Startpage Problem... [HijackThis Log]

Hello,

i have a problem with this startpage set making me crazy.
There is this site with the title

"Search for..."

but the in the adressbar i can only see

"about:blank"

I was using Spybot, CWShredder and HijackThis to get rid of the problem, and it works as long as my pc is on, but everytime i reboot the site comes back again. Could someone please help me.

Thanks.


HijackThis Log:

Logfile of HijackThis v1.97.7
Scan saved at 12:42:36, on 01.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programme\ICQPlus\vplus.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQ\Icq.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\MyStuff\Programme\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D167D13-B964-467A-8DE6-CE517B063D66} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - (no file)
O2 - BHO: (no name) - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2C3C24A-32C1-4B48-A3C5-70664D5759B4} - C:\WINDOWS\System32\gnob.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37902.5721875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

 

Hi Geist,

Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Daniel\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {2D167D13-B964-467A-8DE6-CE517B063D66} - (no file)

O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - (no file)
O2 - BHO: (no name) - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - (no file)

O2 - BHO: (no name) - {E2C3C24A-32C1-4B48-A3C5-70664D5759B4} - C:\WINDOWS\System32\gnob.dll

O16 - DPF: {11111111-1111-1111-1111-111111111157} -

Then start APM.
In the upper window select explorer.exe
In the lower window find and rightclick the BHO from the HijackThis log
( C:\WINDOWS\System32\gnob.dll )
Select Unload DLL and click OK on the prompts that follow.

Reboot and scan with AdAware to remove the txt and html protocol association as described here:
https://www.wilderssecurity.com/showthread.php?t=15913

Copy the contents of the bold text to Notepad.
Name the file Appinit.bat
Save as type *All Files*
Save on the Desktop.

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt

Double click on Appinit.bat
This will create a file on the desktop named windows.txt
Post the content please.

Regards,

Pieter

 

Hello Pieter,

at first i want to say thank you for your help.
Unluckily i have some small problems...

Unluckily this file is not listed in APM, though its listed in HijackThis.

Im not really sure what you mean with this one?


Geist

 

Anyone read this one... ??

 

Finally i found it out...

Well here is the windows.txt after doin all the steps above

windows.txt:


regf




uŸ tK‹^Sè…Ó ‹øY…ÿt*ƒÆ‰=P€Ÿ ‰5@€Ÿ è› f…Àt WèhÏ Yë‹E‰]ü‰8ÿ5*uŸ èRÏ ‹EüYë3À_^[ÉÃf¡L€Ÿ f…Àt-·ÀPÿ5*uŸ ÿ5P€Ÿ èÒ ·L€Ÿ
P€Ÿ ƒÄfƒ%L€Ÿ ÃU‹ìì SVWjY3À}˜‹uó«f«‹}‹Î‹×·
fÿDE˜ADE˜Âÿÿ Af…Òuçf9}˜u‹Eƒ ‹E f!f3Àé° ‹M ÇE
·
‰Eü·U fƒ|U˜ u
ÿE fƒ} vê·] f;E ‰]øs‰]üjZ·Âfƒ|E˜ uÂÿÿ f…Òuêf9Uü·Â‰EÜv‰Eüf‹}üj
f‰9_‹ËÓçf9U s·M ·LM˜+ùxÿE Ñçëæf‹LE˜DE˜·Ù+û‰}Ày f¸ é ÏÂÿpÝÃÈ hbin  Ÿ ·F$Ñèx
‹ÇƒÀ$üéP¨ÿÿÿnk, ì–fÆŠYÄ
ÿÿÿÿ ÿÿÿÿÿÿÿÿ ø x ÿÿÿÿ 0 >  Windows ÿÿÿsk½x x
Ô
„¸ È   ¤    
  !  €
  !  ? 
    
    ? 

  

  


  

 ëyÿuØÿÿÿvk >


fùAppInit_DLLsÖæG¸ÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ w i n c i o . d l l E ~ 1  h
Ðÿÿÿvk  

ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  _£ûóðÿÿÿ9 0  è( Ðÿÿÿvk  €' 
zGDIProcessHandleQuota"þàÿÿÿvk  €

