About:blank unter Windows XP |
||
---|---|---|
#0
| ||
26.04.2004, 16:25
Member
Beiträge: 12 |
||
|
||
26.04.2004, 16:51
Moderator
Beiträge: 7805 |
#2
Fix bitte das:
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\msxslab.dll O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe Starte dann neu, und schicke diese Datei: C:\Program Files\Q330994.exe bitte an virus@protecus.de und loesche sie dann. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
26.04.2004, 17:14
Member
Themenstarter Beiträge: 12 |
#3
Hat prima geklappt! Danke vielmals!
|
|
|
||
09.05.2004, 22:32
...neu hier
Beiträge: 1 |
#4
Hallo kann mir jemand helfen ? habe immer im internet explorer den eintrag abaut: blank
danke RollykLogfile of HijackThis v1.97.7 Scan saved at 21:39:35, on 10.05.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\FRITZ!DSL\Awatch.exe C:\Programme\Trojancheck 6\tcguard.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\AOL 8.0\aoltray.exe C:\Programme\Norton Internet Security\ccPxySvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Utilities\NPROTECT.EXE C:\Programme\Speed Disk\nopdb.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Programme\Microsoft Office\Office10\WINWORD.EXE D:\XP Windows Vierne Hilfe\hijackthis1977\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\koljnc.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\koljnc.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\koljnc.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\koljnc.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\koljnc.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.com/b1redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\koljnc.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8C2905E7-93CE-444D-A66E-1AC935AF1ABF} - C:\WINDOWS\System32\koljnc.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] D:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.com/b1redirect O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37907.4506597222 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D22E765-84D0-49F8-9550-0A710E463473}: NameServer = 217.237.151.225 194.25.2.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BC10F2-4297-430B-8E18-4944B73E0743}: NameServer = 192.168.122.252,192.168.122.253 Dieser Beitrag wurde am 10.05.2004 um 21:50 Uhr von Rollyk editiert.
|
|
|
||
09.05.2004, 23:35
...neu hier
Beiträge: 2 |
#5
HI...
hab auch dieses about:blank problem Hier meine HijackThis Log: Logfile of HijackThis v1.97.7 Scan saved at 23:33:07, on 09.05.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\gearsec.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\PROGRA~1\0190WA~1\WARN0190.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\svchost.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\ICQPlus\vplus.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\ICQ\Icq.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Shimmy\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ...:::Shimmy:::... R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/2484/search.php?qq= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///E:/HOMEPAGE/_privat/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C4BD5E41-9535-4E57-986F-03FD53D1EA5C} - C:\WINDOWS\System32\bmj.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WhenUSearch] C:\Programme\WhenUSearch\Search.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe" O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\Icq.exe -trayboot O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: ICQ 4.0 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/065cf0dc874bc7684e05/netzip/RdxIE601_de.cab O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/photo_activex/PhotoUploader.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{209763DE-2B04-4085-8911-76179BB7733D}: NameServer = 217.237.151.225 194.25.2.129 Bitte um Hilfe. Danke! Dieser Beitrag wurde am 09.05.2004 um 23:38 Uhr von Shimmy editiert.
|
|
|
||
10.05.2004, 13:32
Ehrenmitglied
Beiträge: 29434 |
#6
Shimmi
Lade bitte : ----------------------------------------------------------------------------- http://lavasoft.element5.com/german/support/download/ http://beam.to/spybotsd http://www.spywareremove.com/ Den CWSHREDDER findest du hier: http://www.spywareinfo.com/~merijn/junk/CWShredder.exe einfach starten und immer next druecken. Lade ClearProg http://www.clearprog.de/ -------------------------------------------------------------------------------- Fixe mit dem HijackThis. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bmj.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/2484/search.php?qq= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///E:/HOMEPAGE/_privat/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {C4BD5E41-9535-4E57-986F-03FD53D1EA5C} - C:\WINDOWS\System32\bmj.dll O4 - HKLM\..\Run: [WhenUSearch] C:\Programme\WhenUSearch\Search.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab neustarten -------------------------------------------------------------------------- Mit Antispy-tools scannen. WhenUSearch\Search.exe und alle Eintraege mit<The Safe< in Windows und in der Registry manuell loeschen The Save! software bundle from WhenU.com includes both Save! and the WhenUSearch Toolbar Start<Ausfuehren<regedit O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe WhenUSearch\Search.exe ------------------------------------------------------------------------- http://www.mwti.net/antivirus/free_utilities.asp Alles , was die mwav.exe noch findet, manuell loeschen. mache einen scann mit PestPatrol(Online)und TrendMicro http://www.pestscan.com/Scan.asp http://housecall.trendmicro.com/ den IE saeubern, mit ClearProg die Startseite unter InternetOptionen neu einstellen. Das Log noch einmal posten, wenn es nicht geklappt hat. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 10.05.2004 um 13:50 Uhr von Sabina editiert.
|
|
|
||
10.05.2004, 14:21
...neu hier
Beiträge: 2 |
||
|
||
Wer kann mir helfen?
Ich hab jetzt mit HijackThis einen Scan durchgeführt und das ist das Logfile:
Logfile of HijackThis v1.97.7
Scan saved at 15:49:28, on 26.04.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\MSDE\binn\sqlservr.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Winamp\Winampa.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Programme\hardcopy\hardcopy.exe
C:\Programme\Microsoft Office\Office\1031\msoffice.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programme\Microsoft Office\Office\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
T:\Uwe\AntiVir und Co\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.yahoo.de"); (C:\Programme\Netscape\Communicator\Users\freenet_30\prefs.js)
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\msxslab.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33 "EPSON Stylus C84 Series (Kopie 1)" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: Hardcopy.LNK = C:\Programme\hardcopy\hardcopy.exe
O4 - Startup: Microsoft Office Shortcut-Leiste.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de/
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab