Liebe Experten : Startseite res://C:\WINDOWS\whpom.dll/sp.html#37049 !!

#0
20.06.2004, 00:41
...neu hier

Beiträge: 2
#1 Hallo liebe Experten,

bekomme die blöde Startseite nicht mehr weg, weiterhin kommen immer Werbeeinblendungen. Habe mit Hijackthis und Cwshredder versucht aufzuräumen, aber der Schei... kommt immer wieder. Verdächtig erscheint mir
auch die ADDGQ.EXE , die ich in der MSCONFIG ausgeschaltet habe, die sich aber immer wieder aktiviert , beim hochfahren.
Weiterhin wurde irgendwas in office verändert ( neues EULA in word )

BITTE, BITTE HELFT MIR !!

Hier das Hijacklogfile :

Logfile of HijackThis v1.97.7
Scan saved at 00:19:27, on 20.06.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\AVK8\AVKSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CD_LOAD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ADDGQ.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\EIGENE DATEIEN\VIRENSCAN\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://whpom.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://whpom.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\whpom.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Mannesmann Arcor
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = file:///C:/Eigene%20Dateien/Lipodystrophie%20-%20ambulante%20Behandlung%20mit%20bipolarer%20Hochfrequenzstrom-Liposuktion%20(Liposuction%20-%20Fettabsaugung).htm
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\ANWENDUNGSDATEN\SYSHC\SYSHC32.DLL (file missing)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {042DD857-2571-DD87-35DB-88D316849E4D} - C:\WINDOWS\SYSTEM\CRFV.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMME\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\RunServices: [AvkServer] C:\PROGRA~1\AVK8\AvkServ.exe /systemstart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ADDGQ.EXE] C:\WINDOWS\SYSTEM\ADDGQ.EXE
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pif: C:\Programme\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.zdf.msnbc.de/tools/NewsBrowser/nm0713.cab
O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
Seitenanfang Seitenende
20.06.2004, 03:11
Member

Beiträge: 441
#2 Hallo Nicki,
lade dir SpHjfix.exe und
[url="http://www.mwti.net/antivirus/free_utilities.asp
"]hier[/url] die mwav.exe runter und entpacke diese, danach die kavupd.exe (Online-Update) ausführen.

Diese Einträge fixen:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://whpom.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\whpom.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://whpom.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\whpom.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = file:///C:/Eigene%20Dateien/Lipodystrophie%20-%20ambulante%20Behandlung%20mit%20bipolarer%20Hochfrequenzstrom-Liposuktion%20(Liposuction%20-%20Fettabsaugung).htm
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\ANWENDUNGSDATEN\SYSHC\SYSHC32.DLL (file missing)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {042DD857-2571-DD87-35DB-88D316849E4D} - C:\WINDOWS\SYSTEM\CRFV.DLL
O4 - HKLM\..\RunServices: [ADDGQ.EXE] C:\WINDOWS\SYSTEM\ADDGQ.EXE
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} -

Danach in den abgesicherten Modus wechseln und diese Dateien löschen:
C:\WINDOWS\SYSTEM\CRFV.DLL
C:\WINDOWS\whpom.dll
C:\WINDOWS\SYSTEM\ADDGQ.EXE

Temporäre Internet Files löschen. Mit SpHjfix.exe und mwav.exe dein System scannen. Neustart und neues Log-File posten.
Danach unbedingt dein System updaten.
http://v4.windowsupdate.microsoft.com/de/default.asp[/url]
__________
Das Wertvollste im Leben ist die Zeit. Leben heißt, mit der Zeit richtig umzugehen.
Neuaufsetzen des Systems/Absicherung! HJT Anleitung
Dieser Beitrag wurde am 20.06.2004 um 03:13 Uhr von Cidre editiert.
Seitenanfang Seitenende
20.06.2004, 11:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 http://www.mwti.net/antivirus/free_utilities.asp
mwav.exe

AdAware free
http://www.lavasoft.de/

deinstalliere den jetzigen Virenscanner und lade Antivir.
http://www.free-av.de/

Lade IE 6 und aktualisiere dann auf IE 6SP1
http://www.microsoft.com/windows/ie_intl/de/ie6sp1.mspx

Lade a2
http://www.emsisoft.de/de/software/free/

Dann poste das Log noch einmal.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 20.06.2004 um 11:57 Uhr von Sabina editiert.
Seitenanfang Seitenende
22.06.2004, 22:35
...neu hier

Themenstarter

Beiträge: 2
#4 Hallo Cidre, hallo Sabina,

habe mit den Tipps von CIDRE mein system wieder hingekriegt, anbei die Logfiles nochmal zur Kontrolle. Ich bin euch beiden unendlich dankbar. Könnt Ihr mir sagen, wie ich eine neuinfektion vermeide, was sind da die besten tools. Habe leider noch analogen Internetzugang. Nutze zwar F-prot, aktualisiere den auch regelmässig, jedoch helefen diese Scanner nur bedingt und immer erst Danach, nach Infektion. Was kann ich tun, damit das nicht mehr passiert ??

mwavlog :
Tue Jun 22 20:56:43 2004 => **********************************************************
Tue Jun 22 20:56:43 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 22 20:56:44 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 22 20:56:44 2004 => **********************************************************
Tue Jun 22 20:56:44 2004 => Version 4.2.4
Tue Jun 22 20:56:44 2004 => Log File: C:\WINDOWS\TEMP\mwav.log
Tue Jun 22 20:56:44 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.
Tue Jun 22 20:56:47 2004 => AV Library Loaded...
Tue Jun 22 20:56:47 2004 => Scanning File C:\WINDOWS\TEMP\kavss.exe
Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\Getvlist.exe
Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\kavss.dll
Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\kavssdi.dll
Tue Jun 22 20:56:48 2004 => Scanning File C:\WINDOWS\TEMP\kavssi.dll
Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\kavvlg.dll
Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\msvlclnt.dll
Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\ipc.dll
Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\main.avi
Tue Jun 22 20:56:49 2004 => Scanning File C:\WINDOWS\TEMP\virus.avi
Tue Jun 22 20:56:49 2004 => Virus Database Date: 2004/06/20
Tue Jun 22 20:56:49 2004 => Virus Database Count: 95240
Tue Jun 22 20:58:55 2004 => Generating Virus List... getvlist.exe C:\WINDOWS\TEMP\vlist.txt
Tue Jun 22 21:02:56 2004 => AV Library Unloaded (3)...
Tue Jun 22 21:03:09 2004 => **********************************************************
Tue Jun 22 21:03:09 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 22 21:03:09 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 22 21:03:09 2004 => **********************************************************
Tue Jun 22 21:03:09 2004 => Version 4.2.4
Tue Jun 22 21:03:09 2004 => Log File: C:\WINDOWS\TEMP\mwav.log
Tue Jun 22 21:03:09 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.
Tue Jun 22 21:03:13 2004 => AV Library Loaded...
Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\kavss.exe
Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\Getvlist.exe
Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\kavss.dll
Tue Jun 22 21:03:13 2004 => Scanning File C:\WINDOWS\TEMP\kavssdi.dll
Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\kavssi.dll
Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\kavvlg.dll
Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\msvlclnt.dll
Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\ipc.dll
Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\main.avi
Tue Jun 22 21:03:14 2004 => Scanning File C:\WINDOWS\TEMP\virus.avi
Tue Jun 22 21:03:14 2004 => Virus Database Date: 2004/06/20
Tue Jun 22 21:03:14 2004 => Virus Database Count: 95240
Tue Jun 22 21:03:20 2004 => AV Library Unloaded (3)...
Tue Jun 22 22:09:18 2004 => **********************************************************
Tue Jun 22 22:09:18 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 22 22:09:18 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 22 22:09:18 2004 => **********************************************************
Tue Jun 22 22:09:18 2004 => Version 4.2.4
Tue Jun 22 22:09:18 2004 => Log File: C:\WINDOWS\TEMP\mwav.log
Tue Jun 22 22:09:18 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.
Tue Jun 22 22:09:20 2004 => AV Library Loaded...
Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\kavss.exe
Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\Getvlist.exe
Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\kavss.dll
Tue Jun 22 22:09:20 2004 => Scanning File C:\WINDOWS\TEMP\kavssdi.dll
Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\kavssi.dll
Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\kavvlg.dll
Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\msvlclnt.dll
Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\ipc.dll
Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\main.avi
Tue Jun 22 22:09:21 2004 => Scanning File C:\WINDOWS\TEMP\virus.avi
Tue Jun 22 22:09:21 2004 => Virus Database Date: 2004/06/20
Tue Jun 22 22:09:21 2004 => Virus Database Count: 95240

Tue Jun 22 22:09:49 2004 => **********************************************************
Tue Jun 22 22:09:49 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 22 22:09:49 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 22 22:09:49 2004 =>
Tue Jun 22 22:09:49 2004 => Support: support@mwti.net
Tue Jun 22 22:09:49 2004 => Web: http://www.mwti.net
Tue Jun 22 22:09:49 2004 => **********************************************************
Tue Jun 22 22:09:49 2004 => Version 4.2.4
Tue Jun 22 22:09:49 2004 => Log File: C:\WINDOWS\TEMP\mwav.log
Tue Jun 22 22:09:49 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.

