Bitte schaut einmal mein HijackThis und escan logfile durch!

Makkus · 12.06.2005, 12:46

Hallo liebe boardies!

Ich habe leider vergessen, wie ich die störenden Einträge aus meinem escan-Logfile und HijackThis los werde.
Wer kann mir ein kleine Auffrischung geben?

Danke Makkus

Logfile of HijackThis v1.99.0
Scan saved at 13:39:03, on 12.06.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAMME\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\ROXIO\WINONCD 5 PE\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DIT.EXE
C:\WINDOWS\DITEXP.EXE
C:\PROGRAMME\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAMME\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAMME\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\1031\MSOFFICE.EXE
C:\PROGRAMME\T-DSL SPEEDMANAGER\TSMSVC.EXE
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
C:\EIGENE DATEIEN\MARKUS\DOWNLOADS\SPYWARE\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAMME\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAMME\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ASE Scheduler.lnk = C:\Programme\Windows Media Player\dlimport.exe

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\ACD Systems\PlugIns2\ijl11.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB99C991-C5B4-11D1-AFFA-00A024E9CDB2}" refers to invalid object "C:\PROGRAMME\ADAPTEC\SHARED\ECDC ENGINE\ACMWRAPPERSERVER.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00020D05-0000-0000-C000-000000000046}" refers to invalid object "outex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB7DF450-F119-11CD-8465-00AA00425D90}" refers to invalid object "C:\Programme\Microsoft Office\Office\". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C5-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C6-AE47-11D1-9975-00805F8AC636}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C7-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{744C3DF0-DFAE-11D1-826B-00805F2AB103}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765CB-AE47-11D1-9975-00805F8AC63E}" refers to invalid object "MNPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765CC-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "MNPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C8-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "EDPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62845280-4FE2-11D1-8EAC-00805FD26FAA}" refers to invalid object "LIPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EF56D61-A50F-11ce-B105-0000C04B2D52}" refers to invalid object "C:\Programme\Network Associates\VirusScan\S95EXT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5271D66-CA03-4d51-B035-3E8AFA1EFB76}" refers to invalid object "C:\PROGRAMME\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVRESC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{900C8CEE-C23A-2B01-5034-AF65A2382D27}" refers to invalid object "___.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D3E91FB-1C16-4D09-B1AB-41961FEDE58F}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06A24C79-76DF-4AAE-B88F-2E736CFD7E3C}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62B6C349-236F-40FC-AD58-CC277ADA26A0}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA7A2435-FDB9-4C97-B5A4-ECA4C2BB3F16}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{82132CCA-02BC-41C2-8191-97E9AEAAB4C5}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE3355E3-6840-4D96-A364-AAF243B41DBC}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B88AA92-D497-443D-9141-7571FE380D9C}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D6FA14C4-AFD6-4F8B-A22C-0395AA11CA99}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
Entry "HKCR\TSHOOT.TSHOOTCtrl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}". Action Taken: No Action Taken.

chaosman · 12.06.2005, 17:05

@Makkus
im logfile sehe ich nichts besonderes,
welche einträge stören dich?

du kannst gegen altnet spybot
downloaden und updaten, dann scannen lassen
benütze auch bitte der aktuelle version von HJT

http://www.hijackthis.de/

chaosman

Makkus · 12.06.2005, 19:42

Hallo Chaosman!

Vielen Dank für die Hinweise.
Ich werde es mit spybot versuchen.
Mit Ad-Aware hatte ich bis jetzt keinen Erfolg.

Ein Glück, dass es escan gibt.

Makkus

Bitte schaut einmal mein HijackThis und escan logfile durch!

Log-Analyse und Auswertung: Bitte schaut einmal mein HijackThis und escan logfile durch!