Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hab eine Tojanisches Pferd und werd es nicht los! (https://www.trojaner-board.de/51675-hab-tojanisches-pferd-werd-los.html)

Nico-san 19.04.2008 07:40
Hab eine Tojanisches Pferd und werd es nicht los!
 
Hallo Leute!
Bin am verzweifeln weil ich das Trojanische Pferd einfach nicht los werde. Die Datei kann ich auch nicht löschen, dann sagt er mir das es von anderen Benutzern benutzt wird, dabei sind die garnicht angemeldet oder so.
C:\WINDOWS\system32\ljJCttQK.dll nennt mir AntiVir immer und immer wieder!
Ich hoffe einer kann mir weiterhelfen!
Eure, sehr verzweifelte, Nico-san

BataAlexander 19.04.2008 08:14
Deckards System Scanner (DSS)

Hier gibt es das Tool -> dss.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als [CODE][/CODE]


Was Deckards System Scanner macht:

* Es Erstellt einen System Wiederherstellungspunkt
* es säubert die temporären Dateien, Downloaded Program Files, Internet
Cache Dateien und es leert den Mülleimer auf allen Laufwerken.

Nico-san 19.04.2008 08:45
Code:
Deckard's System Scanner v20071014.68
Run by Anna on 2008-04-19 09:34:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
74: 2008-04-19 07:34:49 UTC - RP138 - Deckard's System Scanner Restore Point
73: 2008-04-18 20:11:09 UTC - RP137 - Last known good configuration
72: 2008-04-18 20:10:59 UTC - RP136 - Systemprüfpunkt
71: 2008-04-18 20:10:58 UTC - RP135 - Systemprüfpunkt
70: 2008-04-18 20:10:58 UTC - RP134 - Systemprüfpunkt


-- First Restore Point --
1: 2008-04-18 20:10:47 UTC - RP65 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 09:36:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\explorer.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Seekmo\bin\10.0.406.0\OEAddOn.exe
C:\Programme\Seekmo\bin\10.0.406.0\SeekmoSA.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Last.fm\LastFMHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Anna\Desktop\dss.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 80.190.241.30 home.edonkey.com
O1 - Hosts: 80.190.241.30 home.edonkey.com
O1 - Hosts: 80.190.241.30 home.edonkey.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C2E713769FA4692A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Programme\Seekmo\bin\10.0.406.0\HostIE.dll
O2 - BHO: (no name) - {566620E0-C507-4D9E-B28A-50C06CD1A0DB} - C:\WINDOWS\system32\ljJCttQK.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7B4B5C4A-0017-4912-B59D-842541B680F5} - C:\WINDOWS\system32\yayyXOif.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDS Viewer - {E2278F85-4584-4BEE-928C-600B38C385C1} - C:\WINDOWS\pdswin.dll (file missing)
O2 - BHO: (no name) - {FCBABDA2-801E-4F51-B6E8-0122032FB16B} - C:\WINDOWS\system32\jkkhifDu.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Programme\Seekmo\bin\10.0.406.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\GoogleToolbar1.dll
O3 - Toolbar: qtvglped - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Programme\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Programme\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [7856f2fd] rundll32.exe "C:\WINDOWS\system32\lwimqici.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://icq.oberon-media.com//online/online2/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: jkkhifDu - C:\WINDOWS\system32\jkkhifDu.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 12272 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\programme\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S3 Boonty Games - "c:\programme\gemeinsame dateien\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-16 15:56:17      276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 08:05:40        8 --a------ C:\WINDOWS\system32\7856e073
2008-04-18 23:51:31    114016 --ahs---- C:\WINDOWS\system32\KQttCJjl.ini2
2008-04-18 23:51:27    274432 --a------ C:\WINDOWS\system32\ljJCttQK.dll
2008-04-18 22:10:36    116974 --ahs---- C:\WINDOWS\system32\fiOXyyay.ini2
2008-04-17 13:58:57        0 d-------- C:\Programme\TurboPizza_at
2008-04-17 08:33:24    200704 --a------ C:\WINDOWS\qtvglped.dll
2008-04-17 08:33:24    335872 --a------ C:\WINDOWS\omlbpkaw.dll
2008-04-17 08:33:23    38400 --a------ C:\WINDOWS\system32\jkkhifDu.dll
2008-04-17 08:33:22    98304 --a------ C:\WINDOWS\rtqmekwg.exe
2008-04-17 08:33:22    290816 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-17 08:33:22    98304 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-13 12:54:19        0 d-------- C:\Programme\BurgerShop_at
2008-04-13 12:54:01        0 d-------- C:\Programme\CakeMania2_at
2008-04-12 17:42:54    40960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2008-04-12 17:42:54        0 d-------- C:\Programme\FishTycoon_at
2008-04-12 17:42:27        0 d-------- C:\Programme\Deep Sea Tycoon_at
2008-04-12 17:41:54        0 d-------- C:\Programme\Lemonade Tycoon 2
2008-04-12 17:41:44        0 d-------- C:\Programme\ReflexiveArcade
2008-04-12 12:43:57        0 d-------- C:\Programme\HomeSweetHome_at
2008-04-12 12:39:45        0 d-------- C:\Programme\DeliciousDeluxe2_at
2008-04-11 14:29:09        0 d-------- C:\Programme\JanesHotelFamilyHero_at
2008-04-10 19:03:50        0 d-------- C:\Phenomedia AG
2008-04-07 19:15:31        0 d-------- C:\Programme\PlayFirst
2008-03-30 12:09:05        0 d-------- C:\Programme\Nanny Mania
2008-03-28 19:54:13        0 d-------- C:\Dokumente und Einstellungen\Anna\Contacts
2008-03-27 11:13:49        17 --a------ C:\WINDOWS\popcinfo.dat
2008-03-26 17:46:58        0 d--hs---- C:\WINDOWS\ftpcache
2008-03-19 17:10:43        0 d-------- C:\Programme\Safari
2008-03-19 17:08:38        0 d-------- C:\Programme\iPod
2008-03-19 17:07:43        0 d-------- C:\Programme\iTunes
2008-03-19 12:24:31        0 d-------- C:\Programme\Geheimnisse von London


