- #1
M
Mummy
Guest
Hallo,
kann mir jemand bei dem Problem mit der Startseite des Internet Explorers helfen?
Immer wenn ich den Explorer öffne kommt eine komische Startseite.
Ich habe mir jetzt das HijackThis runtergeladen und einmal gescanned.
Hier ist die Scan Liste.
Kann mir jemand sagen was ich jetzt löschen soll und was nicht?
Für eure Hilfe wäre ich euch sehr dankbar!! ;D
Logfile of HijackThis v1.97.7
Scan saved at 16:42:51, on 11.03.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\VIRUSS~1\avgserv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Microsoft IntelliPoint\point32.exe
D:\Winamp3\winampa.exe
D:\VIRUSS~1\avgcc32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\Dokumente und Einstellungen\Mad Mummy\Eigene Dateien\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://yyvvhm.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%[email protected]/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%[email protected]/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://yyvvhm.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%[email protected]/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%[email protected]/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@*ww.efinder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = h**p://yyvvhm.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.nero.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@*ww.efinder.cc/search/ (obfuscated)
O1 - Hosts: 198.65.164.171 ehttp.cc
O1 - Hosts: 198.65.164.168 00hq.com
O1 - Hosts: 198.65.164.168 *ww.00hq.com
O1 - Hosts: 198.65.164.168 winshow.biz
O1 - Hosts: 198.65.164.168 *ww.winshow.biz
O1 - Hosts: 198.65.164.168 8ad.com
O1 - Hosts: 198.65.164.168 *ww.8ad.com
O1 - Hosts: 198.65.164.168 searchv.com
O1 - Hosts: 198.65.164.168 *ww.searchv.com
O1 - Hosts: 198.65.164.168 008k.com
O1 - Hosts: 198.65.164.168 *ww.008k.com
O1 - Hosts: 198.65.164.170 *ww.search-aid.com
O1 - Hosts: 198.65.164.170 *ww.search2004.net
O1 - Hosts: 198.65.164.170 alfaporn.com
O1 - Hosts: 198.65.164.170 toteen.com
O1 - Hosts: 198.65.164.170 uuporn.com
O1 - Hosts: 198.65.164.170 cz3.clickzs.com
O1 - Hosts: 198.65.164.170 cz4.clickzs.com
O1 - Hosts: 198.65.164.170 cz8.clickzs.com
O1 - Hosts: 198.65.164.170 cz6.clickzs.com
O1 - Hosts: 198.65.164.170 cz7.clickzs.com
O1 - Hosts: 198.65.164.170 cz9.clickzs.com
O1 - Hosts: 198.65.164.170 cz5.clickzs.com
O1 - Hosts: 198.65.164.170 xnxxx.com
O1 - Hosts: 198.65.164.170 *ww.xnxxx.com
O1 - Hosts: 198.65.164.170 hot-gallery.com
O1 - Hosts: 198.65.164.170 *ww.hot-gallery.com
O1 - Hosts: 198.65.164.170 big-penis.day4sex.com
O1 - Hosts: 198.65.164.170 penis-enlargement.day4sex.com
O1 - Hosts: 198.65.164.170 *ww.day4sex.com
O1 - Hosts: 198.65.164.170 day4sex.com
O1 - Hosts: 198.65.164.170 *ww.superpornlist.com
O1 - Hosts: 198.65.164.170 superpornlist.com
O1 - Hosts: 198.65.164.170 *ww.medical-penis-enlargement.com
O1 - Hosts: 198.65.164.170 *ww.penisimprovement.com
O1 - Hosts: 198.65.164.170 *ww.penisenlargementmagazine.com
O1 - Hosts: 198.65.164.170 *ww.americas-drugstore.com
O1 - Hosts: 198.65.164.170 *ww.power-enlarge.com
O1 - Hosts: 198.65.164.170 *ww.newsexgate.com
O1 - Hosts: 198.65.164.170 newsexgate.com
O1 - Hosts: 198.65.164.170 *ww.theadultgate.com
