Hi^^
Da ich mir wieder sehr sicher bin, dass ich tausende trojaner und sonstiges zeuchs aufm pc hab, würde ich mich freuen, wenn einer mein HijackThis Log auswerten würde. Schonmal Danke :P

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:10:47, on 16.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Games\Steam\Steam.exe
c:\windows\system32\dwrszo.exe
C:\Programme\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\Kevin\LOKALE~1\Temp\_tc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [yzadfih] c:\windows\system32\dwrszo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Games\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOKUME~1\Kevin\LOKALE~1\Temp\nsxAF9.tmp"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4ABE30D-8167-401D-A790-BB80B31587F2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4ABE30D-8167-401D-A790-BB80B31587F2}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

Ich würde dir raten, dein System zunächst mit Escan zu prüfen und uns dann die Ergebnisse mitzuteilen.

Das stand in der eScan_neu.txt:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 18:55:04 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:19 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:38 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:03:41 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01234567\DrPMon[1].dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:04:30 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0VQFGHUD\svcproc[1].exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:05:06 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTAJ8TYJ\Poller[1].exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:12 2005 => Scanning File C:\Quarantäne\infected.log [**]
Sat Jul 16 19:45:13 2005 => File C:\Quarantäne\svcproc.exe.Vir infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.0 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.1 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.2 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.3 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.4 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:02:48 2005 => File

Die Virus Log Information ist unvollständig.
Poste nochmal die komplette Info.

Ups. Sorry^^ Nu ist hier das hoffentlich komplette:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 18:55:04 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:19 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 18:55:38 2005 => File c:\windows\system32\dwrszo.exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:03:41 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01234567\DrPMon[1].dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:04:30 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0VQFGHUD\svcproc[1].exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:05:06 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTAJ8TYJ\Poller[1].exe infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:12 2005 => Scanning File C:\Quarantäne\infected.log [**]
Sat Jul 16 19:45:13 2005 => File C:\Quarantäne\svcproc.exe.Vir infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.0 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.1 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.2 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.3 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 19:45:14 2005 => File C:\Quarantäne\svcproc.exe.Vir.4 infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:02:48 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:10:45 2005 => File D:\Polaris\Download\Xray.exe infected by "HackTool.Win32.Xray.a" Virus! Action Taken: No Action Taken.
Sat Jul 16 20:33:29 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 18:55:21 2005 => File D:\Polaris\polaris.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
Sat Jul 16 19:03:00 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temp\nsvAE6.tmp tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
Sat Jul 16 19:03:22 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temp\VRV\aurareco.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
Sat Jul 16 19:04:09 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0VQFGHUD\aurora[1].exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
Sat Jul 16 19:05:04 2005 => File C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CTAJ8TYJ\Nail[1].exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Sat Jul 16 19:07:37 2005 => File C:\Games\Drug Wars\DWTrainer.exe tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken.
Sat Jul 16 19:53:43 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
Sat Jul 16 20:07:28 2005 => File D:\downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Jul 16 20:09:28 2005 => File D:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Jul 16 20:10:25 2005 => File D:\Polaris\Addons\trsc-winamp_plugin__103.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sat Jul 16 20:10:49 2005 => File D:\Polaris\polaris.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
Sat Jul 16 20:22:37 2005 => File E:\Drugwars 1.3.1080.rar tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sat Jul 16 20:33:29 2005 => Total Virus(es) Found: 26
Sat Jul 16 20:33:29 2005 => Total Errors: 84
Sat Jul 16 20:33:29 2005 => Time Elapsed: 01:38:39
Sat Jul 16 20:33:29 2005 => Total Objects Scanned: 87710
Sat Jul 16 18:54:20 2005 => Virus Database Date: 2005/07/16
Sat Jul 16 20:33:29 2005 => Virus Database Date: 2005/07/16
Sat Jul 16 20:43:55 2005 => Virus Database Date: 2005/07/16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

@Phytagoras
Agent.db
hier ein paar infos
http://www.sophos.de/virusinfo/analy...ojagentdb.html
ich kann dir nur raten dein system neu aufzusetzen, da es sich um ein backdoor handelt.
hier eine anleitung http://www.trojaner-board.de/showpos...28&postcount=2


sry
chaosman

Gibts denn keine andere möglichkeit, dass ding wegzubekommen?