satmat.exe
 

Hi,

erstelle ein Hijack This Logfile und poste es mittels copy&paste:http://www.trojaner-board.de/51130-a...ijackthis.html Denk bitte daran, dass das Programm Hijack This in einem neuen Ordner unter C: laufen sollte, siehe dazu auch Hijack This

http://www.cosgan.net/images/smilie/sportlich/a050.gif
Gruß Gigamail

so:

Logfile of HijackThis v1.99.0
Scan saved at 22:28:17, on 08.02.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fssm32.exe
C:\Programme\T-TeleSec Personal Security Service\Common\FSMA32.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSMB32.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FCH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programme\T-TeleSec Personal Security Service\Common\FAMEH32.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsav32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\auucqe.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\NaviSearch\bin\nls.exe
C:\Programme\T-TeleSec Personal Security Service\FWES\Program\fsdfwd.exe
C:\Programme\T-TeleSec Personal Security Service\FSGUI\ispnews.exe
C:\WINNT\system32\internat.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-TeleSec Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.businessonline.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.businessonline.t-online.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.telekom.de/bo/firststart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-DSL Business
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem303.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINNT\system32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [fvkaby] C:\WINNT\system32\auucqe.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Gscmqk] C:\Program Files\Bfte\Gizjdi.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [BOL Master] F:\Setup.exe
O4 - HKLM\..\Run: [BusinessOnline Log] "C:\Programme\T-DSL Business\BOLog.exe"
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\defragfat32pi.exe
O4 - HKLM\..\Run: [RSPC Driver] rspc.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\T-TeleSec Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\T-TeleSec Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\T-TeleSec Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\T-TeleSec Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [RSPC Driver] rspc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [RSPC Driver] rspc.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.businessonline.t-online.de
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B70AD9AA-003C-4D2D-B96C-D94377D0D729}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: T-Telesec Personal Security Service - Unknown - C:\PROGRA~1\T-TELE~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Programme\T-TeleSec Personal Security Service\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Programme\T-TeleSec Personal Security Service\Common\FSMA32.EXE
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe

Hallo,

dein System ist dermassen von Spy-, Ad- und Malware durchzogen, dass nur ein Neuaufsetzen deines Systems als wirklich sichere Lösung in Frage kommt.

Unter anderem waren oder sind immer noch diese beiden Würmer mit Backdoor Funktionalität aktiv ->

http://www.windowspower.de/fileup/upload/10501.txt
http://startup.iamnotageek.com/srch-...t32pi.exe.html

Eine Anleitung findest du im Link in meiner Signatur.

ok, danke.
hab ich mir schon gedacht.. :schmoll: