hatte Viren und Trojaner und nun ..

[Mark_Xp]

Hallo Freunde,

mein system war total infestiert, habe es glaube ich gesaeubert, kann bitte ihr profis mal nachsehen ob da was noch laeuft? danke

Gruss
Mark

Logfile of HijackThis v1.99.0
Scan saved at 12:47:12 PM, on 1/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
CROGRA~1GrisoftAVGFRE~1avgamsvr.exe
CROGRA~1GrisoftAVGFRE~1avgupsvc.exe
Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSSystem32gearsec.exe
Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
Crogram FilesiTunesiTunesHelper.exe
Crogram FilesQuickTimeqttask.exe
Crogram FilesSynapticsSynTPSynTPLpr.exe
Crogram FilesSynapticsSynTPSynTPEnh.exe
Crogram FilesiPodbiniPodService.exe
C:WINDOWSSystem32hphmon05.exe
Crogram FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe
C:WINDOWSStealthControl.exe
Crogram FilesCommon FilesRealUpdate_OBrealsched.exe
Crogram FilesSlySoftCloneCDCloneCDTray.exe
Crogram FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
Crogram FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSsystem32carpserv.exe
CROGRA~1GrisoftAVGFRE~1avgcc.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesYahoo!Messengerypager.exe
Crogram FilesMicrosoft ActiveSyncWCESCOMM.EXE
Crogram FilesAdobeAcrobat 5.0DistillrAcroTray.exe
Crogram FilesYahooPOPsYahooPOPs.exe
Crogram FilesT-OnlineT-Online_Software_5Basis-SoftwareBasis2kernel.exe
Crogram FilesT-OnlineT-Online_Software_5Basis-SoftwareBasis2sc_watch.exe
CROGRA~1T-OnlineT-ONLI~1BASIS-~1Basis2PROFIL~1.EXE
CROGRAM FILESMOZILLA FIREFOXFIREFOX.EXE
COCUME~1MarkLOCALS~1TempTemporary Directory 1 for hijackthis.zipHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =

Please, Anmelden or Registrieren to view URLs content!

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (Cocuments and SettingsMarkApplication DataMozillaProfilesdefaultqfv7pfo0.sltprefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (Cocuments and SettingsMarkApplication DataMozillaProfilesdefaultqfv7pfo0.sltprefs.js)
O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [iTunesHelper] Crogram FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Display Settings] Crogram FilesHPQNotebook Utilitieshptasks.exe /s
O4 - HKLM..Run: [SynTPLpr] Crogram FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] Crogram FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [HPHUPD05] crogram FilesHewlett-Packard{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe
O4 - HKLM..Run: [HPHmon05] C:WINDOWSSystem32hphmon05.exe
O4 - HKLM..Run: [RoxioEngineUtility] "Crogram FilesCommon FilesRoxio SharedSystemEngUtil.exe"
O4 - HKLM..Run: [RoxioDragToDisc] "Crogram FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"
O4 - HKLM..Run: [Cpqset] Crogram FilesHPQDefault Settingscpqset.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [StealthControl] C:WINDOWSStealthControl.exe
O4 - HKLM..Run: [TkBellExe] "Crogram FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [PCDRealtime] C:WINDOWSrealtime.exe
O4 - HKLM..Run: [CloneCDTray] "Crogram FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 - HKLM..Run: [HP Software Update] "Crogram FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [lssas Monitoring Startup] lssas.exe
O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [CARPService] carpserv.exe
O4 - HKLM..Run: [QT4HPOT] Crogram FilesHPQOne-TouchOneTouch.EXE
O4 - HKLM..Run: [Admilli Service] Crogram FilesAdmilli ServiceAdmilliServ.exe
O4 - HKLM..Run: [AVG7_CC] CROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..RunServices: [lssas Monitoring Startup] lssas.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Yahoo! Pager] Crogram FilesYahoo!Messengerypager.exe -quiet
O4 - HKCU..Run: [MoneyAgent] "crogram FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "Crogram FilesMicrosoft ActiveSyncWCESCOMM.EXE"
O4 - HKCU..Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU..Run: [lssas Monitoring Startup] lssas.exe
O4 - HKCU..RunServices: [] iexpl0res.exe
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = Crogram FilesAdobeAcrobat 5.0DistillrAcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = Crogram FilesQuickenbillmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = Crogram FilesQuickenbagent.exe
O4 - Global Startup: Quicken Startup.lnk = Crogram FilesQuickenQWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///Crogram FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///Crogram FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///Crogram FilesYahoo!Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavaj2re1.4.2binnpjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavaj2re1.4.2binnpjpi142.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - Crogram FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Crogram FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Crogram FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Crogram FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Crogram FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -

Please, Anmelden or Registrieren to view URLs content!

O17 - HKLMSystemCCSServicesTcpip..{73533EC7-7DBD-4773-988C-E7FC926B5B75}: NameServer = 217.237.151.97 217.237.150.33
O17 - HKLMSystemCS1ServicesTcpip..{73533EC7-7DBD-4773-988C-E7FC926B5B75}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: Ati HotKey Poller - Unknown - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - CROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - CROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Gear Security Service - GEAR Software - C:WINDOWSSystem32gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - Crogram FilesiPodbiniPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - Crogram FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe

 

[anonymum2]

Re: hatte Viren und Trojaner und nun ..

Hallo Mark_Xp

Diese einzeln fixen: Du weisst ja wie es jetzt geht.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [lssas Monitoring Startup] lssas.exe
O4 - HKLM\..\RunServices: [lssas Monitoring Startup] lssas.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [lssas Monitoring Startup] lssas.exe

 

[Mark_Xp]

Re: hatte Viren und Trojaner und nun ..

Hi rolfpower,

danke fuers durchschauen, bist du sicher ich muss die weg machen? ich dachte die werden benoetigt

Gruss
Mark

 

[anonymum2]

Re: hatte Viren und Trojaner und nun ..

Hallo Mark_Xp

Das ist ja der Clou Diese ausgesuchten Fehleinträge müssen weg,.
Wenn Du genau hinsiehst schreiben die Störenfriede wichtige Dateien um . Entwe der Buchstaben verdreher Grossbuchstaben, anstatt Klein. exe Dateien werden umbenannt und deshalb sind Deine ganzen Ausführungsdateien in der Registry = Verkehrsleitzentrale in Unordnung und deshalb funzt die Kiste nicht mehr. Auch wirst Du mit Reg-Supreme wahrscheinlich über hundert Einträge
finden,
die Komplett mit einem Rutsch gelöscht werden. Durch die Anwendung der richtigen Programme
ist dein System ja schon repariert worden. Jetzt muss nur noch der Abfall weg, damit keine Neuinfektion das System lahm legt. Dafür haben wir ja hier den Aufwand für Dich gemacht.

Gruss rolfpower