-- Find3M Report ---------------------------------------------------------------

2008-04-18 23:31:59        0 d-------- C:\Programme\StepMania
2008-04-17 16:16:59        0 d-------- C:\Programme\eMule
2008-04-17 07:54:58        0 d-------- C:\Programme\ICQ6
2008-04-13 17:10:30        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\PlayFirst
2008-04-12 23:37:57    411266 --a------ C:\WINDOWS\system32\perfh007.dat
2008-04-12 23:37:57    72490 --a------ C:\WINDOWS\system32\perfc007.dat
2008-04-10 19:03:45        0 d--h----- C:\Programme\InstallShield Installation Information
2008-04-08 18:27:22        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Macromedia
2008-03-27 12:27:04        0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-03-23 20:10:48        0 d-------- C:\Programme\ICQLite
2008-03-21 00:16:18        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Apple Computer
2008-03-19 20:24:47        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Gaijin Ent
2008-03-19 17:05:37        0 d-------- C:\Programme\QuickTime
2008-03-18 23:19:57        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Zylom
2008-03-18 23:19:57        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Identities
2008-03-18 16:02:27        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Chicken Chase
2008-03-17 19:25:37        0 --a------ C:\Programme\temp01
2008-03-17 19:25:33        0 d-------- C:\Programme\bfgclient
2008-03-17 19:14:30        0 d-------- C:\Programme\Google
2008-03-17 19:13:58        0 d-------- C:\Programme\Zylom Games
2008-03-14 16:04:40        0 d-------- C:\Programme\Java
2008-03-10 14:30:03        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Adobe
2008-03-09 12:06:34        0 d-------- C:\Programme\Gemeinsame Dateien
2008-03-08 18:22:27        0 d-------- C:\Programme\Windows Live
2008-03-08 18:21:48        0 d-------- C:\Programme\Windows Live Toolbar
2008-03-06 15:53:28        0 d-------- C:\Programme\Microsoft SQL Server Compact Edition
2008-03-05 09:45:53        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Super-Cow
2008-03-05 09:13:47        0 d-------- C:\Dokumente und Einstellungen\Anna\Anwendungsdaten\Jane s Hotel
2008-03-03 19:36:17        0 d-------- C:\Programme\ICQToolbar
2008-02-17 15:49:43      4096 --a------ C:\WINDOWS\d3dx.dat
2008-02-14 21:12:21      552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-05 18:47:48        0 --a------ C:\WINDOWS\nsreg.dat
2008-02-01 12:17:42    587776 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Fotogalerie>
2008-01-25 09:38:53      2368 --a------ C:\WINDOWS\system32\SVKP.sys <Not Verified; AntiCracking; SVKP driver for NT>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
26.11.2007 22:07        652552        --a------        C:\Programme\Seekmo\bin\10.0.406.0\HostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{566620E0-C507-4D9E-B28A-50C06CD1A0DB}]
18.04.2008 23:51        274432        --a------        C:\WINDOWS\system32\ljJCttQK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B4B5C4A-0017-4912-B59D-842541B680F5}]
                        C:\WINDOWS\system32\yayyXOif.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2278F85-4584-4BEE-928C-600B38C385C1}]
                        C:\WINDOWS\pdswin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCBABDA2-801E-4F51-B6E8-0122032FB16B}]
17.04.2008 08:33        38400        --a------        C:\WINDOWS\system32\jkkhifDu.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Programme\Seekmo\bin\10.0.406.0\HostIE.dll [26.11.2007 22:07 652552]

