Nochmal scvhost

#1 Irgendwie konnte ich meinen eigenen Beitrag etwas weiter unten nicht ergänzen. War geschlossen stand da.

Deshalb habe ich hier nochmal die 6 logfiles kopeirt, in der Hoffnung, mir kann jemand helfen.

bekomme beim Start ne Fehlöermeldung dass die scvhost Datei nicht gefunden wurde. habe sie dann mit dem speziellen programm hijkack gelöscht und auch später die reg daten gelöscht. Die sind dann aber wieder aufgetaucht (da wo run steht). Komisch....

Also hier nochmal die Logfiles:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:08 PM, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\WinRAR\WinRAR.exe
C:\downloads\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180893507937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182954066656
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

Dann die Infos auf Datfind:

Logfile 1: SYSTEM32
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\system32

07/02/2007 09:01 PM 88,723 nvapps.xml
07/02/2007 09:01 PM 13,646 wpa.dbl
07/02/2007 07:24 PM 28,206 HU5.ini
07/02/2007 07:24 PM 34,407 CS5.ini
07/02/2007 07:24 PM 32,937 PT5.ini
07/02/2007 07:24 PM 44,353 JA5.ini
07/02/2007 07:24 PM 48,105 BG5.ini
07/02/2007 07:24 PM 48,088 RU5.ini
07/02/2007 07:24 PM 30,833 ZH5.ini
07/02/2007 07:24 PM 53,026 EL5.ini
07/02/2007 07:24 PM 33,394 FI5.ini
07/02/2007 07:24 PM 32,074 NO5.ini
07/02/2007 07:24 PM 33,044 SV5.ini
07/02/2007 07:24 PM 33,441 NL5.ini
07/02/2007 07:24 PM 34,542 IT5.ini
07/02/2007 07:24 PM 35,034 FR5.ini
07/02/2007 07:24 PM 34,546 ES5.ini
07/02/2007 07:24 PM 31,094 EN5.ini
07/02/2007 07:24 PM 29,737 DE5.ini
07/02/2007 07:24 PM 33,009 DA5.ini
07/02/2007 06:53 PM 4,254 jupdate-1.6.0_01-b06.log
07/02/2007 06:32 PM 117,360 FNTCACHE.DAT
06/27/2007 05:40 PM 392,432 perfh009.dat
06/27/2007 05:40 PM 58,732 perfc009.dat
06/27/2007 05:40 PM 70,778 perfc007.dat
06/27/2007 05:40 PM 405,448 perfh007.dat
06/27/2007 05:40 PM 938,224 PerfStringBackup.INI
06/27/2007 05:39 PM 13,646 wpa.bak
06/27/2007 05:37 PM 26,476 $winnt$.inf
06/27/2007 05:34 PM 16,832 amcompat.tlb
06/27/2007 05:34 PM 23,392 nscompat.tlb
06/27/2007 05:33 PM 488 logonui.exe.manifest
06/27/2007 05:33 PM 488 WindowsLogon.manifest
06/27/2007 05:33 PM 749 nwc.cpl.manifest
06/27/2007 05:33 PM 749 ncpa.cpl.manifest
06/27/2007 05:33 PM 749 wuaucpl.cpl.manifest
06/27/2007 05:33 PM 749 sapi.cpl.manifest
06/27/2007 05:33 PM 749 cdplayer.exe.manifest
06/27/2007 05:32 PM 22,880 emptyregdb.dat
06/27/2007 05:16 PM 20,793 ckl009.dat
06/27/2007 04:14 PM 174 del32.bat
06/19/2007 06:26 PM 34,064 lhacm.acm
06/16/2007 05:17 PM 3,256 LogoSmall.bmp
06/11/2007 05:21 PM 185,952 rmoc3260.dll
06/11/2007 05:21 PM 5,632 pndx5032.dll
06/11/2007 05:21 PM 6,656 pndx5016.dll
06/11/2007 05:21 PM 278,528 pncrt.dll
06/05/2007 11:38 PM 15,747,032 MRT.exe
06/05/2007 09:48 PM 122,062 TZLog.log
06/05/2007 10:34 AM 1,184,664 FreeImage.dll
06/04/2007 05:26 PM 146,650 BuzzingBee.wav
06/04/2007 05:26 PM 940,794 LoopyMusic.wav
06/03/2007 08:44 PM 0 QuickTime.qtp
06/03/2007 08:08 PM 0 h323log.txt
06/03/2007 07:13 PM 2,951 CONFIG.NT
05/31/2007 08:45 AM 4,816 divxsm.tlb
05/31/2007 08:45 AM 524,288 DivXsm.exe
05/31/2007 08:44 AM 823,296 divx_xx07.dll
05/31/2007 08:44 AM 823,296 divx_xx0c.dll
05/31/2007 08:44 AM 802,816 divx_xx11.dll
05/31/2007 08:44 AM 740,442 DivX.dll
05/31/2007 08:44 AM 638,976 divxdec.ax

