE C:\PROGRAMME\HP SOFTWARE UPDATE\HPWUSCHD.EXE C:\WINDOWS\ANWENDUNGSDATEN\LOAC.EXE C:\WINDOWS\SYSTEM\DSADRY.EXE C:\PROGRAMME\DIGITAL IMAGING\BIN\HPQTRA08.EXE C:\PROGRAMME\BHODEMON 2\BHODEMON.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\WINOA386.MOD C:\EIGENE DATEIEN\HIJACKTHIS.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\WINOA386.MOD R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITERRM32.EXE O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAMME\HP\HPCORETECH\HPCMPMGR.EXE" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [mwavscan] "C:\WINDOWS\TEMP\MWAVSCAN.COM" /s O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKCU\..\Run: [Saha] C:\WINDOWS\Anwendungsdaten\loac.exe O4 - HKCU\..\Run: [Kvzendpj] C:\WINDOWS\SYSTEM\dsadry.exe O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Digital Imaging\bin\hpqtra08.exe O4 - Startup: BHODemon 2.0.lnk = C:\Programme\BHODemon 2\BHODemon.exe O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/ O15 - Trusted IP range: (HKLM) O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\PROGRAMME\HAUFE\HAUFEREADER\HRINSTMON.DLL O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAMME\HP\HPCORETECH\COMP\HPUIPROT.DLL Danke im voraus! Tommi |
Hallo, mach bitte einen escan im abgesicherten Modus und gehe dazu nach Anleitung vor: http://www.trojaner-board.de/42731-escan-anleitung.html Poste dann welche Viren gefunden werden! Gruss Edit:Bleib bitte bei einem Thread! |
Zitat:
hier die Virusliste von escan, was wäre zu entfernen? Danke! File C:\WINDOWS\SYSTEM\ELITERRM32.EXE infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken File C:\WINDOWS\msnmsgq.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: No Action Taken File C:\WINDOWS\msexploren.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: No Action Taken File C:\WINDOWS\Anwendungsdaten\loac.exe infected by "not-a-virus:AdWare.PurityScan.v" Virus. Action Taken: No Action Taken File C:\WINDOWS\internet.exe infected by "Trojan-Downloader.Win32.Small.or" Virus. Action Taken: No Action Taken File C:\WINDOWS\shch.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\_A.exe infected by "Trojan.Win32.Dialer.u" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\egdi32.exe infected by "Trojan-Downloader.Win32.Agent.bj" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\ltwin32.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\fpe.dll infected by "Trojan.Win32.StartPage.qv" Virus. Action Taken: No Action Taken File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\KGLPQCQ4\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\_A.exe infected by "Trojan.Win32.Dialer.u" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\egdi32.exe infected by "Trojan-Downloader.Win32.Agent.bj" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\ltwin32.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken File C:\WINDOWS\SYSTEM\fpe.dll infected by "Trojan.Win32.StartPage.qv" Virus. Action Taken: No Action Taken File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken File C:\WINDOWS\Temporary Internet Files\Content.IE5\KGLPQCQ4\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: No Action Taken File C:\WINDOWS\EliteToolBar\EliteToolBar.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken File C:\WINDOWS\internet.exe infected by "Trojan-Downloader.Win32.Small.or" Virus. Action Taken: No Action Taken File C:\WINDOWS\shch.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: No Action Taken File C:\Eigene Dateien\backups\backup-20050215-104416-326.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken File C:\soft.exe infected by "Trojan-Downloader.Win32.Agent.cs" Virus. Action Taken: No Action Taken File C:\updlog.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken |
Mit Format c: geht das am Besten :daumenhoc Du hast einen Backdoor drauf von daher bleibt dir auch nichts anderes übrig,dazu auch http://trojaner-board.de/showthread.php?t=12154 Gruss |
Danke, dann werd ich mal anfangen. Gruss |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 18:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board