Liebe Experten : Startseite res://C:\WINDOWS\whpom.dll/sp.html#37049 !! |
||
---|---|---|
#0
| ||
20.06.2004, 00:41
...neu hier
Beiträge: 2 |
||
|
||
20.06.2004, 03:11
Member
Beiträge: 441 |
#2
Hallo Nicki,
lade dir SpHjfix.exe und [url="http://www.mwti.net/antivirus/free_utilities.asp "]hier[/url] die mwav.exe runter und entpacke diese, danach die kavupd.exe (Online-Update) ausführen. Diese Einträge fixen: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://whpom.dll/index.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://whpom.dll/index.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\whpom.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = file:///C:/Eigene%20Dateien/Lipodystrophie%20-%20ambulante%20Behandlung%20mit%20bipolarer%20Hochfrequenzstrom-Liposuktion%20(Liposuction%20-%20Fettabsaugung).htm F1 - win.ini: load=ptsnoop.exe O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\ANWENDUNGSDATEN\SYSHC\SYSHC32.DLL (file missing) O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing) O2 - BHO: (no name) - {042DD857-2571-DD87-35DB-88D316849E4D} - C:\WINDOWS\SYSTEM\CRFV.DLL O4 - HKLM\..\RunServices: [ADDGQ.EXE] C:\WINDOWS\SYSTEM\ADDGQ.EXE O4 - HKCU\..\Run: [Cydoor] CD_Load.exe O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} - Danach in den abgesicherten Modus wechseln und diese Dateien löschen: C:\WINDOWS\SYSTEM\CRFV.DLL C:\WINDOWS\whpom.dll C:\WINDOWS\SYSTEM\ADDGQ.EXE Temporäre Internet Files löschen. Mit SpHjfix.exe und mwav.exe dein System scannen. Neustart und neues Log-File posten. Danach unbedingt dein System updaten. http://v4.windowsupdate.microsoft.com/de/default.asp[/url] __________ Das Wertvollste im Leben ist die Zeit. Leben heißt, mit der Zeit richtig umzugehen. Neuaufsetzen des Systems/Absicherung! HJT Anleitung Dieser Beitrag wurde am 20.06.2004 um 03:13 Uhr von Cidre editiert.
|
|
|
||
20.06.2004, 11:50
Ehrenmitglied
Beiträge: 29434 |
#3
http://www.mwti.net/antivirus/free_utilities.asp
mwav.exe AdAware free http://www.lavasoft.de/ deinstalliere den jetzigen Virenscanner und lade Antivir. http://www.free-av.de/ Lade IE 6 und aktualisiere dann auf IE 6SP1 http://www.microsoft.com/windows/ie_intl/de/ie6sp1.mspx Lade a2 http://www.emsisoft.de/de/software/free/ Dann poste das Log noch einmal. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 20.06.2004 um 11:57 Uhr von Sabina editiert.
|
|
|
||
22.06.2004, 22:35
...neu hier
Themenstarter Beiträge: 2 |
#4
Hallo Cidre, hallo Sabina,
habe mit den Tipps von CIDRE mein system wieder hingekriegt, anbei die Logfiles nochmal zur Kontrolle. Ich bin euch beiden unendlich dankbar. Könnt Ihr mir sagen, wie ich eine neuinfektion vermeide, was sind da die besten tools. Habe leider noch analogen Internetzugang. Nutze zwar F-prot, aktualisiere den auch regelmässig, jedoch helefen diese Scanner nur bedingt und immer erst Danach, nach Infektion. Was kann ich tun, damit das nicht mehr passiert ?? mwavlog : Tue Jun 22 20:56:43 2004 => ********************************************************** Tue Jun 22 20:56:43 2004 => eScan AntiVirus Toolkit Utility. Tue Jun 22 20:56:44 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Tue Jun 22 20:56:44 2004 => ********************************************************** Tue Jun 22 20:56:44 2004 => Version 4.2.4 Tue Jun 22 20:56:44 2004 => Log File: C:\WINDOWS\TEMP\mwav.log Tue Jun 22 20:56:44 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Tue Jun 22 20:56:47 2004 => AV Library Loaded... Tue Jun 22 20:56:47 2004 => Scanning File C:\WINDOWS\TEMP\kavss.exe Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\Getvlist.exe Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\kavss.dll Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\kavssdi.dll Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\kavssi.dll Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\kavvlg.dll Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\msvlclnt.dll Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\ipc.dll Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\main.avi Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\virus.avi Tue Jun 22 20:56:49 2004 => Virus Database Date: 2004/06/20 Tue Jun 22 20:56:49 2004 => Virus Database Count: 95240 Tue Jun 22 20:58:55 2004 => Generating Virus List... getvlist.exe C:\WINDOWS\TEMP\vlist.txt Tue Jun 22 21:02:56 2004 => AV Library Unloaded (3)... Tue Jun 22 21:03:09 2004 => ********************************************************** Tue Jun 22 21:03:09 2004 => eScan AntiVirus Toolkit Utility. Tue Jun 22 21:03:09 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Tue Jun 22 21:03:09 2004 => ********************************************************** Tue Jun 22 21:03:09 2004 => Version 4.2.4 Tue Jun 22 21:03:09 2004 => Log File: C:\WINDOWS\TEMP\mwav.log Tue Jun 22 21:03:09 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Tue Jun 22 21:03:13 2004 => AV Library Loaded... Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\kavss.exe Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\Getvlist.exe Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\kavss.dll Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\kavssdi.dll Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\kavssi.dll Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\kavvlg.dll Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\msvlclnt.dll Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\ipc.dll Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\main.avi Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\virus.avi Tue Jun 22 21:03:14 2004 => Virus Database Date: 2004/06/20 Tue Jun 22 21:03:14 2004 => Virus Database Count: 95240 Tue Jun 22 21:03:20 2004 => AV Library Unloaded (3)... Tue Jun 22 22:09:18 2004 => ********************************************************** Tue Jun 22 22:09:18 2004 => eScan AntiVirus Toolkit Utility. Tue Jun 22 22:09:18 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Tue Jun 22 22:09:18 2004 => ********************************************************** Tue Jun 22 22:09:18 2004 => Version 4.2.4 Tue Jun 22 22:09:18 2004 => Log File: C:\WINDOWS\TEMP\mwav.log Tue Jun 22 22:09:18 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Tue Jun 22 22:09:20 2004 => AV Library Loaded... Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\kavss.exe Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\Getvlist.exe Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\kavss.dll Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\kavssdi.dll Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\kavssi.dll Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\kavvlg.dll Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\msvlclnt.dll Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\ipc.dll Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\main.avi Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\virus.avi Tue Jun 22 22:09:21 2004 => Virus Database Date: 2004/06/20 Tue Jun 22 22:09:21 2004 => Virus Database Count: 95240 Tue Jun 22 22:09:49 2004 => ********************************************************** Tue Jun 22 22:09:49 2004 => eScan AntiVirus Toolkit Utility. Tue Jun 22 22:09:49 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Tue Jun 22 22:09:49 2004 => Tue Jun 22 22:09:49 2004 => Support: support@mwti.net Tue Jun 22 22:09:49 2004 => Web: http://www.mwti.net Tue Jun 22 22:09:49 2004 => ********************************************************** Tue Jun 22 22:09:49 2004 => Version 4.2.4 Tue Jun 22 22:09:49 2004 => Log File: C:\WINDOWS\TEMP\mwav.log Tue Jun 22 22:09:49 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Tue Jun 22 22:09:49 2004 => Options Selected by User: Tue Jun 22 22:09:49 2004 => Memory Check: Enabled Tue Jun 22 22:09:49 2004 => Registry Check: Enabled Tue Jun 22 22:09:49 2004 => StartUp Folder Check: Enabled Tue Jun 22 22:09:49 2004 => System Folder Check: Disabled Tue Jun 22 22:09:49 2004 => System Area Check: Disabled Tue Jun 22 22:09:49 2004 => Services Check: Enabled Tue Jun 22 22:09:49 2004 => Drive Check Option Disabled Tue Jun 22 22:09:49 2004 => Scanning Type: Scan And Clean Tue Jun 22 22:09:49 2004 => Folder Check: Disabled Tue Jun 22 22:09:49 2004 => ***** Scanning Memory Files ***** Tue Jun 22 22:09:49 2004 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\MSGSRV32.EXE Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\MPREXE.EXE Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\mmtask.tsk Tue Jun 22 22:09:50 2004 => Scanning File C:\PROGRAMME\AVK8\AVKSERV.EXE Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\MSTASK.EXE Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\EXPLORER.EXE Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\SYSTRAY.EXE Tue Jun 22 22:09:51 2004 => Scanning File C:\PROGRAMME\WINAMP\WINAMPA.EXE Tue Jun 22 22:09:51 2004 => Scanning File C:\WINDOWS\SYSTEM\PRINTRAY.EXE Tue Jun 22 22:09:51 2004 => Scanning File C:\PROGRA~1\MICROS~2\SYSTEM\REMINDER.EXE Tue Jun 22 22:09:51 2004 => Scanning File C:\WINDOWS\SYSTEM\SPOOL32.EXE Tue Jun 22 22:09:52 2004 => Scanning File C:\WINDOWS\RunDLL.exe Tue Jun 22 22:09:52 2004 => Scanning File C:\WINDOWS\SYSTEM\WMIEXE.EXE Tue Jun 22 22:09:52 2004 => Scanning File C:\WINDOWS\TEMP\MWAVSCAN.COM Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\TEMP\KAVSS.EXE Tue Jun 22 22:09:53 2004 => ***** Scanning Registry Files ***** Tue Jun 22 22:09:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Tue Jun 22 22:09:53 2004 => Scanning File