[-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Programme\Analog Devices\SoundMAX\SMTray.exe" [05.05.2003 09:57]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [23.11.2005 16:04]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [19.10.2005 19:19]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [17.04.2008 06:49]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [10.10.2007 07:28]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [16.05.2003 07:57]
"SeekmoOE"="C:\Programme\Seekmo\bin\10.0.406.0\OEAddOn.exe" [26.11.2007 22:07]
"SeekmoSA"="C:\Programme\Seekmo\bin\10.0.406.0\SeekmoSA.exe" [26.11.2007 22:10]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [11.07.2006 12:15]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [01.02.2008 00:13]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [19.02.2008 14:10]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"7856f2fd"="C:\WINDOWS\system32\lwimqici.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" []
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17.03.2008 19:19]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Dokumente und Einstellungen\Anna\Startmen\Programme\Autostart\
Last.fm Helper.lnk - C:\Programme\Last.fm\LastFMHelper.exe [08.02.2008 20:34:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FCBABDA2-801E-4F51-B6E8-0122032FB16B}"= C:\WINDOWS\system32\jkkhifDu.dll [17.04.2008 08:33 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhifDu]
jkkhifDu.dll 17.04.2008 08:33 38400 C:\WINDOWS\system32\jkkhifDu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJCttQK




-- Hosts -----------------------------------------------------------------------

80.190.241.30 home.edonkey.com
80.190.241.30 home.edonkey.com
80.190.241.30 home.edonkey.com


-- End of Deckard's System Scanner: finished at 2008-04-19 09:38:41 ------------
Das war main.txt

Nico-san 19.04.2008 08:46
Jetzt kommt extra.txt
Code:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Sempron(TM) 2400+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 255.53 MiB / 78.81 MiB
Pagefile Memory (total/avail): 618.25 MiB / 244.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 18.96 GiB free.
D: is Fixed (NTFS) - 37.26 GiB total, 34.96 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 2 partitions
  \PARTITION0 (bootable) - Installierbares Dateisystem - 39.06 GiB - C:
  \PARTITION1 - Erweitert mit Int 13 (erweitert) - 37.26 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Programme\\eDonkey2000 Lite\\eDonkey2000.exe"="C:\\Programme\\eDonkey2000 Lite\\eDonkey2000.exe:*:Disabled:eDonkey2000"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"="C:\\Programme\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Dokumente und Einstellungen\\RE\\Lokale Einstellungen\\Temp\\Temporäres Verzeichnis 1 für eMCrypt_v4.21_exe.zip\\eMCrypt_v4.21_exe\\emcrypt.exe"="C:\\Dokumente und Einstellungen\\RE\\Lokale Einstellungen\\Temp\\Temporäres Verzeichnis 1 für eMCrypt_v4.21_exe.zip\\eMCrypt_v4.21_exe\\emcrypt.exe:*:Enabled:eMCrypt"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Anna\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=DJ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Anna
LOGONSERVER=\\DJ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Anna\LOKALE~1\Temp
TMP=C:\DOKUME~1\Anna\LOKALE~1\Temp
USERDOMAIN=DJ
USERNAME=Anna
USERPROFILE=C:\Dokumente und Einstellungen\Anna
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