O1 - Hosts: 198.65.164.170 theadultgate.com
O1 - Hosts: 198.65.164.170 *ww.overmix.com
O1 - Hosts: 198.65.164.170 overmix.com
O1 - Hosts: 198.65.164.170 *ww.hornygate.com
O1 - Hosts: 198.65.164.170 hornygate.com
O1 - Hosts: 198.65.164.170 *ww.sexxx-start.com
O1 - Hosts: 198.65.164.170 sexxx-start.com
O1 - Hosts: 198.65.164.170 *ww.logtoporn.com
O1 - Hosts: 198.65.164.170 logtoporn.com
O1 - Hosts: 198.65.164.170 *ww.3xpower.com
O1 - Hosts: 198.65.164.170 3xpower.com
O1 - Hosts: 198.65.164.170 *ww.hardcorevibe.com
O1 - Hosts: 198.65.164.170 hardcorevibe.com
O1 - Hosts: 198.65.164.170 *ww.uuporn.com
O1 - Hosts: 198.65.164.170 adp.ikena.com
O1 - Hosts: 198.65.164.170 orbitexplorer.com
O1 - Hosts: 198.65.164.170 *ww.orbitexplorer.com
O1 - Hosts: 198.65.164.170 sqwire.com
O1 - Hosts: 198.65.164.170 *ww.sqwire.com
O1 - Hosts: 198.65.164.170 browserwise.com
O1 - Hosts: 198.65.164.170 *ww.browserwise.com
O1 - Hosts: 198.65.164.170 xjupiter.com
O1 - Hosts: 198.65.164.170 *ww.xjupiter.com
O1 - Hosts: 198.65.164.170 *ww.f1organizer.com
O1 - Hosts: 198.65.164.170 *ww.r-vision.org
O1 - Hosts: 198.65.164.170 *ww3.abcsearch.com
O1 - Hosts: 198.65.164.170 iads.adroar.com
O1 - Hosts: 198.65.164.170 lists.adroar.com
O1 - Hosts: 198.65.164.170 bar.baidu.com
O1 - Hosts: 198.65.164.170 *ww.browsertoolbar.com
O1 - Hosts: 198.65.164.170 *ww.bulla.com
O1 - Hosts: 198.65.164.170 cantfind.com
O1 - Hosts: 198.65.164.170 *ww.cantfind.com
O1 - Hosts: 198.65.164.170 c.clickaire.com
O1 - Hosts: 198.65.164.170 default-homepage-network.com
O1 - Hosts: 198.65.164.170 *ww.default-homepage-network.com
O1 - Hosts: 198.65.164.170 *ww.ebates.com
O1 - Hosts: 198.65.164.170 errorpage404.com
O1 - Hosts: 198.65.164.170 *ww.errorpage404.com
O1 - Hosts: 198.65.164.170 *ww.escorcher.com
O1 - Hosts: 198.65.164.170 *ww.ezcybersearch.com
O1 - Hosts: 198.65.164.170 featured-results.com
O1 - Hosts: 198.65.164.170 *ww.find-now.info
O1 - Hosts: 198.65.164.170 *ww1.baidu.com
O1 - Hosts: 198.65.164.170 *ww.firstpop.com
O1 - Hosts: 198.65.164.170 coreg.flashtrack.net
O1 - Hosts: 198.65.164.170 *ww.flashtrack.net
O1 - Hosts: 198.65.164.170 *ww.freehistorycleaner.com
O1 - Hosts: 198.65.164.170 getupdate.com
O1 - Hosts: 198.65.164.170 *ww.getupdate.com
O1 - Hosts: 198.65.164.170 auto.search.msn.com
O1 - Hosts: 198.65.164.170 server224.smartbotpro.net
O1 - Hosts: 198.65.164.170 ie.marketdart.com
O1 - Hosts: 198.65.164.170 *ww.idgsearch.com
O1 - Hosts: 198.65.164.170 *ww.alfa-search.com
O1 - Hosts: 198.65.164.170 webcoolsearch.com
O1 - Hosts: 198.65.164.170 i-lookup.com
O1 - Hosts: 198.65.164.170 *ww.hand-book.com
O1 - Hosts: 198.65.164.170 allneedsearch.com
O1 - Hosts: 198.65.164.170 *ww.rightfinder.net
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp3\\winampa.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [AVG_CC] D:\VIRUSS~1\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra->Tools' menuitem: Sun Java Konsole (HKLM)
O13 - WWW. Prefix: http://
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F236DD-D396-49BA-9AA5-F587114294E8}: NameServer = 212.185.252.201 194.25.2.129
O19 - User stylesheet: C:\WINDOWS\my.css
O19 - User stylesheet: C:\WINDOWS\my.css (HKLM)
kann mir jemand bei dem Problem mit der Startseite des Internet Explorers helfen?