°ºSpooler2ðÿÿÿy e s ð  h
à
0 ` ¨ àÿÿÿvk  €

=pswapdiskÐÿÿÿvk  

R¿TransmissionRetryTimeoutàÿÿÿh
à
0 ` ¨ È  Ðÿÿÿvk  €' 
USERProcessHandleQuota ¸ {Ÿ À„RñÿÿéFñÿÿ¶7Ÿ )ðƒÀ#Çèæ TXÿ5 {Ÿ ÿ%Ù7Ÿ ÿÄ}Ÿ =· ”À8ÔuŸ ¢{Ÿ „Mòÿÿéñ
‰¼ýÿÿ‰
‰HÿvX‰…¸ýÿÿÿvYéúçÿÿƒÄˆÈýÿÿ‰]ø*°uŸ jAˆ…ÌýÿÿY)À½Íýÿÿó«ÿ%ã6Ÿ ‹Eì‰0é«èÿÿPÿì}Ÿ ¡ÈuŸ …À„Ðóÿÿéõðÿÿ8F„âëÿÿéfýÿÿ³
è ŠÃ^[ÃWèUñÿÿP…ÔýÿÿP蛥 ƒÄÿ%³5Ÿ èïøÿÿP…ÔþÿÿPèW¡ Y…ÀY…k ÿ%
5Ÿ ÿÄ}Ÿ =· SSSh  ÿ5{Ÿ •Eóÿ´~Ÿ ÿ%ò3Ÿ èÖæÿÿÿuÔŠUÐÿuØYè× j
ÿuàjSÿ%w7Ÿ ÿ5W7Ÿ …<ÿÿÿPè³Ö ÿ54Ÿ …Hÿÿÿé» ·F,Ñèx
WXé$îÿÿ}ü
…Ìøÿÿé¹øÿÿj
XÃUT]jÿh48Ÿ ÿ5¥7Ÿ d¡ Pd‰% éÛ ÿ57Ÿ VVÿ5u3Ÿ VVÿð}Ÿ ;Æ£ÈuŸ „‚ôÿÿéàýÿÿSÿ5á7Ÿ YèqŒ Pè§ YéðÿÿÿuìX9]ü‰„3çÿÿÿ%É3Ÿ ‹6éà U‰åì$
SVQ^Wÿ%å7Ÿ ¡3Ÿ ö3Ÿ +ƃÀ#ÇèKä émëÿÿ9pÿÿÿ„ é8 j
ÿ¸~Ÿ Pÿ°}Ÿ ÆÐuŸ
°
¥ ýÿÿ_^[ÿ%€6Ÿ ‰ {Ÿ …œþÿÿPVÿ¤~Ÿ ;ÄPúÿÿé7èÿÿˆ`ÿÿÿ)ö‰µdÿÿÿ;µpÿÿÿƒóÿÿÿ%,8Ÿ D ÿµÌýÿÿ_·O:;È‚Íæÿÿÿ%S7Ÿ j ÿµ”üÿÿèÙ“ ƒÄé’æÿÿ•ÃŠÃöØÀƒàHé—õÿÿEäj
PÿŸ À„Ãíÿÿéôÿÿˆ…œþÿÿVPÿ5œ6Ÿ èd™ ƒÄ…œþÿÿé› èÁ¥ YP_YèÏ 1Çé#ðÿÿ_^[ÉÃèš* j™Y÷ù€ÂaˆC9óé÷ U‹ìƒì@VEðÿ5L8Ÿ Pÿ%Å7Ÿ ÿŸ …À…¡çÿÿéWñÿÿ‰Uì‰}è‰]üèúïÿÿ
À„\úÿÿéÒëÿÿMÐè ‰EØ¡ÄuŸ ‰EÜSSëvÿ5¼}Ÿ YéåÿÿˆÜvŸ VPÿœ~Ÿ 9Øÿ%k7Ÿ è* +ÒjY÷ñÿ4•V4Ÿ …˜üÿÿÿ%¾4Ÿ U‹ìQ¡ÄuŸ …À„vüÿÿéjüÿÿh ÿµÌýÿÿÿØ}Ÿ À…Uèÿÿÿ%ý5Ÿ SSÿô}Ÿ ‰Eà9]Øÿ%'6Ÿ …ùðÿÿÿ%ý7Ÿ ÿEðƒÆƒ}ð‚{ é_êÿÿÿu”ÿh}Ÿ …À…× éÉ ÿµpÿÿÿèœ Y‹ø‰½lÿÿÿ9ßé÷ÿÿÃWÿuüÿ53Ÿ ÿuøèSÓ YYPéðâÿÿ8ÔuŸ „Tóÿÿÿ%8Ÿ ‰5{Ÿ ¢ÔuŸ ¾
…œþÿÿVPÿ%˜6Ÿ è
ãÿÿÿ5{Ÿ X+É ÿ%t6Ÿ èxá ‰eè‰ã‰*ýÿÿWÿv(SèB› ƒÄé=üÿÿèœôÿÿ‹Èè ‰ ‰…$þÿÿPèä™ YP_‰½þÿÿÿ% 6Ÿ ÿu”ÿ0Ÿ WèA— Yj
ÿuäÿ%5Ÿ ƒÀ€8 …>êÿÿé`îÿÿP¡{Ÿ 
Pèäž YYè9