RE (admin)
Anna (admin)
Marie (admin)
Bettina (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AirPlus G --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1031
ANIO Service --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AtomixMP3 v2.1 Trial --> C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
Avira AntiVir Personal – Free Antivirus --> C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Big Fish Games Client --> C:\Programme\bfgclient\Uninstall.exe
Big Island Blends Deluxe --> "C:\Programme\Zylom Games\Big Island Blends Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Burger Shop Free Trial --> "C:\Programme\BurgerShop_at\unins000.exe"
Cake Mania 2 Free Trial --> "C:\Programme\CakeMania2_at\unins000.exe"
Deep Sea Tycoon Free Trial --> "C:\Programme\Deep Sea Tycoon_at\unins000.exe"
Delicious Deluxe 2 Free Trial --> "C:\Programme\DeliciousDeluxe2_at\unins000.exe"
Diner Dash --> C:\PROGRA~1\PLAYFI~1\DINERD~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\DINERD~1\INSTALL.LOG
DJMixStation 2 feat. Virtual DJ --> C:\eJay\DJMIXS~1\UNWISE.EXE C:\eJay\DJMIXS~1\INSTALL.LOG
eDonkey2000 Lite 1.4.3.2 --> "C:\Programme\eDonkey2000 Lite\unins000.exe"
eMule --> "C:\Programme\eMule\Uninstall.exe"
eMusic - 50 Free MP3 offer --> "C:\Programme\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EVEREST Home Edition v2.20 --> "C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Fish Tycoon Free Trial --> "C:\Programme\FishTycoon_at\unins000.exe"
Go-Go Gourmet --> C:\PROGRA~1\PLAYFI~1\GO-GOG~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\GO-GOG~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
Home Sweet Home Free Trial --> "C:\Programme\HomeSweetHome_at\unins000.exe"
hp deskjet 3420 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 3420 series
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
ICQ6 --> C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Janes Hotel Family Hero Free Trial --> "C:\Programme\JanesHotelFamilyHero_at\unins000.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Last.fm 1.4.2.59470 --> "C:\Programme\Last.fm\unins000.exe"
Lemonade Tycoon 2 --> "C:\Programme\Lemonade Tycoon 2\ReflexiveArcade\unins000.exe"
Lucy Q Deluxe --> "C:\Programme\Zylom Games\Lucy Q Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Moorhuhn Kart Extra XS --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EEED361B-ADE5-4C7B-B7C6-6009146911C2}\Setup.exe" -l0x7
MSN --> C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser -->
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nanny Mania --> "C:\Programme\Nanny Mania\Uninstall.exe"
Native Instruments - Traktor 1.06 --> C:\Audio\NATIVE~1\Traktor\UNINST~1\106\UNWISE.EXE C:\Audio\NATIVE~1\Traktor\UNINST~1\106\INSTALL.LOG
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
New Highlight 2 - Workbook CD-ROM --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{42118815-0ACC-47D4-8FA8-F22B6318797D}\setup.exe" -l0x7
phonostar-Player Version 2.01.1 --> "C:\Programme\phonostar\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
StepMania (remove only) --> "C:\Programme\StepMania\uninstall.exe"
Sven --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4092C09F-9A5E-4176-9704-9FEF2E02AF75}\Setup.exe" -l0x7
Turbo Pizza Free Trial --> "C:\Programme\TurboPizza_at\unins000.exe"
Update für Windows XP (KB931836) -->
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Wedding Dash Deluxe --> "C:\Programme\Zylom Games\Wedding Dash Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Winamp --> "C:\Programme\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Fotogalerie --> MsiExec.exe /X{A1D08B90-AE1A-4885-AC29-731496FD397E}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Mail --> MsiExec.exe /I{82F2B38B-1426-443D-874C-AC25675E7BEB}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Live Writer --> MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}
Windows Update Agent 3.0 -->
Windows XP Update - KB319740 -->
Windows XP Update - KB884883 -->
Windows XP Update - KB886716 -->
Windows XP Update - KB889016 -->
Windows XP Update - KB889673 -->
Windows XP Update - KB890831 -->
Windows XP Update - KB896626 -->
Windows XP Update - KB897663 -->
Windows XP Update - KB898900 -->
Windows XP Update - KB899271 -->
Windows XP Update - KB900485-v2 -->
Windows XP Update - KB903234 -->
Windows XP Update - KB904412 -->
Windows XP Update - KB904942 -->
Windows XP Update - KB906569 -->
Windows XP Update - KB907265 -->
Windows XP Update - KB907865 -->
Windows XP Update - KB908521 -->
Windows XP Update - KB912817 -->
Windows XP Update - KB913538 -->
Windows XP Update - KB914440 -->
Windows XP Update - KB914841 -->
Windows XP Update - KB916595 -->
Windows XP Update - KB916846 -->
Windows XP Update - KB917021 -->
Windows XP Update - KB917730 -->
Windows XP Update - KB918005 -->
Windows XP Update - KB920342 -->
Windows XP Update - KB920872 -->
Windows XP Update - KB922582 -->
Windows XP Update - KB924867 -->
Windows XP Update - KB924941 -->
Windows XP Update - KB925720 -->
Windows XP Update - KB925902 -->
Windows XP Update - KB935448 -->
WinRAR --> C:\Programme\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2913 / Warning
Event Submitted/Written: 04/19/2008 09:38:07 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\ljJCttQK.dll