c:\ati\gart\atigart.exe Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\SYSTEM\SysTray.Exe Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\RUNDLL32.EXE Tue Jun 22 22:09:53 2004 => ERROR!!! Invalid Entry AtiCwd32 = Aticwd32.exe. Removing it. Tue Jun 22 22:09:53 2004 => Scanning File C:\PROGRAMME\WINAMP\WINAMPa.exe Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\Rundll32.exe Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\SYSTEM\PrinTray.exe Tue Jun 22 22:09:54 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Tue Jun 22 22:09:54 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Tue Jun 22 22:09:54 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Tue Jun 22 22:09:54 2004 => Scanning File C:\PROGRA~1\AVK8\AvkServ.exe Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\Rundll32.exe Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\SYSTEM\mstask.exe Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Tue Jun 22 22:09:54 2004 => Scanning File C:\PROGRA~1\MICROS~2\SYSTEM\REMINDER.EXE Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\RunDLL.exe Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Tue Jun 22 22:09:54 2004 => Scanning HKCR\txtfile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE Tue Jun 22 22:09:54 2004 => Scanning HKCR\comfile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\exefile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\dllfile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\batfile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\piffile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\scrfile\shell\open\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\scrfile\shell\config\command Tue Jun 22 22:09:54 2004 => Scanning HKCR\regfile\shell\open\command Tue Jun 22 22:09:54 2004 => ***** Scanning INI Files ***** Tue Jun 22 22:09:54 2004 => looking for Run Tue Jun 22 22:09:54 2004 => looking for Load Tue Jun 22 22:09:54 2004 => looking for system.ini shell entry Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\Explorer.exe Tue Jun 22 22:09:55 2004 => ***** Scanning StartUp Folders ***** Tue Jun 22 22:09:55 2004 => ***** Scanning C:\WINDOWS\Startmenü\Programme\Autostart Folder ***** Tue Jun 22 22:09:55 2004 => Scanning Folder: C:\WINDOWS\Startmenü\Programme\Autostart\*.* Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk Tue Jun 22 22:09:55 2004 => ***** Scanning C:\WINDOWS\All Users\Startmenü\Programme\Autostart Folder ***** Tue Jun 22 22:09:55 2004 => Scanning Folder: C:\WINDOWS\All Users\Startmenü\Programme\Autostart\*.* Tue Jun 22 22:09:55 2004 => ***** Scanning Service Files ***** Tue Jun 22 22:09:55 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\System32\Drivers\wdmfs.sys Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\SYSTEM\PSTORES.EXE Tue Jun 22 22:09:55 2004 => ***** Scanning Important System Files ***** Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\WINSOCK.DLL Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\wscript.exe Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSOCK.VXD Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSOCK2.VXD Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WS2THK.DLL Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSCTHUNK.DLL Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSASRV.EXE Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSOCK32.DLL Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSHTCP.VXD Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\wshom.ocx Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\wshext.dll Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\WS2_32.DLL Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\WS2HELP.DLL Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\wstdecod.dll Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\EXPLORER.SCF Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\EXPLORER.EXE Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\NTDLL.DLL Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\SYSTEM\ADVAPI32.DLL Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\SYSTEM\USER32.DLL Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\SYSTEM\GDI32.DLL Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\COMMAND.COM Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\COMMAND.PIF Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\TASKMON.EXE Tue Jun 22 22:09:58 2004 => ***** Checking for specific ITW Viruses ***** Tue Jun 22 22:09:58 2004 => Checking for Welchia Virus... Tue Jun 22 22:09:58 2004 => Checking for LovGate Virus... Tue Jun 22 22:09:58 2004 => Checking for CodeRed Virus... Tue Jun 22 22:09:58 2004 => Checking for OpaServ Virus... Tue Jun 22 22:09:59 2004 => Checking for Sobig.e Virus... Tue Jun 22 22:09:59 2004 => Checking for Winupie Virus... Tue Jun 22 22:09:59 2004 => Checking for Swen Virus... Tue Jun 22 22:09:59 2004 => Checking for JS.Fortnight Virus... Tue Jun 22 22:09:59 2004 => Checking for Novarg Virus... Tue Jun 22 22:09:59 2004 => ***** Scanning complete. ***** Tue Jun 22 22:09:59 2004 => Total Number of Files Scanned: 57 Tue Jun 22 22:09:59 2004 => Total Number of Virus(es) Found: 0 Tue Jun 22 22:09:59 2004 => Total Number of Disinfected Files: 0 Tue Jun 22 22:09:59 2004 => Total Number of Files Renamed: 0 Tue Jun 22 22:09:59 2004 => Total Number of Deleted Files: 0 Tue Jun 22 22:09:59 2004 => Total Number of Errors: 1 Tue Jun 22 22:09:59 2004 => Time Elapsed: 00:00:09 Tue Jun 22 22:09:59 2004 => Virus Database Date: 2004/06/20 Tue Jun 22 22:09:59 2004 => Virus Database Count: 95240 Tue Jun 22 22:09:59 2004 => Scan Completed. Tue Jun 22 22:11:46 2004 => Virus Database Date: 2004/06/20 Tue Jun 22 22:11:46 2004 => Virus Database Count: 95240 Tue Jun 22 22:11:55 2004 => AV Library Unloaded (3)... Hijack log : Logfile of HijackThis v1.97.7 Scan saved at 22:27:54, on 22.06.04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAMME\AVK8\AVKSERV.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAMME\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\PRINTRAY.EXE C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMME\0190 ALARM\0190ALARM.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\NOTEPAD.EXE C:\EIGENE DATEIEN\VIRENSCAN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Mannesmann Arcor O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMME\WINAMP\WINAMPa.exe" O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\RunServices: [AvkServer] C:\PROGRA~1\AVK8\AvkServ.exe /systemstart O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O12 - Plugin for .pif: C:\Programme\Netscape\Communicator\Program\PLUGINS\npaudio.dll O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.zdf.msnbc.de/tools/NewsBrowser/nm0713.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB |
|
|
||
23.06.2004, 09:49
Ehrenmitglied
Beiträge: 29434 |
#5
@nicki
1, Lade IE 6 und dann die Aktualisation IE 6 SP1 http://www.microsoft.com/windows/ie_intl/de/ie6sp1.mspx 2.Lade dann den Firefox als AlternativBrowser...ist hijackerfrei http://www.firebird-browser.de/ 3, Deinstalliere den jetzigen Virenscanner und installiere Antivr...hat einen Guard im Autostart 04 http://www.free-av.de/ 4. Lade eine Firewall...Sygate free...ganz untern auf der Site http://www.sygate.de/ 5. Lade a2 http://www.emsisoft.de/de/software/free/ 6. AdAware free http://www.lavasoft.de/ 7. die mwav.exe musst du nach 30 Tagen deinstallieren 8. Mache alle Update von Win98 MfG Sabina Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 23.06.2004 um 09:49 Uhr von Sabina editiert.
|
|
|
||
bekomme die blöde Startseite nicht mehr weg, weiterhin kommen immer Werbeeinblendungen. Habe mit Hijackthis und Cwshredder versucht aufzuräumen, aber der Schei... kommt immer wieder. Verdächtig erscheint mir
auch die ADDGQ.EXE , die ich in der MSCONFIG ausgeschaltet habe, die sich aber immer wieder aktiviert , beim hochfahren.
Weiterhin wurde irgendwas in office verändert ( neues EULA in word )
BITTE, BITTE HELFT MIR !!
Hier das Hijacklogfile :
Logfile of HijackThis v1.97.7
Scan saved at 00:19:27, on 20.06.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\AVK8\AVKSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CD_LOAD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ADDGQ.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\EIGENE DATEIEN\VIRENSCAN\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://whpom.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://whpom.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\whpom.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Mannesmann Arcor
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = file:///C:/Eigene%20Dateien/Lipodystrophie%20-%20ambulante%20Behandlung%20mit%20bipolarer%20Hochfrequenzstrom-Liposuktion%20(Liposuction%20-%20Fettabsaugung).htm
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\ANWENDUNGSDATEN\SYSHC\SYSHC32.DLL (file missing)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {042DD857-2571-DD87-35DB-88D316849E4D} - C:\WINDOWS\SYSTEM\CRFV.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMME\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\RunServices: [AvkServer] C:\PROGRA~1\AVK8\AvkServ.exe /systemstart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ADDGQ.EXE] C:\WINDOWS\SYSTEM\ADDGQ.EXE
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pif: C:\Programme\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.zdf.msnbc.de/tools/NewsBrowser/nm0713.cab
O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB