hallo! ich wurde auch von diesem problem befallen bitte helft mir!!!!
hier mein hijackfile:
Scan saved at 16:02:43, on 27.05.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Generic\USB Card Reader\Disk_Monitor.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Programme\1&1 Programme\cFos\cFosDNT.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Office Mouse\moffice.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System\wininet.exe
C:\Programme\Office Mouse\MOUSE32A.DAT
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\neo\LOKALE~1\Temp\Rar$EX01.770\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hdgjpea.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hdgjpea.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hdgjpea.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hdgjpea.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hdgjpea.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-2003.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sharempeg.com/find/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hdgjpea.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\msxslab.dll
O2 - BHO: (no name) - {69530233-13A8-4D52-BDC4-79F0654C717B} - C:\WINDOWS\System32\hdgjpea.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\Generic\USB Card Reader\Disk_Monitor.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\1&1 Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Office Mouse\moffice.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wininet.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: PopUpKiller - Fenster immer schließen (HKLM)
O9 - Extra button: PopUpKiller - Fenster nie schließen (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MedionShop (HKCU)
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37703.0985185185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
dankeschön im voraus!
gruß neo
neo Gast |
