Habe eben noch ein bischen hier im Forum nach ähnlichem gesucht und den Tip zu HijackThis gefunden.
Hier der Log.
Logfile of HijackThis v1.97.7
Scan saved at 12:19:15, on 04.05.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
D:\NORMAN\nvc\bin\zanda.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
D:\NORMAN\Nvc\BIN\nvcoas.exe
D:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\WINNT\Explorer.EXE
D:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\AdsGone\adsgone.exe
D:\NORMAN\Nvc\BIN\cclaw.exe
D:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\Norman\Norman Personal Firewall\NPFMessenger.exe
C:\Programme\PrintKey2000\Printkey2000.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\HideOE\HideOE.exe
C:\WINNT\explorer.exe
C:\Dokumente und Einstellungen\jk\Desktop\HijackThis.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.40:3128;https=192.168.1.40:3128;ftp=192.168.1.40:3128;socks=192.168.1.40:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Norman ZANDA] D:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [MemPro] C:\Program Files\MemCheck Pro\MemPro.exe
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: Verknüpfung mit Setup_Sicherung.bat.lnk = Kraft\Setup_Sicherung.bat
O4 - Global Startup: AdsGone 2003.lnk = C:\Programme\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Programme\AdsGone\adsgone.exe
O4 - Global Startup: Norman Personal Firewall Konsole.lnk = C:\Norman\Norman Personal Firewall\NPFMessenger.exe
O4 - Global Startup: Outlook Express with OE-QuoteFix.lnk = C:\Programme\OE-QuoteFix\OELaunch.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verknüpfung mit HideOE.exe.lnk = C:\Programme\HideOE\HideOE.exe
O10 - Broken Internet access because of LSP provider->normanpf.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.2326041667
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.40:3128;https=192.168.1.40:3128;ftp=192.168.1.40:3128;socks=192.168.1.40:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Norman ZANDA] D:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [MemPro] C:\Program Files\MemCheck Pro\MemPro.exe
O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: Verknüpfung mit Setup_Sicherung.bat.lnk = Kraft\Setup_Sicherung.bat
O4 - Global Startup: AdsGone 2003.lnk = C:\Programme\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Programme\AdsGone\adsgone.exe
O4 - Global Startup: Norman Personal Firewall Konsole.lnk = C:\Norman\Norman Personal Firewall\NPFMessenger.exe
O4 - Global Startup: Outlook Express with OE-QuoteFix.lnk = C:\Programme\OE-QuoteFix\OELaunch.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verknüpfung mit HideOE.exe.lnk = C:\Programme\HideOE\HideOE.exe
O10 - Broken Internet access because of LSP provider->normanpf.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.2326041667