about:blank?

BlackWolf

okay, vielen dank für die links etc...
hab die angegebenen dateien gelöscht, ist aber immer noch da... hier noch mal der log...
Logfile of HijackThis v1.97.7
Scan saved at 15:53:45, on 07.04.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Classic PhoneTools\CapFax.EXE
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
C:\Programme\Kazaa\kazaa.exe
C:\Programme\DelFin\PromulGate\PgMonitr.exe
C:\Programme\Browser mouse\1.3\mouse32a.exe
C:\Programme\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\DitExp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\WebDrive\webdrive.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Orbit\update.exe
C:\Programme\Orbit\view.exe
C:\WINDOWS\System32\SWMonitor.exe
C:\Programme\WebDrive\wdservice.exe
C:\Programme\ICQPlus\vplus.exe
C:\WINDOWS\System32\cidaemon.exe
C:\hijackthis1977\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe

</font><blockquote>Code:</font><hr /><pre style="font-size:x-small; font-family: monospace;"> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\dcohcca.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dcohcca.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\dcohcca.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\dcohcca.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\dcohcca.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\dcohcca.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.companion.yahoo.com/slv/ycheck/as/*hxxp://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Programme\Gemeinsame Dateien\OE\search.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Programme\Lycos\Sidesearch\sidesearch1311.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\ycomp5_0_2_7.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Programme\Gemeinsame Dateien\OE\toolbar.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Programme\MediaLoads Enhanced\ME2.DLL
O2 - BHO: (no name) - {A6599ADD-0F39-44BD-A756-1F6021DD9062} - C:\WINDOWS\System32\dcohcca.dll
O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\Programme\Gemeinsame Dateien\OE\redirector.dll
O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &amp;Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\ycomp5_0_2_7.dll
O3 - Toolbar: &amp;Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Programme\Gemeinsame Dateien\OE\toolbar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CapFax] C:\Programme\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] &quot;C:\Programme\Lexmark X74-X75\lxbbbmgr.exe&quot;
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [PromulGate] &quot;C:\Programme\DelFin\PromulGate\PgMonitr.exe&quot;
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programme\Browser mouse\1.3\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Medion keyboard utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [Search-Exe] &quot;C:\Programme\se\v2\se.EXE&quot; /U
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WebDriveTray] C:\Programme\WebDrive\webdrive.exe /trayicon
O4 - HKLM\..\Run: [TkBellExe] &quot;C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe&quot; -osboot
O4 - HKLM\..\Run: [msbb] C:\Programme\n-CASE\msbb.exe
O4 - HKCU\..\Run: [SWUpdateMonitor] C:\WINDOWS\System32\SWMonitor.exe
O4 - HKCU\..\Run: [ICQ Plus] &quot;C:\Programme\ICQPlus\vplus.exe&quot;
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &amp;Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: MedionShop (HKCU)
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpga: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.medion.de
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - hxxp://software-dl.real.com/222bd7c2536d411e1c15/netzip/RdxIE601_de.cab
O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} - hxxp://secure.goodthinxx.com/(tsffwrzshji3wc45t3jyiznj)/secureweb/securewebgt.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - hxxp://kit.carpediem.fr/20429/Italie/ParisVoyeur.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38084.2094097222
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - hxxp://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer.exe
O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482} (Loader Class) - hxxp://www.orbitexplorer.com/OELoader.cab
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - hxxp://webpdp.gator.com/4/download/hdplugin_1015_bundle43v2d12.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - hxxp://install.stardialer.de/StarInstall.ocx
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - hxxp://www.whenusearch.com/WUInstSEWC.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&amp;Yahoo! Companion) - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6DAC41-2198-4C12-A59E-EB7230E4A73E}: NameServer = 192.168.1.1
</pre>[/QUOTE]oh gott dieses orbit zeug ist ja schon wieder da...

[ 07. April 2004, 16:20: Beitrag editiert von: BlackWolf ]