200 Datei(en) 54,744,869 Bytes
0 Verzeichnis(se), 240,475,910,144 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\temp

07/02/2007 07:24 PM 71,816 pwie55.log
07/02/2007 07:24 PM 9,257 tpm2066.log
2 Datei(en) 81,073 Bytes
0 Verzeichnis(se), 240,475,914,240 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06/27/2007 05:33 PM 65 desktop.ini
04/16/2007 10:50 PM 295 muweb.inf
03/27/2007 04:00 PM 5,021 swflash.inf
05/26/2005 04:19 AM 291 wuweb.inf
4 Datei(en) 5,672 Bytes
0 Verzeichnis(se), 240,475,914,240 Bytes frei
.
.
.
Logfile 2: Systemtemp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\DOKUME~1\jockl40\LOKALE~1\Temp

07/02/2007 09:31 PM 289 datFind.zip
07/02/2007 09:29 PM 124,154 datfind.txt
07/02/2007 09:20 PM 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}25798.html
07/02/2007 09:20 PM 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}4576.html
07/02/2007 09:20 PM 16,384 ~DFC6AE.tmp
07/02/2007 09:20 PM 512 ~DFBF7A.tmp
07/02/2007 09:20 PM 16,384 ~DFBF6F.tmp
07/02/2007 07:25 PM 0 is33.tmp
07/02/2007 07:25 PM 0 is22.tmp
07/02/2007 07:24 PM 0 isC.tmp
07/02/2007 07:24 PM 22,253 Turkish.bin
07/02/2007 07:24 PM 21,964 Norwegian.bin
07/02/2007 07:24 PM 26,080 Hungarian.bin
07/02/2007 07:24 PM 19,553 Hebrew.bin
07/02/2007 07:24 PM 22,857 Finnish.bin
07/02/2007 07:24 PM 24,312 Czech.bin
07/02/2007 07:24 PM 25,071 Portuguese(Brazil).bin
07/02/2007 07:24 PM 24,221 Polish.bin
07/02/2007 07:24 PM 25,082 Greek.bin
07/02/2007 07:24 PM 20,972 Arabic.bin
07/02/2007 07:24 PM 21,976 Thai.bin
07/02/2007 07:24 PM 16,408 SimChin.bin
07/02/2007 07:24 PM 21,914 English.bin
07/02/2007 07:24 PM 26,260 Portuguese.bin
07/02/2007 07:24 PM 24,082 SWEDISH.bin
07/02/2007 07:24 PM 27,753 Spanish.bin
07/02/2007 07:24 PM 26,126 Russian.bin
07/02/2007 07:24 PM 27,410 Italian.bin
07/02/2007 07:24 PM 25,753 German.bin
07/02/2007 07:24 PM 27,235 French.bin
07/02/2007 07:24 PM 16,949 TradChin.bin
07/02/2007 07:24 PM 25,747 Dutch.bin
07/02/2007 07:24 PM 22,783 Danish.bin
07/02/2007 07:24 PM 20,135 Korean.bin
07/02/2007 07:24 PM 24,297 Japanese.bin
07/02/2007 07:23 PM 3,494 4e34_appcompat.txt
07/02/2007 07:10 PM 16,132 log.txt
07/02/2007 06:55 PM 0 xx6
07/02/2007 06:55 PM 0 xx3
07/02/2007 06:55 PM 0 xx5
07/02/2007 06:55 PM 0 xx4
07/02/2007 06:55 PM 0 xx2
07/02/2007 06:41 PM 16,384 ~DF22B2.tmp
07/02/2007 06:41 PM 16,384 ~DF1A0F.tmp
44 Datei(en) 799,271 Bytes
0 Verzeichnis(se), 240,473,616,384 Bytes frei


Logfile 3: WINDOWS TXT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS

07/02/2007 09:27 PM 74,425 KB899587.log
07/02/2007 09:27 PM 73,877 KB927779.log
07/02/2007 09:27 PM 70,541 KB927802.log
07/02/2007 09:27 PM 70,876 KB924191.log
07/02/2007 09:27 PM 70,461 KB922819.log
07/02/2007 09:27 PM 66,696 KB885835.log
07/02/2007 09:27 PM 65,166 KB885836.log
07/02/2007 09:27 PM 68,657 KB923414.log
07/02/2007 09:27 PM 69,473 KB928255.log
07/02/2007 09:27 PM 73,300 KB931784.log
07/02/2007 09:27 PM 70,257 KB929969.log
07/02/2007 09:27 PM 57,958 KB911927.log
07/02/2007 09:27 PM 67,643 KB901017.log
07/02/2007 09:27 PM 67,934 KB899591.log
07/02/2007 09:27 PM 67,517 KB920685.log
07/02/2007 09:27 PM 68,121 KB893756.log
07/02/2007 09:27 PM 67,704 KB923980.log
07/02/2007 09:27 PM 67,074 KB911280.log
07/02/2007 09:27 PM 66,535 KB911562.log
07/02/2007 09:27 PM 58,200 KB924667.log
07/02/2007 09:27 PM 69,796 KB900485.log
07/02/2007 09:26 PM 378,244 setupapi.log
07/02/2007 09:26 PM 65,729 KB924270.log
07/02/2007 09:26 PM 63,875 KB931261.log
07/02/2007 09:26 PM 63,912 KB924496.log
07/02/2007 09:26 PM 68,138 KB931836.log
07/02/2007 09:26 PM 61,915 KB896358.log
07/02/2007 09:26 PM 46,561 KB933566.log
07/02/2007 09:26 PM 58,782 KB925902.log
07/02/2007 09:26 PM 32,869 KB929123.log
07/02/2007 09:26 PM 60,363 KB920670.log
07/02/2007 09:26 PM 60,048 KB891781.log
07/02/2007 09:26 PM 60,578 KB918439.log
07/02/2007 09:26 PM 65,656 KB902400.log
07/02/2007 09:26 PM 57,392 KB890046.log
07/02/2007 09:26 PM 62,618 KB920872.log
07/02/2007 09:26 PM 45,166 KB930178.log
07/02/2007 09:26 PM 57,462 KB919007.log
07/02/2007 09:26 PM 57,781 KB914388.log
07/02/2007 09:26 PM 58,647 KB917344.log
07/02/2007 09:26 PM 56,871 KB905414.log
07/02/2007 09:26 PM 56,069 KB917953.log
07/02/2007 09:26 PM 57,241 KB932168.log
07/02/2007 09:26 PM 55,343 KB901214.log
07/02/2007 09:25 PM 47,650 KB923191.log
07/02/2007 09:25 PM 51,947 KB918118.log
07/02/2007 09:25 PM 52,025 KB926255.log
07/02/2007 09:25 PM 50,852 KB888302.log
07/02/2007 09:25 PM 52,698 KB900725.log
07/02/2007 09:25 PM 51,097 KB920213.log
07/02/2007 09:25 PM 50,815 KB916595.log
07/02/2007 09:25 PM 49,590 KB930916.log
07/02/2007 09:25 PM 49,281 KB904706.log
07/02/2007 09:25 PM 49,859 KB908531.log
07/02/2007 09:25 PM 49,350 KB905749.log
07/02/2007 09:25 PM 49,542 KB913580.log
07/02/2007 09:25 PM 42,164 KB896428.log
07/02/2007 09:25 PM 37,560 KB935839.log
07/02/2007 09:25 PM 48,322 KB894391.log
07/02/2007 09:25 PM 45,983 KB908519.log
07/02/2007 09:25 PM 46,219 KB920683.log
07/02/2007 09:25 PM 47,051 KB914389.log
07/02/2007 09:25 PM 50,858 KB890859.log
07/02/2007 09:25 PM 42,785 KB928843.log
07/02/2007 09:24 PM 2,009,791 WindowsUpdate.log
07/02/2007 09:01 PM 0 0.log
07/02/2007 09:01 PM 50 wiaservc.log
07/02/2007 09:01 PM 159 wiadebug.log
07/02/2007 09:01 PM 2,048 bootstat.dat
07/02/2007 09:00 PM 10,330 SchedLgU.Txt
07/02/2007 08:32 PM 54,643 KB926436.log
07/02/2007 08:31 PM 35,082 KB935840.log
07/02/2007 08:30 PM 60,954 KB873339.log