Event Record #/Type2912 / Warning
Event Submitted/Written: 04/19/2008 09:38:00 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\ljJCttQK.dll

Event Record #/Type2911 / Warning
Event Submitted/Written: 04/19/2008 09:37:55 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\ljJCttQK.dll

Event Record #/Type2910 / Warning
Event Submitted/Written: 04/19/2008 09:37:16 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\ljJCttQK.dll

Event Record #/Type2909 / Warning
Event Submitted/Written: 04/19/2008 09:37:11 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\ljJCttQK.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10697 / Warning
Event Submitted/Written: 04/19/2008 08:05:13 AM / 04/19/2008 08:05:14 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 00179AB26A6D zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
%%121.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type10696 / Error
Event Submitted/Written: 04/19/2008 08:04:29 AM / 04/19/2008 08:04:57 AM
Event ID/Source: 5 / atapi
Event Description:
Ein Paritätsfehler wurde auf \Device\Ide\IdePort0 gefunden.

Event Record #/Type10695 / Error
Event Submitted/Written: 04/19/2008 08:04:29 AM / 04/19/2008 08:04:57 AM
Event ID/Source: 11 / Disk
Event Description:
Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Event Record #/Type10694 / Error
Event Submitted/Written: 04/19/2008 08:04:28 AM / 04/19/2008 08:04:57 AM
Event ID/Source: 11 / Disk
Event Description:
Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Event Record #/Type10693 / Error
Event Submitted/Written: 04/19/2008 08:04:28 AM / 04/19/2008 08:04:57 AM
Event ID/Source: 11 / Disk
Event Description:
Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.



-- End of Deckard's System Scanner: finished at 2008-04-19 09:38:41 ------------

BataAlexander 19.04.2008 11:22
Ich kann mal wieder nur raten, eMule un Co. vom Rechner zu werfen..

Vundofix

* Lade dir vundofix.exe
* Doppelklick VundoFix.exe
* Klicke "Scan" --> Vundo button.
* Nach dem Scannen, klicke den "Remove" Vundo button.
* Man wird nun gefragt, ob man "remove" will --> klicke YES
* Danach werden alle Desktop-Symbole verschwinden
* Dann wird man gefragt, ob der PC neustarten soll --> klicke OK.
* nach dem neustart, navigierst du zur datei C:\vundofix.txt, poste den inhalt
* C:\VundoFix Backups - löschen + Papierkorb leeren
* erstelle ein neues hjt-logfile und poste es.

Dann

Combofix

- Download ComboFix von hier oder hier auf Deinen Desktop.
- Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen!)
- Mache einen Doppelklick auf combofix.exe
- Wenn combofix fertig ist, legt es ein Logfile an. Poste dieses Logfile und ein neues HJT Logfile als nächste Antwort
Achtung: Während Combofix läuft klicke nichts an, und benutze den Rechner nicht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131