Wer kennt diesen Trojaner und.-..

#1 was mache ich jetzt damit. Kann leider auch nicht die Systemwiederherstellung abschalten. Er sagt ich sei kein Admin, was quatsch ist. Mist. Habe mal ein Log File angelegt. Hier ist es.
Hatte mehrere Trijaner mit AVG Free Edition weggemacht. Wohl aber nicht entgültig, oder ?
Brauche echt Hilfe.

Danke
Jockl

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:57:45 PM, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\jockl40\Desktop\HiJackThis_v2.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180893507937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182954066656
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6512 bytes

#2 Nutze bitte ersteinmal Combofix und dann Hijackthis. Beide Reporte bitte Posten. ATF Cleaner solltest du auch zuerst nutzen: http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter

#3 bitteschön


"jockl40" - 2007-07-02 16:14:13 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 16:13 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 14:55 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-01 16:33 38,201 --a------ C:\Programme\uninstall.exe
2007-07-01 16:33 <DIR> d-------- C:\Programme\HELP
2007-06-27 17:38 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-27 17:28 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-06-27 17:25 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-06-27 17:25 13,824 --a------ C:\WINDOWS\system32\irclass.dll
2007-06-27 17:15 <DIR> d-------- C:\WINDOWS\setup.pss
2007-06-27 16:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-06-27 16:49 <DIR> d-------- C:\Programme\xp-AntiSpy
2007-06-27 16:14 20,793 --a------ C:\WINDOWS\system32\ckl009.dat
2007-06-27 16:14 174 --a------ C:\WINDOWS\system32\del32.bat
2007-06-27 16:13 <DIR> d-------- C:\Programme\PDF Creator Plus 2.0
2007-06-27 16:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-26 13:50 <DIR> d-------- C:\Programme\SPAMfighter
2007-06-26 13:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Application
2007-06-26 13:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ankiro
2007-06-25 20:30 <DIR> d-------- C:\Programme\FileMaker Pro 3.0
2007-06-25 17:43 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\Nokia Multimedia Player
2007-06-25 17:41 <DIR> d-------- C:\DOKUME~1\jockl40\Phone Browser
2007-06-25 17:40 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\PC Suite
2007-06-25 17:39 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-25 17:39 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-25 17:39 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-25 17:39 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-25 17:39 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-25 17:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-25 17:39 <DIR> d-------- C:\Programme\PC Connectivity Solution
2007-06-25 17:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2007-06-25 17:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2007-06-25 17:39 <DIR> d-------- C:\Programme\DIFX
2007-06-25 17:39 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\PC Suite
2007-06-25 17:39 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\Nokia
2007-06-25 17:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-06-25 17:38 <DIR> d-------- C:\Programme\Nokia
2007-06-25 17:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Installations
2007-06-23 13:23 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-23 13:23 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-23 13:23 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-23 13:23 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2007-06-23 13:23 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-06-23 13:23 43,520 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-06-23 13:23 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-06-23 13:23 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2007-06-23 13:23 31,872 --a------ C:\WINDOWS\system32\drivers\OVCE.sys
2007-06-23 13:23 25,216 --a------ C:\WINDOWS\system32\drivers\OVSound2.sys
2007-06-23 13:23 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-06-23 13:23 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-23 13:23 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-23 13:23 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-06-21 19:19 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\vlc
2007-06-21 19:14 <DIR> d-------- C:\Programme\VideoLAN
2007-06-19 18:26 <DIR> d-------- C:\Programme\Teamspeak2_RC2
2007-06-19 18:26 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\teamspeak2
2007-06-19 17:31 19,560 --a------ C:\DOKUME~1\jockl40\ANWEND~1\GDIPFONTCACHEV1.DAT
2007-06-19 13:49 <DIR> d-------- C:\Programme\PokerStrategy
2007-06-17 20:25 <DIR> d-------- C:\Programme\MSXML 4.0
2007-06-16 17:18 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\SPAMfighter
2007-06-16 17:11 <DIR> d-------- C:\poker
2007-06-15 18:00 90,112 --a------ C:\WINDOWS\system32\CNMCP78.exe
2007-06-15 18:00 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
2007-06-15 18:00 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
2007-06-15 18:00 <DIR> d--h----- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CanonBJ
2007-06-15 17:59 <DIR> d-------- C:\Programme\Canon
2007-06-15 17:54 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-14 20:46 <DIR> d-------- C:\Programme\PartyGaming
2007-06-14 19:05 <DIR> d-------- C:\Programme\PokerStars
2007-06-14 18:16 <DIR> d-------- C:\Programme\PokerAce Hud
2007-06-14 15:41 <DIR> d--h----- C:\WINDOWS\ShellNew
2007-06-14 11:52 <DIR> d-------- C:\Programme\uTorrent
2007-06-14 11:52 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\uTorrent
2007-06-14 10:16 87,280 --a------ C:\WINDOWS\system32\wsatrace.dll
2007-06-14 10:16 <DIR> d-------- C:\Programme\Poker Tracker V2
2007-06-11 17:21 <DIR> d-------- C:\Programme\Real
2007-06-11 17:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-06-11 17:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2007-06-11 17:20 <DIR> d-------- C:\DOKUME~1\jockl40\ANWEND~1\Real
2007-06-10 15:09 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-06-10 15:09 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-10 15:09 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-06-10 15:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-06-10 15:09 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-06-10 15:09 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-06-10 15:09 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-06-10 15:09 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-06-10 15:09 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-06-10 15:09 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-06-10 15:09 217,073 --a------ C:\WINDOWS\meta4.exe
2007-06-10 15:09 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-06-10 15:09 <DIR> d-------- C:\Programme\eRightSoft
2007-06-09 18:14 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-06-09 18:14 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-06-09 18:14 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-06-09 18:14 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-06-09 18:14 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-09 18:14 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-09 18:14 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-06-09 18:14 <DIR> d-------- C:\Programme\Ahead
2007-06-09 16:50 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 15:40:37 70,778 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-06-27 15:40:37 405,448 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 11:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 11:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-04-19 11:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 11:26:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-04-19 11:26:00 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-04-19 11:26:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-04-19 11:26:00 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-04-19 11:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 11:26:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 11:26:00 2,973,696 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-04-19 11:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 11:26:00 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-04-19 11:26:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-04-19 11:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 11:26:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-04-19 11:26:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-06-11 17:21]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"SPAMfighter Agent"="C:\Programme\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-27 16:35]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 18:08 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-05-28 14:52]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Generic Host Process"=C:\WINDOWS\system32\scvhost.exe