Immer wenn ich den Explorer öffne kommt eine komische Startseite.
Ich habe mir jetzt das HijackThis runtergeladen und einmal gescanned.
Hier ist die Scan Liste.
Kann mir jemand sagen was ich jetzt löschen soll und was nicht?
Für eure Hilfe wäre ich euch sehr dankbar!! ;D
Logfile of HijackThis v1.97.7
Scan saved at 16:42:51, on 11.03.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\VIRUSS~1\avgserv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Microsoft IntelliPoint\point32.exe
D:\Winamp3\winampa.exe
D:\VIRUSS~1\avgcc32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\Dokumente und Einstellungen\Mad Mummy\Eigene Dateien\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://yyvvhm.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%[email protected]/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%[email protected]/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://yyvvhm.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%[email protected]/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%[email protected]/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://yyvvhm.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@*ww.efinder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = h**p://yyvvhm.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.nero.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@*ww.efinder.cc/search/ (obfuscated)
O1 - Hosts: 198.65.164.171 ehttp.cc
O1 - Hosts: 198.65.164.168 00hq.com
O1 - Hosts: 198.65.164.168 *ww.00hq.com
O1 - Hosts: 198.65.164.168 winshow.biz
O1 - Hosts: 198.65.164.168 *ww.winshow.biz
O1 - Hosts: 198.65.164.168 8ad.com
O1 - Hosts: 198.65.164.168 *ww.8ad.com
O1 - Hosts: 198.65.164.168 searchv.com
O1 - Hosts: 198.65.164.168 *ww.searchv.com
O1 - Hosts: 198.65.164.168 008k.com
O1 - Hosts: 198.65.164.168 *ww.008k.com
O1 - Hosts: 198.65.164.170 *ww.search-aid.com
O1 - Hosts: 198.65.164.170 *ww.search2004.net
O1 - Hosts: 198.65.164.170 alfaporn.com
O1 - Hosts: 198.65.164.170 toteen.com
O1 - Hosts: 198.65.164.170 uuporn.com
O1 - Hosts: 198.65.164.170 cz3.clickzs.com
O1 - Hosts: 198.65.164.170 cz4.clickzs.com
O1 - Hosts: 198.65.164.170 cz8.clickzs.com
O1 - Hosts: 198.65.164.170 cz6.clickzs.com
O1 - Hosts: 198.65.164.170 cz7.clickzs.com
O1 - Hosts: 198.65.164.170 cz9.clickzs.com
O1 - Hosts: 198.65.164.170 cz5.clickzs.com
O1 - Hosts: 198.65.164.170 xnxxx.com
O1 - Hosts: 198.65.164.170 *ww.xnxxx.com
O1 - Hosts: 198.65.164.170 hot-gallery.com
O1 - Hosts: 198.65.164.170 *ww.hot-gallery.com
O1 - Hosts: 198.65.164.170 big-penis.day4sex.com
O1 - Hosts: 198.65.164.170 penis-enlargement.day4sex.com
O1 - Hosts: 198.65.164.170 *ww.day4sex.com
O1 - Hosts: 198.65.164.170 day4sex.com
O1 - Hosts: 198.65.164.170 *ww.superpornlist.com
O1 - Hosts: 198.65.164.170 superpornlist.com
O1 - Hosts: 198.65.164.170 *ww.medical-penis-enlargement.com
O1 - Hosts: 198.65.164.170 *ww.penisimprovement.com
O1 - Hosts: 198.65.164.170 *ww.penisenlargementmagazine.com
O1 - Hosts: 198.65.164.170 *ww.americas-drugstore.com
O1 - Hosts: 198.65.164.170 *ww.power-enlarge.com
O1 - Hosts: 198.65.164.170 *ww.newsexgate.com
O1 - Hosts: 198.65.164.170 newsexgate.com
O1 - Hosts: 198.65.164.170 *ww.theadultgate.com