9{Ÿ … ÿ%l6Ÿ 2ÀÃMüÿéFëÿÿ‹6é8 ƒ=,{Ÿ …Ïáÿÿéð÷ÿÿUT]ìÈ SVW‹ù1Ûé´ýÿÿ‰Èýÿÿ~ÿ7^‰µÐýÿÿ;÷„‘æÿÿÿ%E5Ÿ è÷áÿÿ…4þÿÿPÿø|Ÿ ‰…þÿÿéòÿÿ‰ÖƒÆ‹ÆƒÀ$üÿ%â4Ÿ ÿw(è1* Vèè˜ Ñàf‰G,Vèܘ @Pÿ%¡3Ÿ è¦áÿÿ¡{Ÿ )É ;0ÿ%Ê4Ÿ PVÿŸ À…Œ÷ÿÿÿ%34Ÿ è¹èÿÿ„À„þåÿÿé(úÿÿÿuØé®öÿÿˆ0þÿÿÿµ(þÿÿÿŒ~Ÿ 80þÿÿ…ûîÿÿÿ%ï6Ÿ jÿSEÜPjÿ%#6Ÿ ¡{Ÿ À„ýáÿÿéñáÿÿSE˜Ph €ÿŸ …À…ÆçÿÿéèôÿÿÉ öØÀ8ÿÿÿ÷Ð!Èÿ%÷6Ÿ hÛ½@XÃSh {Ÿ SSPÿ*~Ÿ é0îÿÿEüh({Ÿ ^PEðVPÿ%q5Ÿ SèÛ— Ñàf‰G8SèÏ— @ÿ%3Ÿ *À_[þ„Aäÿÿÿ%]5Ÿ ìä
SVW‰eè1Û‰]Ô‰]Ü+À}àéTëÿÿYP_Yècÿÿÿøÿ%A3Ÿ P‹Eô÷ØÀ
øPÿŸ ÀéÀåÿÿè&àÿÿ‰pÿÿÿÿ5U3Ÿ …tÿÿÿPèÐ ÿ%q3Ÿ ÿµpÿÿÿWÿµhÿÿÿS…tÿÿÿPÿ%ú4Ÿ è’óÿÿ
À…¶èÿÿéåôÿÿPE¤j?Pè,› ƒÄE¤ˆ]ãPSÿ%ó6Ÿ ÿ~Ÿ H„Öøÿÿéîÿÿù3333„~ïÿÿé¤æÿÿŒêúÿÿéCàÿÿÿ{Ÿ èSñÿÿPÿ\{Ÿ éÖëÿÿYÃÿuüÿˆ}Ÿ ‰]üÿEøƒEðƒ}ø‚£òÿÿéùôÿÿè’æÿÿ„À„ªùÿÿéæõÿÿ…4þÿÿPÿà|Ÿ ‹ð‰µ(þÿÿƒþÿ„ÕýÿÿéMüÿÿ^ÃÇEü èI· ƒÄƒ=({Ÿ …›Þÿÿéºüÿÿ‹Mü²
èOòÿÿ
À„éôÿÿéÄ f9„“üÿÿÿ%û6Ÿ ƒ}ü
….þÿÿÿ%Î4Ÿ Sÿuôÿ¬~Ÿ ;ã{Ÿ …Òáÿÿéôÿÿè²Î YYèŸÞÿÿƒ=({Ÿ …+Þÿÿÿ%ë6Ÿ EÜÿ55Ÿ Pè‰Î YYèµÞÿÿPéîäÿÿ…pÿÿÿPW…hÿÿÿPS…tÿÿÿPÿu”ÿH}Ÿ ÿ%s7Ÿ „©èÿÿéØÞÿÿèyÞÿÿPèðÿÿPEèPÿ%û2Ÿ ÿujVÿŸ €}þ „[ïÿÿéeãÿÿ9Ç‚•âÿÿéÐîÿÿÿ5ê4Ÿ E˜PèþÍ YYE”Ph  éÅüÿÿ‰œˆ ³
è¥üÿÿŠÃ^[ÃèÒ… Æ…`ÿÿÿ
Wèæ” Yt0
ÿ%¯5Ÿ ‹uà9Þ„6âÿÿétëÿÿ„/ûÿÿé“öÿÿ=±yâ´…|øÿÿéßÿÿhðxŸ ÿ5{Ÿ ÿ¨~Ÿ ˆôyŸ Vÿ%R4Ÿ ÿuÿø~Ÿ P^ƒÆ‹ÆƒÀ$üè×Û ‹üÿ%8Ÿ èNÍ Y‰EüYéÊñÿÿ‹
{Ÿ 3À…É„‚àÿÿÿ%e3Ÿ 8Xÿÿÿ„Ãúÿÿÿ%ˆ6Ÿ ~‹7‰µÐýÿÿ9þ„Œáÿÿéïÿÿ3øWÿ5Q3Ÿ ÿuøèóÌ YYPE¤ÿ%¢4Ÿ PèáÌ ƒÄ…HÿÿÿPè1èÿÿPÿ%—5Ÿ AƒÂƒù<Œ5ôÿÿé-åÿÿÿuØÿˆ}Ÿ 9]à„æÿÿÿ%ò4Ÿ Pÿu”ÿH}Ÿ …À…çùÿÿéÀöÿÿEüPh  E¤Sÿ%õ7Ÿ ‚†ìÿÿÿ%i5Ÿ Wÿv0Pè¼” ÿµœýÿÿÿ%¹3Ÿ PEÜSPÿuðÇEô
ÿH}Ÿ ÀéŸêÿÿì\ SVW‰eèè»çÿÿ
À„3åÿÿéUàÿÿVè1“ Ñàf‰G@Vè%“ @PVÿwDÿ% 8Ÿ ÇEü
‰þÿÿÿµ þÿÿX+Çÿµþÿÿ^9ƃ âÿÿÿ%4Ÿ „Nàÿÿÿ%I5Ÿ ¡{Ÿ …À„wóÿÿéáÿÿVhc7Ÿ ÿuøè¥Ë YYPÿ%Þ4Ÿ 9؉A„9ôÿÿÿ%»5Ÿ YY…pÿÿÿPSSS…tÿÿÿÿ%I3Ÿ