Contents of the 'Scheduled Tasks' folder
2007-06-29 08:58:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 16:14:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 16:15:21

--- E O F ---

----------------- Und dann sollte ich das hier noch posten (denn sie wissen nicht was sie tun ----



.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\system32

07/02/2007 03:11 PM 53,248 pxhpinst.exe
07/02/2007 02:53 PM 88,723 nvapps.xml
07/02/2007 02:53 PM 13,646 wpa.dbl
06/27/2007 05:40 PM 58,732 perfc009.dat
06/27/2007 05:40 PM 392,432 perfh009.dat
06/27/2007 05:40 PM 405,448 perfh007.dat
06/27/2007 05:40 PM 70,778 perfc007.dat
06/27/2007 05:40 PM 938,224 PerfStringBackup.INI
06/27/2007 05:39 PM 13,646 wpa.bak
06/27/2007 05:38 PM 117,360 FNTCACHE.DAT
06/27/2007 05:37 PM 26,476 $winnt$.inf
06/27/2007 05:34 PM 23,392 nscompat.tlb
06/27/2007 05:34 PM 16,832 amcompat.tlb
06/27/2007 05:33 PM 488 logonui.exe.manifest
06/27/2007 05:33 PM 488 WindowsLogon.manifest
06/27/2007 05:33 PM 749 sapi.cpl.manifest
06/27/2007 05:33 PM 749 nwc.cpl.manifest
06/27/2007 05:33 PM 749 cdplayer.exe.manifest
06/27/2007 05:33 PM 749 ncpa.cpl.manifest
06/27/2007 05:33 PM 749 wuaucpl.cpl.manifest
06/27/2007 05:32 PM 22,880 emptyregdb.dat
06/27/2007 05:16 PM 20,793 ckl009.dat
06/27/2007 04:14 PM 174 del32.bat
06/19/2007 06:26 PM 34,064 lhacm.acm
06/11/2007 05:21 PM 185,952 rmoc3260.dll
06/11/2007 05:21 PM 5,632 pndx5032.dll
06/11/2007 05:21 PM 6,656 pndx5016.dll
06/11/2007 05:21 PM 278,528 pncrt.dll
06/05/2007 11:38 PM 15,747,032 MRT.exe
06/05/2007 09:48 PM 122,062 TZLog.log
06/05/2007 10:34 AM 1,184,664 FreeImage.dll
06/04/2007 05:26 PM 146,650 BuzzingBee.wav
06/04/2007 05:26 PM 940,794 LoopyMusic.wav
06/03/2007 08:44 PM 0 QuickTime.qtp
06/03/2007 08:08 PM 0 h323log.txt
06/03/2007 07:13 PM 2,951 CONFIG.NT
05/31/2007 08:45 AM 4,816 divxsm.tlb
05/31/2007 08:45 AM 524,288 DivXsm.exe
05/31/2007 08:44 AM 823,296 divx_xx07.dll
05/31/2007 08:44 AM 823,296 divx_xx0c.dll
05/31/2007 08:44 AM 802,816 divx_xx11.dll
05/31/2007 08:44 AM 740,442 DivX.dll
05/31/2007 08:44 AM 638,976 divxdec.ax

