Startseite ändert sich immer um (www.buldog-search.com) |
||
---|---|---|
#0
| ||
21.01.2005, 20:09
...neu hier
Beiträge: 1 |
||
|
||
23.01.2005, 22:33
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@slash15
Start<Ausfuehren<regedit die Registry oeffnet sich: suche folgende Schluessel: <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ loesche: v3cab <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ loesche: C:/WINDOWS/Downloaded Program Files/v3.dll <HKEY_LOCAL_MACHINE\SOFTWARE\ loesche: backup\EliteToolBar <HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ loesche: {28CAEFF3-0F18-4036-B504-51D73BD81ABC} <HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ loesche: {825CF5BD-8862-4430-B771-0C15C5CA8DEF} <HKEY_LOCAL_MACHINE\SOFTWARE\ loesche: Elitum\EliteToolBar Bearbeiten--suchen--> kopiere rein und loesche alles, was du findest: HUdmjmú"ü‰üžigÝY ¢‰¸K0ÔÁß]§ú"ü‰üžigÝ qqbdy.exe istsvc.exe IST Service #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O1 - Hosts: 69.50.188.82 google.com O1 - Hosts: 69.50.188.82 altavista.com O1 - Hosts: 69.50.188.82 www.altavista.com O1 - Hosts: 69.50.188.82 msn.com O1 - Hosts: 69.50.188.82 www.msn.com O1 - Hosts: 69.50.188.82 search.msn.com O1 - Hosts: 69.50.188.82 search.yahoo.com O1 - Hosts: 69.50.188.82 yahoo.com O1 - Hosts: 69.50.188.82 www.yahoo.com O1 - Hosts: 69.50.188.82 search.aol.com O1 - Hosts: 69.50.188.82 askjeeves.com O1 - Hosts: 69.50.188.82 www.askjeeves.com O1 - Hosts: 69.50.188.82 www.directhit.com O1 - Hosts: 69.50.188.82 directhit.com O1 - Hosts: 69.50.188.82 www.excite.com O1 - Hosts: 69.50.188.82 excite.com O1 - Hosts: 69.50.188.82 alltheweb.com O1 - Hosts: 69.50.188.82 www.alltheweb.com O1 - Hosts: 69.50.188.82 go.com O1 - Hosts: 69.50.188.82 www.go.com O1 - Hosts: 69.50.188.82 goto.com O1 - Hosts: 69.50.188.82 www.goto.com O1 - Hosts: 69.50.188.82 hotbot.com O1 - Hosts: 69.50.188.82 www.hotbot.com O1 - Hosts: 69.50.188.82 lycos.com O1 - Hosts: 69.50.188.82 www.lycos.com O1 - Hosts: 69.50.188.82 dmoz.org O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing) O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing) O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\letsroll.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe O4 - HKLM\..\Run: [Sonnettiebio] WinUpdate.exe O4 - HKLM\..\Run: [HUdmjm3] C:\WINDOWS\qqbdy.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [HUdmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe O4 - HKLM\..\Run: [HUdmjmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzwj32.exe O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe O15 - Trusted IP range: (HKLM) O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a></a>toolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3680 O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/partner/mcbeat/MY-PLAYLIST-WEBINSTALLER_loader.exe O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/exe/access_special.ocx O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx O23 - Service: AntiVir Update - H+<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">BED</a></a></a></a>V Datentechnik GmbH, Germany - C:\Programme\Anti-Vir\AVWUPSRV.EXE O23 - Service: TrueVector <a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a></a> Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe PC neustarten Deinstalliere Antivirus und Zonealarm-->sind verseucht #Hoster-Tool : http://members.aol.com/toadbee/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. #eScan-Trial http://www.mwti.net/antivirus/escan/escandl_antivirus.asp (15-Tage- trial-Freeversion) KillBox http://www.bleepingcomputer.com/files/killbox.php <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe C:\RECYCLER\Desktop.ini C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll C:\windows\system32\taskmgn.exe C:\WINDOWS\System32\letsroll.exe C:\WINDOWS\System32\securer\syshost.exe C:\windows\system32\WinUpdate.exe C:\WINDOWS\qqbdy.exe C:\WINDOWS\Downloaded Program Files\bridge.dll C:\Program Files\DeskAd Service\DeskAdServ.exe C:\Program Files\Admanager Controller\AdManCtl.exe C:\Program Files\Admanager Controller\AdManKeep.exe C:\WINDOWS\qqbdy.exe C:\Programme\ISTsvc\istsvc.exe C:/WINDOWS/Downloaded Program Files/v3.dll C:\windows\system32\kalvzwj32.exe C:\WINDOWS\hhnt.exe <gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml Loeschen temporaere Dateien --> loesche die Dateien in den Ordnern, nicht die ordner selbst C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\ C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat) klicke auf: awn2k3e.exe (Escan) gehe wieder in den Normalmodus #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs Adware.Istbar Removal Tool The tool can be found here: securityresponse.symantec.com/avcenter/FxIstbar.exe http://www.chip.de/forum/thread.html?bwthreadid=762276 #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 laden-->scannen-->PC neustarten--> noch mal scannen--> poste das Log #Search&Destroy http://www.safer-networking.org/de/download/index.html Spybot - Search && Destroy process list report,-->bitte abkopieren und posten #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 23.01.2005 um 22:56 Uhr von Sabina editiert.
|
|
|
Logfile of HijackThis v1.99.0
Scan saved at 20:00:10, on 21.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ZoneAlarm\zlclient.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Programme\Labtec\Wireless Mouse\MulMouse.exe
C:\Programme\Anti-Vir\AVWUPSRV.EXE
C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\SLEE503.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\hhnt.exe
C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
C:\Programme\Diablo LOD\Game.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andi\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = F***' Rock Out
O1 - Hosts: 69.50.188.82 google.com
O1 - Hosts: 69.50.188.82 altavista.com
O1 - Hosts: 69.50.188.82 www.altavista.com
O1 - Hosts: 69.50.188.82 msn.com
O1 - Hosts: 69.50.188.82 www.msn.com
O1 - Hosts: 69.50.188.82 search.msn.com
O1 - Hosts: 69.50.188.82 search.yahoo.com
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 www.yahoo.com
O1 - Hosts: 69.50.188.82 search.aol.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 alltheweb.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 hotbot.com
O1 - Hosts: 69.50.188.82 www.hotbot.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 www.lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 - HKLM\..\Run: [soundmanager] soundman.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\letsroll.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Sonnettiebio] WinUpdate.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HUdmjm3] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [HUdmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0¨4W
}ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [HUdmjmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzwj32.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
O4 - Global Startup: Labtec Maus Software 2.0.lnk = C:\Programme\Labtec\Wireless Mouse\MulMouse.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de
O15 - Trusted IP range: (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a></a>toolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3680
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/partner/mcbeat/MY-PLAYLIST-WEBINSTALLER_loader.exe
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/exe/access_special.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342E316-501D-44C9-9BCE-6D9C40D93C63}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update - H+<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">BED</a></a></a></a>V Datentechnik GmbH, Germany - C:\Programme\Anti-Vir\AVWUPSRV.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer - Living Byte Software GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] - Unknown - C:\WINDOWS\System32\SLEE503.exe
O23 - Service: TrueVector <a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a></a> Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe