So, musste den Rechner wechseln, das Notebook qualmt...
Also Hijackthis, scan, dann save log.
Nun habe ich die backups in einem ordner. Das sieht in dem funktionierenden, lol noch nichts gelöscht !dann so aus:
Logfile of HijackThis v1.97.7
Scan saved at 11:22:19, on 29.01.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\Explorer.EXE
C:\Programme\Winamp\Winampa.exe
C:\WINNT\loadqm.exe
C:\WINNT\SYSTEM32\svrmsg.exe
C:\WINNT\SYSTEM32\kp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINNT\System32\mstask0.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Paragon\Last Minute Gebot\plmg.exe
C:\winnt\winlogon.exe
C:\Programme\D\D-Info\dinfostarter.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINNT\System32\MOStat.exe
C:\WINNT\SYSTEM32\gheh.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\Download\Hijacker\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant =
http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch =
http://www.sharempeg.com/find/
F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe,C:\WINNT\System32\svcpack.exe
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINNT\NavExt.dll
O2 - BHO: (no name) - {017B27E7-9CBC-4F0D-AFF2-8411EC4672D9} - C:\WINNT\system32\oedkkba.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINNT\System32\DReplace.dll
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mspjnc.dll
O2 - BHO: (no name) - {EE00C9A4-9279-4FFE-B191-625C9A9958C3} - C:\WINNT\system32\moz030715s.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: D-Info - {CB736FF0-1D72-11D6-BF3C-005056303009} - C:\Programme\D\D-Info\dinfoband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\SYSTEM32\svrmsg.exe
O4 - HKLM\..\Run: [helpmanager] spoler.exe
O4 - HKLM\..\Run: [System Initialization] C:\WINNT\system32\msmsgri32.exe
O4 - HKLM\..\Run: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKLM\..\Run: [Mspatch69] C:\WINNT\SYSTEM32\kp.exe
O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [MS_NETD_WIN32] netd32.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft Windows] mstask0.exe
O4 - HKLM\..\Run: [Windows Data] C:\WINNT\SYSTEM32\gheh.exe
O4 - HKLM\..\RunServices: [helpmanager] spoler.exe
O4 - HKLM\..\RunServices: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKLM\..\RunServices: [MS_NETD_WIN32] netd32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] mstask0.exe
O4 - HKCU\..\Run: [explore] c:\winnt\explore.exe
O4 - HKCU\..\Run: [iedll] C:\WINNT\iedll.exe
O4 - HKCU\..\Run: [loader] C:\WINNT\loader.exe
O4 - HKCU\..\Run: [plmg.exe] C:\Programme\Paragon\Last Minute Gebot\plmg.exe
O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe
O4 - HKCU\..\Run: [QuickTime Task] c:\winnt\qttasks.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: D-Info Starter.lnk = C:\Programme\D\D-Info\dinfostarter.exe
O9 - Extra button: D-Info (HKLM)
O9 - Extra->Tools' menuitem: D-Info (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra->Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Add bid (HKCU)
O9 - Extra->Tools' menuitem: Add bid (HKCU)
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://www.napster.com/client/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp
O19 - User stylesheet: C:\WINNT\hh.htt (HKLM)