TR/Small.Dld.FO. nicht loszuwerden

Batto

Hi an alle hier,
der Osterhase hat mir keine bunten Eier dafür aber den Trojaner TR/Small.Dld.FO gebracht.
AntiVir und Norton finden zwar ständig was und ich lösche auch immer kräftig, aber ich werde den Bastard nicht los. Habe mich schon ein wenig im Forum kundig gemacht und mit HijackThis ein Logfile erstellt.

Jetzt brauche ich Hilfe - Was muß ich nun fixen?
was nicht?

Logfile of HijackThis v1.97.7
Scan saved at 03:09:51, on 14.04.2002
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe
C:\Programme\Norton SystemWorks\Norton Antivirus NT\POPROXY.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Programme\TotalRecorder\TotRecSched.exe
C:\Programme\Mouse\Amoumain.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Ad-aware 6\Ad-watch.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINNT\System32\internat.exe
C:\WINNT\NCLAUNCH.EXe
C:\Programme\NetMeeting\conf.exe
C:\Programme\FinePixViewer\QuickDCF.exe
C:\Programme\FRITZ!\FriFon32.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
C:\Programme\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\cidaemon.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\a2\a2guard.exe
C:\Programme\a2\a2start.exe
C:\WINNT\explorer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Download\Sicherheits - Tools\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://my.search/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://my.search/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://my.search/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {1E28EF32-589C-4E1B-B9C1-B4ECEA2F30DD} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NORTON~1\NORTON~3\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~3\defalert.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Programme\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\Norton SystemWorks\Norton Antivirus NT\POPROXY.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Programme\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Programme\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AudioHQ] C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Ad-watch] C:\Programme\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Programme\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [a²] "C:\Programme\a2\a2guard.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programme\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Startup: ISDNWatch Filter.lnk = C:\Programme\FRITZ!\Iwfilter.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Global Startup: FRITZ!fon.lnk = C:\Programme\FRITZ!\FriFon32.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Norton SystemWorks\Norton Antivirus NT\NAVAPW32.EXE
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.arcor.de
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!hxxp://66.117.38.54:80/iex/ofile.exe?url=hxxp://66.117.38.54:80/dexGB560.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/filesharing/activex/upload.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37634.5092013889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4310/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A82FB2D-9AFF-4219-B257-7791643D0D4E}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{58F42277-F3E8-4FE4-8E45-267A4DC5750A}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A82FB2D-9AFF-4219-B257-7791643D0D4E}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A82FB2D-9AFF-4219-B257-7791643D0D4E}: NameServer = 192.168.120.252,192.168.120.253


Bin über jede Hilfe dankbar