Hallo, ich weiß nicht genau was ich mir da eingefangen hab, aber vielleicht könnt ihr mir ja helfen es wieder loszuwerden ...

hier ist das hijackthis-log:

Logfile of HijackThis v1.99.1
Scan saved at 09:58:01, on 20.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Norton Personal Firewall\IAMAPP.EXE
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\AntiVir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\cstr.exe
C:\Programme\AntiVir\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AntiVir\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\Programme\Norton Personal Firewall\NISSERV.EXE
C:\Programme\Norton Personal Firewall\SymProxySvc.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\Programme\Opera7\opera.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Trish\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_p...ount_id=158290
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_p...ount_id=158290
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=158290
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [winmgr.exe] scvhost.exe
O4 - HKLM\..\Run: [aK7BCbCj] C:\WINDOWS\njtxsyh.exe
O4 - HKLM\..\Run: [Norton Update] cUpdate.exe
O4 - HKLM\..\Run: [l4PLAfV] C:\WINDOWS\njtxsyh.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [xwd] C:\WINDOWS\xwd.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AntiVir\AVGNT.EXE /min
O4 - HKLM\..\Run: [regmgr32nt] msbin32.exe
O4 - HKLM\..\Run: [nvsv32.exe] cstr.exe
O4 - HKLM\..\RunServices: [winmgr.exe] scvhost.exe
O4 - HKLM\..\RunServices: [Norton Update] cUpdate.exe
O4 - HKLM\..\RunServices: [regmgr32nt] msbin32.exe
O4 - HKLM\..\RunServices: [nvsv32.exe] cstr.exe
O4 - HKLM\..\RunOnce: [nvsv32.exe] cstr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [regmgr32nt] msbin32.exe
O4 - HKCU\..\Run: [nvsv32.exe] cstr.exe
O4 - HKCU\..\RunServices: [regmgr32nt] msbin32.exe
O4 - HKCU\..\RunOnce: [nvsv32.exe] cstr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108888358983
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B6DBFD7-AFDB-40CC-A966-86A638AE78FC}: Domain = lop.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{97D40DB0-6AFF-4B4F-96E7-EAE3A5C009BB}: NameServer = 139.30.8.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uni-rostock.de
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B6DBFD7-AFDB-40CC-A966-86A638AE78FC}: Domain = lop.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uni-rostock.de
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AntiVir\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\minixampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programme\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe


danke schön
lg
rhaps

Hallo,

nur mal ein paar Beispiele von deinem extrem verseuchtem System:

Zitat:

O4 - HKLM\..\Run: [winmgr.exe] scvhost.exe

Siehe http://www.sophos.de/virusinfo/analy...2agobotpb.html

Zitat:

# Schaltet Antiviren-Anwendungen aus
# Verändert Daten auf dem Computer
# Stiehlt Daten
# Reduziert die Systemsicherheit
# Speichert Tastenfolgen
# Installiert sich in der Registrierung

Zitat:

O4 - HKLM\..\Run: [regmgr32nt] msbin32.exe

Siehe http://uk.trendmicro-europe.com/ente...WORM_SDBOT.AOO

Zitat:

This worm has backdoor capabilities. It connects to a remote IRC server and joins a specific IRC channel, where it listens for commands coming from a remote malicious user, such as the following:

* Perform basic IRC commands
* Perform basic FTP commands
* Scan ports
* Perform Ping, UDP, TCP, SYN, and ICMP flood attacks
* Execute, list, or terminate processes
* Open a remote command shell
* Download, search, or delete files
* Open FTP server
* Start up proxy server
* Send email
* Get system and network information
* Get Windows logon password
* List, start, or stop service
* Create, list, or delete user accounts
* Add, delete, list network shares
* Enable or disable DCOM
* Enable or disable anonymous login
* Flush DNS Cache

Kurz gesagt, dein System gehört nicht mehr dir, da jederzeit die Möglichkeit für Dritte bestand und noch besteht, das System fernzusteuern. Daraus resultiert diese logische Konsequenz, ein Neuaufsetzen deines Systems um wieder einen vertrauenswürdigen Zustand herzustellen. Siehe den Link in meiner Signatur.