Trojaner-Board - res://C:\WINDOWS\SYSTEM\SHDOCLC.DLL/dnserror.htm#http://searchmiracle.com/ads/ad.php?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - res://C:\WINDOWS\SYSTEM\SHDOCLC.DLL/dnserror.htm#http://searchmiracle.com/ads/ad.php? (https://www.trojaner-board.de/13849-res-c-windows-system-shdoclc-dll-dnserror-htm-http-searchmiracle-com-ads-ad-php.html)

res://C:\WINDOWS\SYSTEM\SHDOCLC.DLL/dnserror.htm#http://searchmiracle.com/ads/ad.php?

Hallo,

das nervige popup Fenster von searchmiracle.com erscheint nun auch immer wieder auf meinem Desktop ohne im Internet zu sein, wer kann hier bitte helfen? hier meine aktuelle Logfile:

Logfile of HijackThis v1.99.0
Scan saved at 13:35:38, on 15.02.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ELITERRM32.EXE
C:\WINDOWS\MSNMSGQ.EXE
C:\PROGRAMME\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAMME\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\ANWENDUNGSDATEN\LOAC.EXE
C:\WINDOWS\SYSTEM\DSADRY.EXE
C:\PROGRAMME\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAMME\BHODEMON 2\BHODEMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\EIGENE DATEIEN\HIJACKTHIS.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITERRM32.EXE
O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAMME\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\WINDOWS\TEMP\MWAVSCAN.COM" /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Saha] C:\WINDOWS\Anwendungsdaten\loac.exe
O4 - HKCU\..\Run: [Kvzendpj] C:\WINDOWS\SYSTEM\dsadry.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Programme\BHODemon 2\BHODemon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O15 - Trusted IP range: (HKLM)
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\PROGRAMME\HAUFE\HAUFEREADER\HRINSTMON.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAMME\HP\HPCORETECH\COMP\HPUIPROT.DLL

Danke im voraus!

Tommi

Hallo,

mach bitte einen escan im abgesicherten Modus und gehe dazu nach Anleitung vor: http://www.trojaner-board.de/42731-escan-anleitung.html

Poste dann welche Viren gefunden werden!

Gruss

Edit:Bleib bitte bei einem Thread!

Zitat:

Zitat von HerrKautz

Hallo,

hier die Virusliste von escan, was wäre zu entfernen? Danke!

File C:\WINDOWS\SYSTEM\ELITERRM32.EXE infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken
File C:\WINDOWS\msnmsgq.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: No Action Taken
File C:\WINDOWS\msexploren.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: No Action Taken
File C:\WINDOWS\Anwendungsdaten\loac.exe infected by "not-a-virus:AdWare.PurityScan.v" Virus. Action Taken: No Action Taken
File C:\WINDOWS\internet.exe infected by "Trojan-Downloader.Win32.Small.or" Virus. Action Taken: No Action Taken
File C:\WINDOWS\shch.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\_A.exe infected by "Trojan.Win32.Dialer.u" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\egdi32.exe infected by "Trojan-Downloader.Win32.Agent.bj" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\ltwin32.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\fpe.dll infected by "Trojan.Win32.StartPage.qv" Virus. Action Taken: No Action Taken
File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\KGLPQCQ4\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\_A.exe infected by "Trojan.Win32.Dialer.u" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\egdi32.exe infected by "Trojan-Downloader.Win32.Agent.bj" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\ltwin32.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken
File C:\WINDOWS\SYSTEM\fpe.dll infected by "Trojan.Win32.StartPage.qv" Virus. Action Taken: No Action Taken
File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken
File C:\WINDOWS\Temporary Internet Files\Content.IE5\KGLPQCQ4\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: No Action Taken
File C:\WINDOWS\EliteToolBar\EliteToolBar.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken
File C:\WINDOWS\internet.exe infected by "Trojan-Downloader.Win32.Small.or" Virus. Action Taken: No Action Taken
File C:\WINDOWS\shch.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: No Action Taken
File C:\Eigene Dateien\backups\backup-20050215-104416-326.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken
File C:\soft.exe infected by "Trojan-Downloader.Win32.Agent.cs" Virus. Action Taken: No Action Taken
File C:\updlog.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken

Mit Format c: geht das am Besten :daumenhoc

Du hast einen Backdoor drauf von daher bleibt dir auch nichts anderes übrig,dazu auch http://trojaner-board.de/showthread.php?t=12154

Gruss

Danke,

dann werd ich mal anfangen.

Gruss