Trojaner-Board - Könnte jemand mein HJT Log file durschauen?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Könnte jemand mein HJT Log file durschauen? (https://www.trojaner-board.de/24588-koennte-jemand-hjt-log-file-durschauen.html)

Könnte jemand mein HJT Log file durschauen?

Logfile of HijackThis v1.99.1
Scan saved at 17:37:30, on 16.12.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Programme\0190 Warner\w0svc.exe
D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
d:\Programme\FRITZ!DSL\IGDCTRL.EXE
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Jana2\janad.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\AVPersonal\AVGNT.EXE
D:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Programme\FRITZ!DSL\FwebProt.exe
d:\Programme\T-DSL SpeedManager\tsmsvc.exe
d:\Programme\FRITZ!DSL\StCenter.EXE
C:\WINNT\system32\WISPTIS.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Programme\Mozilla Firefox\firefox.exe
D:\*\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - D:\Programme\GMX\GMX Toolbar\toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [cFosDNT] REM C:\Programme\GMX Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [Cmaudio] REM RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] REM C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [0190 Warner] D:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [ICQ Lite] REM d:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] REM ctfmon.exe
O4 - Startup: FRITZ!DSL Protect.lnk = D:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\apps\mso\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Star Downloader - D:\Programme\Star Downloader\sdie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\apps\mso\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\apps\mso\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EC05FDF-B1F9-41D2-B737-3A1BE3451EA6} (RDXSoftwareChatClient.RDXChatClient) - http://www.syz.de/rdxchat/rdxchatv2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123401536541
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08818599-FCF8-4FEE-A99D-22025EAA0BC7}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - D:\Programme\0190 Warner\w0svc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AVM IGD CTRL Service - AVM Berlin - d:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Jana Server 2 (Janad) - Thomas Hauck, Privat - C:\Programme\Jana2\janad.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - d:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Hallo

anbei mein escan logfile,mit find.rar ausgelesen.