07/02/2007 07:44 PM 232,908 ntbtlog.txt
07/02/2007 06:53 PM 1,789 mozver.dat
07/01/2007 09:31 PM 69 NeroDigital.ini
06/28/2007 03:00 AM 678,899 iis6.log
06/28/2007 03:00 AM 210,963 comsetup.log
06/28/2007 03:00 AM 122,853 ntdtcsetup.log
06/28/2007 03:00 AM 1,374 imsins.log
06/28/2007 03:00 AM 31,182 ocmsn.log
06/28/2007 03:00 AM 29,250 tabletoc.log
06/28/2007 03:00 AM 263,820 tsoc.log
06/28/2007 03:00 AM 50,763 KB896423.log
06/28/2007 03:00 AM 98,718 netfxocm.log
06/28/2007 03:00 AM 28,372 msgsocm.log
06/28/2007 03:00 AM 39,670 MedCtrOC.log
06/28/2007 03:00 AM 280,240 ocgen.log
06/28/2007 03:00 AM 554,813 FaxSetup.log
06/28/2007 03:00 AM 181,518 msmqinst.log
06/28/2007 03:00 AM 26,444 updspapi.log
06/27/2007 07:12 PM 1,374 imsins.BAK
06/27/2007 07:12 PM 11,739 KB893803v2.log
06/27/2007 05:40 PM 809,048 setuplog.txt
06/27/2007 05:38 PM 2,327 spupdsvc.log
06/27/2007 05:37 PM 87,083 setupact.log
06/27/2007 05:34 PM 42,234 wmsetup.log
06/27/2007 05:34 PM 316,640 WMSysPr9.prx
06/27/2007 05:34 PM 1,272 OEWABLog.txt
06/27/2007 05:33 PM 4,161 ODBCINST.INI
06/27/2007 05:33 PM 749 WindowsShell.Manifest
06/27/2007 05:32 PM 329 setuperr.log
06/27/2007 05:32 PM 603 win.ini
06/27/2007 05:32 PM 2,065 sessmgr.setup.log
06/27/2007 05:31 PM 253 DtcInstall.log
06/27/2007 05:31 PM 373 cmsetacl.log
06/27/2007 05:25 PM 2,872 regopt.log
06/27/2007 05:25 PM 259 system.ini
06/27/2007 05:16 PM 12,237 WINNT32.LOG
06/27/2007 05:15 PM 842 UPGRADE.TXT
06/27/2007 05:15 PM 35,238 wsdu.log
06/27/2007 05:14 PM 356 DHCPUPG.LOG
06/27/2007 04:24 PM 8,589 KB892130.log
06/27/2007 04:24 PM 522,659 setupapi.old
06/27/2007 04:20 PM 3,962 WgaNotify.log
06/25/2007 05:39 PM 13,708 DPINST.LOG
06/21/2007 12:34 PM 185 PartyGrabber.ini
06/16/2007 02:12 AM 3,456 KB885884.log
06/14/2007 03:43 PM 400 ODBC.INI
06/11/2007 09:01 PM 95 winamp.ini
06/11/2007 08:41 PM 50 cdplayer.ini
06/09/2007 04:50 PM 98,304 system32CmdLineExt.dll
06/06/2007 09:42 PM 32,819 Directx.log
06/05/2007 09:50 PM 29,725 KB917734.log
06/05/2007 09:49 PM 32,300 KB935448.log
06/05/2007 09:49 PM 29,913 KB925398.log
06/05/2007 09:48 PM 30,360 KB927891.log
06/05/2007 09:48 PM 36,253 KB887472.log
06/05/2007 09:48 PM 33,829 KB931768.log
06/05/2007 09:48 PM 27,694 KB910437.log
06/05/2007 09:48 PM 24,648 KB923689.log
06/05/2007 09:48 PM 22,436 KB911564.log
06/05/2007 09:46 PM 28,517 KB917422.log
06/05/2007 09:46 PM 21,932 KB922582.log
06/05/2007 09:46 PM 16,970 KB886185.log
06/05/2007 09:46 PM 23,613 KB923694.log
06/05/2007 05:24 AM 87,552 catchme.exe
06/04/2007 05:25 PM 315,392 HideWin.exe
06/04/2007 02:36 PM 6,577 KB888111.log
06/03/2007 08:00 PM 4,382 WGA.log
06/03/2007 08:00 PM 7,352 KB898461.log
06/03/2007 08:00 PM 0 Sti_Trace.log
06/03/2007 07:16 PM 8,192 REGLOCS.OLD
06/03/2007 07:13 PM 0 control.ini
06/03/2007 07:10 PM 36 vb.ini
06/03/2007 07:10 PM 37 vbaddin.ini
05/10/2007 06:08 PM 16,342,528 RTHDCPL.exe
05/07/2007 06:51 PM 1,826,816 SkyTel.exe
04/25/2007 04:55 PM 2,162,688 MicCal.exe


