Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte schaut einmal mein HijackThis und escan logfile durch! (https://www.trojaner-board.de/18868-bitte-schaut-einmal-hijackthis-escan-logfile.html)

Makkus 12.06.2005 12:46
Bitte schaut einmal mein HijackThis und escan logfile durch!
 
Hallo liebe boardies!

Ich habe leider vergessen, wie ich die störenden Einträge aus meinem escan-Logfile und hijackthis los werde.
Wer kann mir ein kleine Auffrischung geben?

Danke Makkus

Logfile of HijackThis v1.99.0
Scan saved at 13:39:03, on 12.06.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAMME\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\ROXIO\WINONCD 5 PE\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DIT.EXE
C:\WINDOWS\DITEXP.EXE
C:\PROGRAMME\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAMME\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAMME\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\1031\MSOFFICE.EXE
C:\PROGRAMME\T-DSL SPEEDMANAGER\TSMSVC.EXE
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
C:\EIGENE DATEIEN\MARKUS\DOWNLOADS\SPYWARE\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAMME\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAMME\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ASE Scheduler.lnk = C:\Programme\Windows Media Player\dlimport.exe

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\ACD Systems\PlugIns2\ijl11.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB99C991-C5B4-11D1-AFFA-00A024E9CDB2}" refers to invalid object "C:\PROGRAMME\ADAPTEC\SHARED\ECDC ENGINE\ACMWRAPPERSERVER.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00020D05-0000-0000-C000-000000000046}" refers to invalid object "outex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB7DF450-F119-11CD-8465-00AA00425D90}" refers to invalid object "C:\Programme\Microsoft Office\Office\". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C5-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C6-AE47-11D1-9975-00805F8AC636}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C7-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{744C3DF0-DFAE-11D1-826B-00805F2AB103}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765CB-AE47-11D1-9975-00805F8AC63E}" refers to invalid object "MNPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765CC-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "MNPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C8-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "EDPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62845280-4FE2-11D1-8EAC-00805FD26FAA}" refers to invalid object "LIPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EF56D61-A50F-11ce-B105-0000C04B2D52}" refers to invalid object "C:\Programme\Network Associates\VirusScan\S95EXT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5271D66-CA03-4d51-B035-3E8AFA1EFB76}" refers to invalid object "C:\PROGRAMME\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVRESC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{900C8CEE-C23A-2B01-5034-AF65A2382D27}" refers to invalid object "___.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D3E91FB-1C16-4D09-B1AB-41961FEDE58F}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06A24C79-76DF-4AAE-B88F-2E736CFD7E3C}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62B6C349-236F-40FC-AD58-CC277ADA26A0}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA7A2435-FDB9-4C97-B5A4-ECA4C2BB3F16}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{82132CCA-02BC-41C2-8191-97E9AEAAB4C5}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE3355E3-6840-4D96-A364-AAF243B41DBC}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B88AA92-D497-443D-9141-7571FE380D9C}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D6FA14C4-AFD6-4F8B-A22C-0395AA11CA99}" refers to invalid object "C:\WINDOWS\SYSTEM\MCICDB.DLL". Action Taken: No Action Taken.
Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
Entry "HKCR\TSHOOT.TSHOOTCtrl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}". Action Taken: No Action Taken.

chaosman 12.06.2005 17:05
@Makkus
im logfile sehe ich nichts besonderes,
welche einträge stören dich?

du kannst gegen altnet spybot
downloaden und updaten, dann scannen lassen
benütze auch bitte der aktuelle version von HJT ;)
http://www.hijackthis.de/

chaosman

Makkus 12.06.2005 19:42
Hallo Chaosman!

Vielen Dank für die Hinweise.
Ich werde es mit spybot versuchen.
Mit Ad-Aware hatte ich bis jetzt keinen Erfolg.

Ein Glück, dass es escan gibt.

Makkus


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131