Thanks in advance!

 

Whats the next step after creating the windows.txt?

Thx
Geist

 

Hello,

i already fixed the hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 02:04:23, on 12.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programme\ICQPlus\vplus.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQ\Icq.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\MyStuff\Programme\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37902.5721875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab


Used CWShredder, Adaware and Spybot and its still coming.

Here is the windows.txt

regf




*
P + ÿÿ C:\WINDOWS\system32\reg.exe ôw  @
ÿÿ C:\WINDOWS\System32\ntdll.dll -‚± hbin  INDOWS\system32\MPRA¨ÿÿÿnk, ì–fÆŠYÄ
ÿÿÿÿ ÿÿÿÿÿÿÿÿ ø x ÿÿÿÿ 0 >  Windows ÿÿÿsk x x
Ô
„¸ È   ¤    
  !  €
  !  ? 
    
    ? 

  

  


  

 Øÿÿÿvk >


fùAppInit_DLLsÖæG¸ÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ w i n c i o . d l l E ~ 1  h
Ðÿÿÿvk  

ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  _£ûóðÿÿÿ9 0  è( Ðÿÿÿvk  €' 
zGDIProcessHandleQuota"þàÿÿÿvk  €

°ºSpooler2ðÿÿÿy e s ð  h
à
0 ` ¨ àÿÿÿvk  €

=pswapdiskÐÿÿÿvk  

R¿TransmissionRetryTimeoutàÿÿÿh
à
0 ` ¨ È  Ðÿÿÿvk  €' 
USERProcessHandleQuota ¸ ð @    C:\WINDOWS\system32\NETAPI32.dll òv Ð @

 C:\WINDOWS\system32\WLDAP32.dll *v P
@ 
 C:\WINDOWS\system32\ATL.DLL w * @    C:\WINDOWS\system32\ole32.dll w ° @    C:\WINDOWS\system32\OLEAUT32.dll äv Ð @    C:\WINDOWS\system32\rtutils.dll ·q 
@ 
 C:\WINDOWS\system32\SAMLIB.dll bv P @ 
 C:\WINDOWS\system32\SETUPAPI.dll êv p @    C:\WINDOWS\system32\RASAPI32.dll åv 
@    C:\WINDOWS\system32\rasman.dll

I also downloaded this "Hiving" Program, but i dont know which .dll is the evil one. Id appreciate any help. Thx