199 Datei(en) 54,022,112 Bytes
0 Verzeichnis(se), 240,749,289,472 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\temp

.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06/27/2007 05:33 PM 65 desktop.ini
04/16/2007 10:50 PM 295 muweb.inf
03/27/2007 04:00 PM 5,021 swflash.inf
05/26/2005 04:19 AM 291 wuweb.inf
4 Datei(en) 5,672 Bytes
0 Verzeichnis(se), 240,749,289,472 Bytes frei
.
.
.

#4 Hake bitte folgende Dinge in Hijackthis an und druecke fix checked:

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


Starte neu und schaue, ob alle Eintraege verschwunden sind. Dann bitte noch eine Datfindbat Liste erstellen: http://board.protecus.de/t23188.htm


Ein Kontrollscan mit Drweb: http://freedrweb.com/?lng=de
und Ewido Micro: http://www.ewido.net/de/onlinescan/ waeren auch hilfreich
__________
MfG Ralf
SEO-Spam Hunter

#5 Aber ich finde da garkein f3 , was ich anklicken kann.
(Hatte zuerst die Hijack Beta 2.0 da tauchte es dann auf- welche soll ich nehmen ?)

Ich habe dieses svhostexer teil schon vor 2 tagen mal mit einem Antivirenprogramm gecleant. Wohl nicht richtig,. Beim Starten von Windows tauchen dann immmer so 3 Fehlermeldungen auf

Also F3 finde ich da nicht Hier nochmal der Log


Logfile of HijackThis v1.99.1
Scan saved at 4:31:39 PM, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\jockl40\LOKALE~1\Temp\Rar$EX61.969\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180893507937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182954066656
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

#6 Die Fehlermeldungen beim Start sollten nicht mehr auftauchen!? Malwaretechnisch sehe ich nichts mehr. Was die Systemwiederherstellung angeht, schaue einmal hier:
http://www.windowspage.de/windowsxp/system/disablesr.html
__________
MfG Ralf
SEO-Spam Hunter

#7 Fehlermeldung leider immer noch da !!!

komisch, ich neutze die hijack version 2.0 die beta. und die eben gefixten zeilen sind nicht weg - auch nach neustart


