http://213.159.117.134/index.php

ramz

Diese Seite wird bei mir immer im IE geöffnet, wenn ich ins Internet will.
Danach rebelliert auch gleich mein Virenscanner (AntiVir) und meldet mir mehrere Trojaner. Was kann ich machen? Hier ist mal der Logfile aus Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 16:29:39, on 31.10.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\TikTo.exe
C:\WINDOWS\System32\phqghume.exe
C:\WINDOWS\System32\OfficeGUI32.exe
C:\Dokumente und Einstellungen\Wolfgang Zink\Anwendungsdaten\isra.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Wolfgang Zink\Eigene Dateien\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=136299
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [aconti] C:\\WINDOWS\\aconti.exe -auto
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Update] phqghume.exe
O4 - HKLM\..\Run: [Remote Procedure Call For Windows 32bit.] rpc.exe
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [MS Office32 Startup] OfficeGUI32.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [ngl] C:\WINDOWS\ngl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] phqghume.exe
O4 - HKLM\..\RunServices: [Remote Procedure Call For Windows 32bit.] rpc.exe
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [MS Office32 Startup] OfficeGUI32.exe
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [Microsoft Update] phqghume.exe
O4 - HKCU\..\Run: [MS Office32 Startup] OfficeGUI32.exe
O4 - HKCU\..\Run: [Aaee] C:\Dokumente und Einstellungen\Wolfgang Zink\Anwendungsdaten\isra.exe
O4 - Global Startup: Brockhaus-Direktsuche.lnk = C:\Programme\Brockhaus Multimedia\Brockhaus multimedial\PGBMM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv65/x.chm::/load.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...22c1007aedefb3
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1E43F28-16A5-49AF-B713-305F3CC3D21F}: NameServer = 217.237.149.225 217.237.151.97

Danke mal im Voraus....