Könnte sich das jemand anschauen?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 17 21:40:09 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sat Dec 17 21:40:13 2005 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Sat Dec 17 21:40:13 2005 => System found infected with abetterinternet Spyware/Adware (bi.ini)! Action taken: No Action Taken.
Sat Dec 17 21:40:13 2005 => System found infected with whenu/savenow Spyware/Adware (wuinst.dll)! Action taken: No Action Taken.
Sat Dec 17 21:40:13 2005 => System found infected with cydoor Spyware/Adware (im64.dll)! Action taken: No Action Taken.
Sat Dec 17 21:40:13 2005 => System found infected with 007guard.com hijacker Spyware/Adware (plugin.dll)! Action taken: No Action Taken.
Sat Dec 17 21:40:13 2005 => System found infected with cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.
Sat Dec 17 21:40:17 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.
Sat Dec 17 21:40:21 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Dec 17 21:40:21 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Dec 17 21:40:21 2005 => System found infected with zipitpro Spyware/Adware (C:\WINNT\iun6002.exe)! Action taken: No Action Taken.
Sat Dec 17 23:33:47 2005 => Scanning Folder: D:\Programme\AVPersonal\INFECTED\*.*
Sat Dec 17 23:33:47 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\AUDIOCONVERTER_SETUP.EXE.VIR
Sun Dec 18 00:01:50 2005 => File D:\*\wcamdog4.exe infected by "Trojan-Spy.Win32.Delf.jx" Virus! Action Taken: No Action Taken.
Sun Dec 18 00:18:09 2005 => File D:\*\Verlorene Dateien\Anwendungsdaten\Thunderbird\Profiles\seco08dx.default\Mail\Local Folders\*-Roland *.sbd\Posteingang infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Sun Dec 18 01:02:46 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 17 21:45:21 2005 => File C:\WINNT\system32\SplWbr.dll tagged as "not-a-virus:AdWare.Win32.VirtualBouncer.j". Action Taken: No Action Taken.
Sat Dec 17 21:54:56 2005 => File C:\WINNT\Downloaded Program Files\WUInst.dll tagged as "not-a-virus:AdWare.Win32.SaveNow.ab". Action Taken: No Action Taken.
Sat Dec 17 22:59:40 2005 => File C:\Programme\RealVNC\WinVNC\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
Sat Dec 17 22:59:40 2005 => File C:\Programme\RealVNC\WinVNC\othread2.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
Sat Dec 17 22:59:40 2005 => File C:\Programme\RealVNC\WinVNC\vnchooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
Sat Dec 17 23:25:27 2005 => File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sun Dec 18 00:00:55 2005 => File D:\*\vnc-3.3.7-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\powersearch !!!
Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\180solutions !!!
Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\dbi !!!
Sat Dec 17 21:40:11 2005 => Offending Key found: HKLM\Software\gnu !!!
Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\iun6002.exe
Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\bi.ini
Sat Dec 17 21:40:13 2005 => Offending Folder found: C:\WINNT\DOWNLO~1\conflict.1
Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\DOWNLO~1\wuinst.dll
Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\system32\im64.dll
Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\system32\plugin.dll
Sat Dec 17 21:40:13 2005 => Offending file found: C:\WINNT\system32\cd_clint.dll
Sat Dec 17 21:40:14 2005 => Offending Folder found: C:\Programme\powersearch
Sat Dec 17 21:40:14 2005 => Offending Folder found: C:\Programme\password-finder
Sat Dec 17 21:40:17 2005 => Offending file found: C:\Dokumente und Einstellungen\* *.*1\Lokale Einstellungen\temp\outlook logging\firstrun.log
Sat Dec 17 21:40:21 2005 => Offending file found: C:\WINNT\iun6002.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Dec 18 01:02:46 2005 => Total Virus(es) Found: 27
Sun Dec 18 01:02:46 2005 => Total Errors: 437
Sun Dec 18 01:02:46 2005 => Time Elapsed: 03:22:56
Sun Dec 18 01:02:46 2005 => Total Objects Scanned: 166285
Sat Dec 17 21:30:47 2005 => Virus Database Date: 2005/12/12
Sat Dec 17 21:32:23 2005 => Virus Database Date: 2005/12/17
Sat Dec 17 21:38:34 2005 => Virus Database Date: 2005/12/17
Sun Dec 18 01:02:46 2005 => Virus Database Date: 2005/12/17
Sun Dec 18 07:06:11 2005 => Virus Database Date: 2005/12/17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Ich hab da noch solche komischen Einträge, was haben die zu bedeuten?

Entry "HKCR\CLSID\{FEAE0BEA-7182-43EA-B081-0715AD6F42F8}" refers to invalid object "C:\Programme\ICQ\ICQSystemMsgPlugin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FF51CB06-15AC-46AB-AEBC-090180B64223}" refers to invalid object "C:\Programme\ICQ\ICQStDlg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FF5C8342-F369-406A-8E17-3F97238181C3}" refers to invalid object "C:\PROGRA~1\ICQ\ICQEDI~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FFAE6E5C-1201-4F9C-82B6-F03184714FD2}" refers to invalid object "C:\Programme\ICQ\ICQSMS.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{002E7DA2-BA9E-11D1-B526-0060085C418E}" refers to invalid object "D:\Programme\Norton SystemWorks\Speed Disk\VolumeS.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{02926246-D3D1-11D1-B545-0060085C418E}" refers to invalid object "D:\Programme\Norton SystemWorks\Speed Disk\SDOptions.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307E43ED-E76F-11D3-BCDE-0004AC961EA6}" refers to invalid object "C:\Programme\ICQ\ICQOTLX.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{30C7EED5-DC7A-11D3-BCDD-0004AC961EA6}" refers to invalid object "C:\Programme\ICQ\ICQOutL.dll". Action Taken: No Action Taken.

??????????