hier die datfile liste und hier auch nochmal die hijkck liste

.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\system32

07/02/2007 04:46 PM 88,723 nvapps.xml
07/02/2007 04:45 PM 13,646 wpa.dbl
07/02/2007 04:40 PM 117,360 FNTCACHE.DAT
07/02/2007 03:11 PM 53,248 pxhpinst.exe
06/27/2007 05:40 PM 392,432 perfh009.dat
06/27/2007 05:40 PM 58,732 perfc009.dat
06/27/2007 05:40 PM 405,448 perfh007.dat
06/27/2007 05:40 PM 70,778 perfc007.dat
06/27/2007 05:40 PM 938,224 PerfStringBackup.INI
06/27/2007 05:39 PM 13,646 wpa.bak
06/27/2007 05:37 PM 26,476 $winnt$.inf
06/27/2007 05:34 PM 23,392 nscompat.tlb
06/27/2007 05:34 PM 16,832 amcompat.tlb
06/27/2007 05:33 PM 488 logonui.exe.manifest
06/27/2007 05:33 PM 488 WindowsLogon.manifest
06/27/2007 05:33 PM 749 sapi.cpl.manifest
06/27/2007 05:33 PM 749 nwc.cpl.manifest
06/27/2007 05:33 PM 749 cdplayer.exe.manifest
06/27/2007 05:33 PM 749 ncpa.cpl.manifest
06/27/2007 05:33 PM 749 wuaucpl.cpl.manifest
06/27/2007 05:32 PM 22,880 emptyregdb.dat
06/27/2007 05:16 PM 20,793 ckl009.dat
06/27/2007 04:14 PM 174 del32.bat
06/19/2007 06:26 PM 34,064 lhacm.acm
06/11/2007 05:21 PM 185,952 rmoc3260.dll
06/11/2007 05:21 PM 5,632 pndx5032.dll
06/11/2007 05:21 PM 6,656 pndx5016.dll
06/11/2007 05:21 PM 278,528 pncrt.dll
06/05/2007 11:38 PM 15,747,032 MRT.exe
06/05/2007 09:48 PM 122,062 TZLog.log
06/05/2007 10:34 AM 1,184,664 FreeImage.dll
06/04/2007 05:26 PM 146,650 BuzzingBee.wav
06/04/2007 05:26 PM 940,794 LoopyMusic.wav
06/03/2007 08:44 PM 0 QuickTime.qtp
06/03/2007 08:08 PM 0 h323log.txt
06/03/2007 07:13 PM 2,951 CONFIG.NT
05/31/2007 08:45 AM 4,816 divxsm.tlb
05/31/2007 08:45 AM 524,288 DivXsm.exe
05/31/2007 08:44 AM 823,296 divx_xx07.dll
05/31/2007 08:44 AM 823,296 divx_xx0c.dll
05/31/2007 08:44 AM 802,816 divx_xx11.dll
05/31/2007 08:44 AM 740,442 DivX.dll
05/31/2007 08:44 AM 638,976 divxdec.ax
04/27/2007 09:42 AM 65,536 QuickTimeVR.qtx
04/27/2007 09:42 AM 49,152 QuickTime.qts
04/24/2007 11:32 AM 1,485,696 LegitCheckControl.dll
04/23/2007 02:15 AM 10,152 dsm_de.qm
04/23/2007 02:15 AM 3,596,288 qt-dx331.dll
04/23/2007 02:15 AM 183,032 pxmas.dll
04/23/2007 02:15 AM 379,640 pxwave.dll
04/23/2007 02:15 AM 502,520 pxdrv.dll
04/23/2007 02:15 AM 1,329,912 pxsfs.dll
04/23/2007 02:15 AM 116,472 pxcpyi64.exe
04/23/2007 02:15 AM 118,520 pxinsi64.exe
04/23/2007 02:15 AM 527,096 px.dll
04/23/2007 02:15 AM 64,760 pxcpya64.exe
04/23/2007 02:15 AM 64,760 pxinsa64.exe
04/23/2007 02:15 AM 129,784 pxafs.dll
04/23/2007 02:15 AM 39,672 vxblock.dll
04/23/2007 02:15 AM 1,044,480 libdivx.dll
04/23/2007 02:15 AM 200,704 ssldivx.dll
04/23/2007 02:02 AM 73,728 dpl100.dll
04/23/2007 02:02 AM 196,608 dtu100.dll
04/23/2007 02:02 AM 53,248 dpuGUI10.dll
04/23/2007 02:02 AM 593,920 dpuGUI11.dll
04/23/2007 02:02 AM 344,064 dpus11.dll
04/23/2007 02:02 AM 57,344 dpv11.dll
04/23/2007 02:02 AM 294,912 dpu10.dll
04/23/2007 02:02 AM 294,912 dpu11.dll
04/23/2007 02:02 AM 352,401 DivXMedia.ax
04/23/2007 02:01 AM 12,288 DivXWMPExtType.dll
04/23/2007 02:01 AM 124,472 DivXCodecUpdateChecker.exe
04/23/2007 02:01 AM 8,523 dpude.qm
04/23/2007 02:01 AM 3,136 dtu_de.qm
04/19/2007 01:26 PM 5,619,712 nvdisps.dll
04/19/2007 01:26 PM 5,255,168 nvdispsr.dll
04/19/2007 01:26 PM 212,992 nvapi.dll
04/19/2007 01:26 PM 1,011,712 nvcpluir.dll
04/19/2007 01:26 PM 442,368 nvappbar.exe
04/19/2007 01:26 PM 425,984 keystone.exe
04/19/2007 01:26 PM 35,840 nvcod.dll
04/19/2007 01:26 PM 35,840 nvcodins.dll
04/19/2007 01:26 PM 147,456 nvcolor.exe
04/19/2007 01:26 PM 17,056 nvdisp.nvu
04/19/2007 01:26 PM 1,626,112 nwiz.exe
04/19/2007 01:26 PM 69,632 nvcpl.cpl
04/19/2007 01:26 PM 4,543,616 nv4_disp.dll
04/19/2007 01:26 PM 1,236,992 nvwss.dll
04/19/2007 01:26 PM 167,936 nvwrszht.dll
04/19/2007 01:26 PM 794,624 nvcplui.exe
04/19/2007 01:26 PM 303,104 nvwrstr.dll
04/19/2007 01:26 PM 294,912 nvwrssv.dll
04/19/2007 01:26 PM 303,104 nvwrssl.dll
04/19/2007 01:26 PM 299,008 nvwrssk.dll
04/19/2007 01:26 PM 315,392 nvwrsru.dll
04/19/2007 01:26 PM 319,488 nvwrsptb.dll
04/19/2007 01:26 PM 323,584 nvwrspt.dll
04/19/2007 01:26 PM 294,912 nvwrspl.dll
04/19/2007 01:26 PM 299,008 nvwrsno.dll
04/19/2007 01:26 PM 319,488 nvwrsnl.dll
04/19/2007 01:26 PM 196,608 nvwrsko.dll
04/19/2007 01:26 PM 1,732,608 nvwssr.dll
04/19/2007 01:26 PM 212,992 nvwrsja.dll
04/19/2007 01:26 PM 323,584 nvwrsit.dll
04/19/2007 01:26 PM 315,392 nvwrshu.dll
04/19/2007 01:26 PM 278,528 nvwrshe.dll
04/19/2007 01:26 PM 327,680 nvwrsfr.dll
04/19/2007 01:26 PM 303,104 nvwrsfi.dll
04/19/2007 01:26 PM 327,680 nvwrsesm.dll
04/19/2007 01:26 PM 335,872 nvwrses.dll
04/19/2007 01:26 PM 286,720 nvwrseng.dll
04/19/2007 01:26 PM 335,872 nvwrsel.dll
04/19/2007 01:26 PM 311,296 nvwrsde.dll
04/19/2007 01:26 PM 1,339,392 nvdspsch.exe
04/19/2007 01:26 PM 294,912 nvwrsda.dll
04/19/2007 01:26 PM 311,296 nvexpbar.dll
04/19/2007 01:26 PM 286,720 nvwrscs.dll
04/19/2007 01:26 PM 282,624 nvwrsar.dll
04/19/2007 01:26 PM 163,840 nvwrszhc.dll
04/19/2007 01:26 PM 1,019,904 nvwimg.dll
04/19/2007 01:26 PM 1,703,936 nvwdmcpl.dll
04/19/2007 01:26 PM 81,920 nvwddi.dll
04/19/2007 01:26 PM 3,035,136 nvgames.dll
04/19/2007 01:26 PM 2,973,696 nvvitvsr.dll
04/19/2007 01:26 PM 2,924,544 nvvitvs.dll
04/19/2007 01:26 PM 3,203,072 nvgamesr.dll
04/19/2007 01:26 PM 208,896 nvudisp.exe
04/19/2007 01:26 PM 581,632 nvhwvid.dll
04/19/2007 01:26 PM 73,728 nvtuicpl.cpl
04/19/2007 01:26 PM 159,810 nvsvc32.exe
04/19/2007 01:26 PM 466,944 nvshell.dll
04/19/2007 01:26 PM 118,784 nvrszht.dll
04/19/2007 01:26 PM 221,184 nvrszhc.dll
04/19/2007 01:26 PM 249,856 nvrstr.dll