Logfile 4: TEMP

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\temp

07/02/2007 07:24 PM 71,816 pwie55.log
07/02/2007 07:24 PM 9,257 tpm2066.log
2 Datei(en) 81,073 Bytes
0 Verzeichnis(se), 240,473,518,080 Bytes frei


Logfile 5: DOWN

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06/27/2007 05:33 PM 65 desktop.ini
04/16/2007 10:50 PM 295 muweb.inf
03/27/2007 04:00 PM 5,021 swflash.inf
05/26/2005 04:19 AM 291 wuweb.inf
4 Datei(en) 5,672 Bytes
0 Verzeichnis(se), 240,473,518,080 Bytes frei

Logfile 6: SYS

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8017-2618

Verzeichnis von C:\

07/02/2007 09:34 PM 0 sys.txt
07/02/2007 09:34 PM 452 down.txt
07/02/2007 09:34 PM 331 tmp.txt
07/02/2007 09:34 PM 10,744 system.txt
07/02/2007 09:34 PM 2,588 systemtemp.txt
07/02/2007 09:34 PM 109,949 system32.txt
07/02/2007 09:01 PM 1,610,612,736 pagefile.sys
07/02/2007 07:10 PM 16,132 ComboFix.txt
07/02/2007 05:16 PM 16,209 ComboFix2.txt
07/02/2007 04:15 PM 16,357 ComboFix3.txt
06/27/2007 05:31 PM 211 boot.ini
06/05/2007 08:03 PM 6,529,028 test.wmv
06/05/2007 07:46 PM 5,009,985,284 halo3_2avi.avi
06/05/2007 06:55 PM 62,436,230 halo3.avi
06/05/2007 06:08 PM 259,179,152 halo_fertigneu.avi
06/04/2007 02:44 PM 33 ALCSetup.log
06/03/2007 07:13 PM 0 MSDOS.SYS
06/03/2007 07:13 PM 0 IO.SYS
06/03/2007 07:13 PM 0 CONFIG.SYS
06/03/2007 07:13 PM 0 AUTOEXEC.BAT
08/04/2004 02:00 PM 4,952 bootfont.bin
08/04/2004 02:00 PM 47,564 NTDETECT.COM
08/04/2004 02:00 PM 251,184 ntldr
23 Datei(en) 6,949,219,136 Bytes
0 Verzeichnis(se), 240,473,526,272 Bytes frei


Hoffentlich kann mirm jemand helfen. Ansonsten muss ich wohl oder übel format c: durchführen

#2 Fang bitte nicht mit jedem Posting ein neues Thema/Thread an, bleib bitte bei deinem Vorherigen.

Neu Aufsetzen ist natuerlich die sauberste Sache!
__________
MfG Ralf
SEO-Spam Hunter

#3 Download SDFix zum Desktop

Starte im abgesicherten Modus:
http://www.bsi.bund.de/av/texte/wiederher.htm

SDFix.zip entpacken
unter C:\ findet man nun den SDFix-Ordner

Doppelklick RunThis.bat
Schreibe: Y folge allen Anweisungen
Dann wird der Rechner neustarten
SDFix entfernt jetzt die gefundene Objekte
Kopiere den Inhalt des Berichts “SophosReport.txt” der jetzt auf dein Desktop steht in diesen Thread
Und ein log von Hijack This
__________
MfG Argus