Hallo,
mich hat's erwischt. Anbei ein highjackthis-protokoll einer chinesischen seite, die keine moral hat, sie hat meine uebliche startseite weggeputzt. wer kann sich das mal ansehen und mir bitte, bitte, helfen, dass ich diesen teufel loswerde?
???
Danke im Voraus fuer Eure Hilfe
Hans
Logfile of HijackThis v1.98.2
Scan saved at 8:10:55 PM, on 10/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9NNZ9PCE\HijackThis19802[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.woogood.com/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.woogood.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.woogood.com/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.woogood.com/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.woogood.com/serch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woogood.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.woogood.com/serch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.woogood.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.woogood.com/serch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.woogood.com/serch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.woogood.com/serch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woogood.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.woogood.com/serch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.woogood.com/serch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.woogood.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.woogood.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.woogood.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: (no name) - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Assistent - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WlN32] regedit -s C:\$NtUninstallQ887678$\WINSYS.cer
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\RunOnce: [WlN32] C:\$NtUninstallQ887678$\WINSYS.vbs
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ887678$\WINSYS.cer
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 3721CMail - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096361771216
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43EDBC30-F166-4B8B-ADBB-C4A828FDA6BA}: NameServer = 202.96.209.6 202.96.209.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{43EDBC30-F166-4B8B-ADBB-C4A828FDA6BA}: NameServer = 202.96.209.6 202.96.209.133
hans m. huegel Gast |
