oha..

Logfile of HijackThis v1.99.1

Scan saved at 12:31:28, on 19.06.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\D-Tools\daemon.exe
C:\WINNT\system32\internat.exe
C:\Programme\Winamp\winamp.exe
D:\Programme\Winmx\UL 0MX\WinMX.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Programme\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) fastsearchweb.com/srh.php?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ab:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page er-mit-wem.webhop.net/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page websearchnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mcicdb.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) globo-search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\DOKUME~1LOKALE~1\Temp\20041009\SERCH_~1.DLL (file missing)
O2 - BHO: - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\H13E62~1.DLL (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Popup Blocker - {815A82AE-CDEF-11D8-BA48-A6D245798277}
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecust.dll (file missing)
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int51828.exe -auto
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\zp2b1yeu7lru7thd.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [aconti] C:\\WINDOWS\\aconti.exe -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LtcyCfgApply] "D:\Programme\Geforce Latency Tweaker\LtcyCfg.exe" /a
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\off2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Programme\preispirat\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O15 - Trusted ]63.219.181.7[/url]
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - ]63.219.181.7/cax.cab[/url]
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!//greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!/v73.us/count//x.chm::/open.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!/82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{958976AA-C55F-47D1-89B7-36A5BDB1BF2B}: NameServer = 217.237.151.97 217.237.150.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA2F2CB-8F3E-4066-AB77-F4AF5F9EC64C}: NameServer = 69.50.188.178,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFBC2938-FA6C-4B5B-B0F9-E540230D28C3}: NameServer = 69.50.188.178,69.31.80.244
O18 - Filter: text/html - {C43F63FB-88DE-43ED-A14F-0F67F74B4E51} - C:\WINNT\system32\mcicdb.dll
O18 - Filter: text/plain - {C43F63FB-88DE-43ED-A14F-0F67F74B4E51} - C:\WINNT\system32\mcicdb.dll
O20 - AppInit_DLLs: 74x46vwre7i3.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINNT\SYSTEM32\GEARSEC.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINNT\system32\OOD2000.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Hallo,

führe dies aus -> http://www.trojaner-board.de/showpos...35&postcount=4.

btw:
Die beiden letzten Sätze treffen bei dir nicht zu.

...habe den neuen beitrag wohl falsch hier gepostet..

http://www.trojaner-board.de/showthr...849#post149849