O1 - Hosts: 198.65.164.170 theadultgate.com
O1 - Hosts: 198.65.164.170 *ww.overmix.com
O1 - Hosts: 198.65.164.170 overmix.com
O1 - Hosts: 198.65.164.170 *ww.hornygate.com
O1 - Hosts: 198.65.164.170 hornygate.com
O1 - Hosts: 198.65.164.170 *ww.sexxx-start.com
O1 - Hosts: 198.65.164.170 sexxx-start.com
O1 - Hosts: 198.65.164.170 *ww.logtoporn.com
O1 - Hosts: 198.65.164.170 logtoporn.com
O1 - Hosts: 198.65.164.170 *ww.3xpower.com
O1 - Hosts: 198.65.164.170 3xpower.com
O1 - Hosts: 198.65.164.170 *ww.hardcorevibe.com
O1 - Hosts: 198.65.164.170 hardcorevibe.com
O1 - Hosts: 198.65.164.170 *ww.uuporn.com
O1 - Hosts: 198.65.164.170 adp.ikena.com
O1 - Hosts: 198.65.164.170 orbitexplorer.com
O1 - Hosts: 198.65.164.170 *ww.orbitexplorer.com
O1 - Hosts: 198.65.164.170 sqwire.com
O1 - Hosts: 198.65.164.170 *ww.sqwire.com
O1 - Hosts: 198.65.164.170 browserwise.com
O1 - Hosts: 198.65.164.170 *ww.browserwise.com
O1 - Hosts: 198.65.164.170 xjupiter.com
O1 - Hosts: 198.65.164.170 *ww.xjupiter.com
O1 - Hosts: 198.65.164.170 *ww.f1organizer.com
O1 - Hosts: 198.65.164.170 *ww.r-vision.org
O1 - Hosts: 198.65.164.170 *ww3.abcsearch.com
O1 - Hosts: 198.65.164.170 iads.adroar.com
O1 - Hosts: 198.65.164.170 lists.adroar.com
O1 - Hosts: 198.65.164.170 bar.baidu.com
O1 - Hosts: 198.65.164.170 *ww.browsertoolbar.com
O1 - Hosts: 198.65.164.170 *ww.bulla.com
O1 - Hosts: 198.65.164.170 cantfind.com
O1 - Hosts: 198.65.164.170 *ww.cantfind.com
O1 - Hosts: 198.65.164.170 c.clickaire.com
O1 - Hosts: 198.65.164.170 default-homepage-network.com
O1 - Hosts: 198.65.164.170 *ww.default-homepage-network.com
O1 - Hosts: 198.65.164.170 *ww.ebates.com
O1 - Hosts: 198.65.164.170 errorpage404.com
O1 - Hosts: 198.65.164.170 *ww.errorpage404.com
O1 - Hosts: 198.65.164.170 *ww.escorcher.com
O1 - Hosts: 198.65.164.170 *ww.ezcybersearch.com
O1 - Hosts: 198.65.164.170 featured-results.com
O1 - Hosts: 198.65.164.170 *ww.find-now.info
O1 - Hosts: 198.65.164.170 *ww1.baidu.com
O1 - Hosts: 198.65.164.170 *ww.firstpop.com
O1 - Hosts: 198.65.164.170 coreg.flashtrack.net
O1 - Hosts: 198.65.164.170 *ww.flashtrack.net
O1 - Hosts: 198.65.164.170 *ww.freehistorycleaner.com
O1 - Hosts: 198.65.164.170 getupdate.com
O1 - Hosts: 198.65.164.170 *ww.getupdate.com
O1 - Hosts: 198.65.164.170 auto.search.msn.com
O1 - Hosts: 198.65.164.170 server224.smartbotpro.net
O1 - Hosts: 198.65.164.170 ie.marketdart.com
O1 - Hosts: 198.65.164.170 *ww.idgsearch.com
O1 - Hosts: 198.65.164.170 *ww.alfa-search.com
O1 - Hosts: 198.65.164.170 webcoolsearch.com
O1 - Hosts: 198.65.164.170 i-lookup.com
O1 - Hosts: 198.65.164.170 *ww.hand-book.com
O1 - Hosts: 198.65.164.170 allneedsearch.com
O1 - Hosts: 198.65.164.170 *ww.rightfinder.net
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp3\\winampa.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [AVG_CC] D:\VIRUSS~1\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra->Tools' menuitem: Sun Java Konsole (HKLM)
O13 - WWW. Prefix: http://
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F236DD-D396-49BA-9AA5-F587114294E8}: NameServer = 212.185.252.201 194.25.2.129
O19 - User stylesheet: C:\WINDOWS\my.css
O19 - User stylesheet: C:\WINDOWS\my.css (HKLM)