Tue Jun 22 22:09:49 2004 => Options Selected by User:
Tue Jun 22 22:09:49 2004 => Memory Check: Enabled
Tue Jun 22 22:09:49 2004 => Registry Check: Enabled
Tue Jun 22 22:09:49 2004 => StartUp Folder Check: Enabled
Tue Jun 22 22:09:49 2004 => System Folder Check: Disabled
Tue Jun 22 22:09:49 2004 => System Area Check: Disabled
Tue Jun 22 22:09:49 2004 => Services Check: Enabled
Tue Jun 22 22:09:49 2004 => Drive Check Option Disabled
Tue Jun 22 22:09:49 2004 => Scanning Type: Scan And Clean
Tue Jun 22 22:09:49 2004 => Folder Check: Disabled

Tue Jun 22 22:09:49 2004 => ***** Scanning Memory Files *****
Tue Jun 22 22:09:49 2004 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL
Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\MPREXE.EXE
Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\mmtask.tsk
Tue Jun 22 22:09:50 2004 => Scanning File C:\PROGRAMME\AVK8\AVKSERV.EXE
Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\MSTASK.EXE
Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\EXPLORER.EXE
Tue Jun 22 22:09:50 2004 => Scanning File C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Tue Jun 22 22:09:51 2004 => Scanning File C:\PROGRAMME\WINAMP\WINAMPA.EXE
Tue Jun 22 22:09:51 2004 => Scanning File C:\WINDOWS\SYSTEM\PRINTRAY.EXE
Tue Jun 22 22:09:51 2004 => Scanning File C:\PROGRA~1\MICROS~2\SYSTEM\REMINDER.EXE
Tue Jun 22 22:09:51 2004 => Scanning File C:\WINDOWS\SYSTEM\SPOOL32.EXE
Tue Jun 22 22:09:52 2004 => Scanning File C:\WINDOWS\RunDLL.exe
Tue Jun 22 22:09:52 2004 => Scanning File C:\WINDOWS\SYSTEM\WMIEXE.EXE
Tue Jun 22 22:09:52 2004 => Scanning File C:\WINDOWS\TEMP\MWAVSCAN.COM
Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\TEMP\KAVSS.EXE

Tue Jun 22 22:09:53 2004 => ***** Scanning Registry Files *****
Tue Jun 22 22:09:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 22 22:09:53 2004 => Scanning File c:\ati\gart\atigart.exe
Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\SYSTEM\SysTray.Exe
Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\RUNDLL32.EXE
Tue Jun 22 22:09:53 2004 => ERROR!!! Invalid Entry AtiCwd32 = Aticwd32.exe. Removing it.
Tue Jun 22 22:09:53 2004 => Scanning File C:\PROGRAMME\WINAMP\WINAMPa.exe
Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\Rundll32.exe
Tue Jun 22 22:09:53 2004 => Scanning File C:\WINDOWS\SYSTEM\PrinTray.exe
Tue Jun 22 22:09:54 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jun 22 22:09:54 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jun 22 22:09:54 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jun 22 22:09:54 2004 => Scanning File C:\PROGRA~1\AVK8\AvkServ.exe
Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\Rundll32.exe
Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\SYSTEM\mstask.exe
Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 22 22:09:54 2004 => Scanning File C:\PROGRA~1\MICROS~2\SYSTEM\REMINDER.EXE
Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\RunDLL.exe
Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jun 22 22:09:54 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jun 22 22:09:54 2004 => Scanning HKCR\txtfile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Tue Jun 22 22:09:54 2004 => Scanning HKCR\comfile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\exefile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\dllfile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\batfile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\piffile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\scrfile\shell\open\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\scrfile\shell\config\command
Tue Jun 22 22:09:54 2004 => Scanning HKCR\regfile\shell\open\command

Tue Jun 22 22:09:54 2004 => ***** Scanning INI Files *****
Tue Jun 22 22:09:54 2004 => looking for Run
Tue Jun 22 22:09:54 2004 => looking for Load
Tue Jun 22 22:09:54 2004 => looking for system.ini shell entry
Tue Jun 22 22:09:54 2004 => Scanning File C:\WINDOWS\Explorer.exe

Tue Jun 22 22:09:55 2004 => ***** Scanning StartUp Folders *****

Tue Jun 22 22:09:55 2004 => ***** Scanning C:\WINDOWS\Startmenü\Programme\Autostart Folder *****
Tue Jun 22 22:09:55 2004 => Scanning Folder: C:\WINDOWS\Startmenü\Programme\Autostart\*.*
Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk

Tue Jun 22 22:09:55 2004 => ***** Scanning C:\WINDOWS\All Users\Startmenü\Programme\Autostart Folder *****
Tue Jun 22 22:09:55 2004 => Scanning Folder: C:\WINDOWS\All Users\Startmenü\Programme\Autostart\*.*

Tue Jun 22 22:09:55 2004 => ***** Scanning Service Files *****
Tue Jun 22 22:09:55 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\System32\Drivers\wdmfs.sys
Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\SYSTEM\PSTORES.EXE

Tue Jun 22 22:09:55 2004 => ***** Scanning Important System Files *****
Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\WINSOCK.DLL
Tue Jun 22 22:09:55 2004 => Scanning File C:\WINDOWS\wscript.exe
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSOCK.VXD
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSOCK2.VXD
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WS2THK.DLL
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSCTHUNK.DLL
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSASRV.EXE
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSOCK32.DLL
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\WSHTCP.VXD
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\wshom.ocx
Tue Jun 22 22:09:56 2004 => Scanning File C:\WINDOWS\SYSTEM\wshext.dll
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\WS2_32.DLL
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\WS2HELP.DLL
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\wstdecod.dll
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\EXPLORER.SCF
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\EXPLORER.EXE
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\KERNEL32.DLL
Tue Jun 22 22:09:57 2004 => Scanning File C:\WINDOWS\SYSTEM\NTDLL.DLL
Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\SYSTEM\ADVAPI32.DLL
Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\SYSTEM\USER32.DLL
Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\SYSTEM\GDI32.DLL
Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\COMMAND.COM
Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\COMMAND.PIF
Tue Jun 22 22:09:58 2004 => Scanning File C:\WINDOWS\TASKMON.EXE

Tue Jun 22 22:09:58 2004 => ***** Checking for specific ITW Viruses *****
Tue Jun 22 22:09:58 2004 => Checking for Welchia Virus...
Tue Jun 22 22:09:58 2004 => Checking for LovGate Virus...
Tue Jun 22 22:09:58 2004 => Checking for CodeRed Virus...
Tue Jun 22 22:09:58 2004 => Checking for OpaServ Virus...
Tue Jun 22 22:09:59 2004 => Checking for Sobig.e Virus...
Tue Jun 22 22:09:59 2004 => Checking for Winupie Virus...
Tue Jun 22 22:09:59 2004 => Checking for Swen Virus...
Tue Jun 22 22:09:59 2004 => Checking for JS.Fortnight Virus...
Tue Jun 22 22:09:59 2004 => Checking for Novarg Virus...

Tue Jun 22 22:09:59 2004 => ***** Scanning complete. *****

Tue Jun 22 22:09:59 2004 => Total Number of Files Scanned: 57
Tue Jun 22 22:09:59 2004 => Total Number of Virus(es) Found: 0
Tue Jun 22 22:09:59 2004 => Total Number of Disinfected Files: 0
Tue Jun 22 22:09:59 2004 => Total Number of Files Renamed: 0
Tue Jun 22 22:09:59 2004 => Total Number of Deleted Files: 0
Tue Jun 22 22:09:59 2004 => Total Number of Errors: 1
Tue Jun 22 22:09:59 2004 => Time Elapsed: 00:00:09
Tue Jun 22 22:09:59 2004 => Virus Database Date: 2004/06/20
Tue Jun 22 22:09:59 2004 => Virus Database Count: 95240

Tue Jun 22 22:09:59 2004 => Scan Completed.

Tue Jun 22 22:11:46 2004 => Virus Database Date: 2004/06/20
Tue Jun 22 22:11:46 2004 => Virus Database Count: 95240
Tue Jun 22 22:11:55 2004 => AV Library Unloaded (3)...


Hijack log :
Logfile of HijackThis v1.97.7
Scan saved at 22:27:54, on 22.06.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\AVK8\AVKSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\0190 ALARM\0190ALARM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\EIGENE DATEIEN\VIRENSCAN\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Mannesmann Arcor
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMME\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\RunServices: [AvkServer] C:\PROGRA~1\AVK8\AvkServ.exe /systemstart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .pif: C:\Programme\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.zdf.msnbc.de/tools/NewsBrowser/nm0713.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
Seitenanfang Seitenende
23.06.2004, 09:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 @nicki
1, Lade IE 6 und dann die Aktualisation IE 6 SP1
http://www.microsoft.com/windows/ie_intl/de/ie6sp1.mspx
2.Lade dann den Firefox als AlternativBrowser...ist hijackerfrei
http://www.firebird-browser.de/
3, Deinstalliere den jetzigen Virenscanner und installiere Antivr...hat einen Guard im Autostart 04
http://www.free-av.de/
4. Lade eine Firewall...Sygate free...ganz untern auf der Site
http://www.sygate.de/
5. Lade a2
http://www.emsisoft.de/de/software/free/
6. AdAware free
http://www.lavasoft.de/

7. die mwav.exe musst du nach 30 Tagen deinstallieren

8. Mache alle Update von Win98

MfG
Sabina
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 23.06.2004 um 09:49 Uhr von Sabina editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: