Hi!
Habe schonmal einen ähnlichen Post geschrieben, im Endeffekt konnte mir aber anscheinend keiner helfen. Hier sind einmal der Bericht vom "Sophos" und einmal ein HijackThis Log-File. Ich hoffe, das hilft weiter und ihr könnt mir vielleicht helfen oder sagen, wie ich vorgehen soll.

Sophos-Bericht:

Sophos Anti-Virus
Version 4.15.0 [Win32/Intel]
Virus data version 4.15, March 2007
Includes detection for 223589 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, Sophos - anti-virus and anti-spam software for businesses

System time 00:02:37, System date 24 February 2007
Command line qualifiers are: -di -remove -f -all -mime -mbr -noc -archive -opt=ISCabinet --stop-scan

IDE directory is: c:\AV-CLS\Sophos

Using IDE file lager-u.ide
Using IDE file agentdww.ide
Using IDE file bagdl-cj.ide
Using IDE file banl-avp.ide
Using IDE file bgldl-ca.ide
Using IDE file bho-be.ide
Using IDE file blic-a.ide
Using IDE file limpne-a.ide
Using IDE file bront-cr.ide
Using IDE file zasran-h.ide
Using IDE file clagg-ax.ide
Using IDE file clagr-ay.ide
Using IDE file delbot-g.ide
Using IDE file delbot-h.ide
Using IDE file delf-elf.ide
Using IDE file zapch-cx.ide
Using IDE file dloa-akq.ide
Using IDE file dloa-atg.ide
Using IDE file dlod-atw.ide
Using IDE file dolla-cm.ide
Using IDE file dref-ac.ide
Using IDE file dref-ae.ide
Using IDE file dref-q.ide
Using IDE file lookd-ca.ide
Using IDE file ds070219.ide
Using IDE file ds070220.ide
Using IDE file ds070221.ide
Using IDE file ds070222.ide
Using IDE file ds070223.ide
Using IDE file sohana-g.ide
Using IDE file soad-c.ide
Using IDE file fujac-aa.ide
Using IDE file fujack-i.ide
Using IDE file murlo-ek.ide
Using IDE file fujack-r.ide
Using IDE file fujack-z.ide
Using IDE file piggi-b.ide
Using IDE file iframe-b.ide
Using IDE file pitin-a.ide
Using IDE file zlob-zp.ide
Using IDE file lazy-a.ide
Using IDE file tileb-iw.ide
Using IDE file spy-ul.ide
Using IDE file psyme-dz.ide
Using IDE file poebo-kg.ide
Using IDE file sillyf-r.ide
Using IDE file sdbt-czq.ide
Using IDE file looke-ar.ide
Using IDE file rbot-gfk.ide
Using IDE file spamto-u.ide
Using IDE file rbot-gep.ide
Using IDE file pulcer-a.ide
Using IDE file poebo-ke.ide
Using IDE file rbot-gdc.ide
Using IDE file rbot-fwl.ide
Using IDE file rbot-gdb.ide
Using IDE file rbot-ful.ide
Using IDE file ircbo-ub.ide
Using IDE file rbot-gci.ide
Using IDE file fujack-p.ide
Using IDE file gampas-h.ide
Using IDE file dwnl-gag.ide
Using IDE file ds070209.ide
Using IDE file lookd-bw.ide
Using IDE file sdb-dlc.ide
Using IDE file dldr-atd.ide
Using IDE file bront-cp.ide
Using IDE file mooler-b.ide
Using IDE file dwn-gai.ide
Using IDE file msnvb-d.ide
Using IDE file lookd-bu.ide
Using IDE file strat-cu.ide
Using IDE file tileb-ip.ide
Using IDE file cimu-ca.ide
Using IDE file zapch-cw.ide
Using IDE file line-aiv.ide
Using IDE file look-bx.ide
Using IDE file zlob-zt.ide

Full Scanning

Could not open c:\Dokumente und Einstellungen\"name"\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\Us rClass.dat
Could not open c:\Dokumente und Einstellungen\"name"\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\Us rClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\Us rClass.dat
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\Us rClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\Us rClass.dat
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\Us rClass.dat.LOG
Could not open c:\WINDOWS\system32\CatRoot2\edb.log
Could not open c:\WINDOWS\system32\CatRoot2\tmp.edb
Could not open c:\WINDOWS\system32\config\system.LOG
>>> Virus 'Troj/Cimuz-BW' found in file c:\WINDOWS\system32\rsvp32_2.dll
Removal failed
>>> Virus 'Troj/Dorf-Fam' found in file c:\WINDOWS\system32\wincom32.sys
Removal successful
Could not check d:\RECYCLER\S-1-5-21-1757981266-1960408961-725345543-1004\Dd9.exe\SfxArchiveData\Sarc0000 (corrupt)

1 master boot record swept.
37687 files swept in 37 minutes and 29 seconds.
10 errors were encountered.
2 viruses were discovered.
2 files out of 37687 were infected.
Please send infected samples to Sophos for analysis.
For advice consult Sophos - anti-virus and anti-spam software for businesses, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.



HiJackThis Log-File:

Logfile of HijackThis v1.99.1
Scan saved at 16:42:08, on 22.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\Fast.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\DOKUME~1\HENRIK~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Trojaner-Board - powered by Trojaner-Board
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Trojaner-Board - powered by Trojaner-Board
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Trojaner-Board - powered by Trojaner-Board
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Trojaner-Board - powered by Trojaner-Board
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe


Hoffe, das hilft. MFG Memoryx

Hallo

so wie es aussieht war auf deinem System ein Backdoortrojaner aktiv

Zitat:

Zitat von Sophos, Troj/Dorf-Fam

* Ermöglicht Dritten den Zugriff auf den Computer
* Lädt Code aus dem Internet herunter
* Reduziert die Systemsicherheit

und zusätzlich ein Schädling der Informationen stielt, wie immer diese aussehen und auch ungefragt E-Mails mit wohl sehr fraglichem Inhalten verschickt.

Zitat:

Zitat von Sophos, Troj/Cimuz-BW

* Steals information
* Uses its own emailing engine
* Downloads code from the internet
* Installs itself in the Registry
* Leaves non-infected files on computer

Ich rate dir folge dieser Anleitung zur Neuinstallation mit anschließender Absicherung des Systems --> Anleitung zum neuaufsetzen des Systems

MFG