04/19/2007 01:26 PM 245,760 nvrssv.dll
04/19/2007 01:26 PM 249,856 nvrssl.dll
04/19/2007 01:26 PM 249,856 nvrssk.dll
04/19/2007 01:26 PM 262,144 nvrsru.dll
04/19/2007 01:26 PM 262,144 nvrsptb.dll
04/19/2007 01:26 PM 7,700,480 nvcpl.dll
04/19/2007 01:26 PM 266,240 nvrspt.dll
04/19/2007 01:26 PM 249,856 nvrspl.dll
04/19/2007 01:26 PM 249,856 nvrsno.dll
04/19/2007 01:26 PM 266,240 nvrsnl.dll
04/19/2007 01:26 PM 258,048 nvrsko.dll
04/19/2007 01:26 PM 262,144 nvrsja.dll
04/19/2007 01:26 PM 274,432 nvrsit.dll
04/19/2007 01:26 PM 253,952 nvrshu.dll
04/19/2007 01:26 PM 323,584 nvrshe.dll
04/19/2007 01:26 PM 278,528 nvrsfr.dll
04/19/2007 01:26 PM 241,664 nvrsfi.dll
04/19/2007 01:26 PM 1,474,560 nview.dll
04/19/2007 01:26 PM 266,240 nvrsesm.dll
04/19/2007 01:26 PM 274,432 nvrses.dll
04/19/2007 01:26 PM 241,664 nvrseng.dll
04/19/2007 01:26 PM 274,432 nvrsel.dll
04/19/2007 01:26 PM 270,336 nvrsde.dll
04/19/2007 01:26 PM 245,760 nvrsda.dll
04/19/2007 01:26 PM 241,664 nvrscs.dll
04/19/2007 01:26 PM 323,584 nvrsar.dll
04/19/2007 01:26 PM 5,644,288 nvoglnt.dll
04/19/2007 01:26 PM 286,720 nvnt4cpl.dll
04/19/2007 01:26 PM 2,859,008 nvmoblsr.dll
04/19/2007 01:26 PM 888,832 nvmobls.dll
04/19/2007 01:26 PM 86,016 nvmctray.dll
04/19/2007 01:26 PM 458,752 nvmccssr.dll
04/19/2007 01:26 PM 188,416 nvmccss.dll
04/19/2007 01:26 PM 229,376 nvmccs.dll
04/19/2007 01:26 PM 45,056 nvmccsrs.dll
04/18/2007 12:27 PM 123,392 xpsp3res.dll
04/16/2007 10:47 PM 33,624 wups.dll
04/16/2007 10:47 PM 30,040 wuapi.dll.mui
04/16/2007 10:47 PM 30,040 wuaucpl.cpl.mui
04/16/2007 10:45 PM 1,710,936 wuaueng.dll
04/16/2007 10:45 PM 549,720 wuapi.dll
04/16/2007 10:45 PM 325,976 wucltui.dll
04/16/2007 10:45 PM 216,408 wuaucpl.cpl
04/16/2007 10:45 PM 203,096 wuweb.dll
04/16/2007 10:45 PM 92,504 cdm.dll
04/16/2007 10:45 PM 53,080 wuauclt.exe
04/16/2007 10:45 PM 43,352 wups2.dll
04/16/2007 10:45 PM 20,824 wuaueng.dll.mui
04/16/2007 10:44 PM 34,136 wucltui.dll.mui
04/16/2007 10:43 PM 208,248 muweb.dll
04/02/2007 02:21 PM 428,032 swreg.exe

199 Datei(en) 54,050,596 Bytes
0 Verzeichnis(se), 240,800,370,688 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\temp

.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06/27/2007 05:33 PM 65 desktop.ini
04/16/2007 10:50 PM 295 muweb.inf
03/27/2007 04:00 PM 5,021 swflash.inf
05/26/2005 04:19 AM 291 wuweb.inf
4 Datei(en) 5,672 Bytes
0 Verzeichnis(se), 240,800,378,880 Bytes frei
.
.
.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:51:20 PM, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\jockl40\Desktop\hjt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180893507937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182954066656
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6158 bytes