autoplay in Laufwerk C und suchfunktion bei CD Laufwerk

#1 Hi hatte mir einen Trojaner eingefangen den ich mit Kaspersky loeschen wollte und auch habe. (denke ich)

Nur hat als ich Kaspersky extra dafuer installiert habe dieses irgentwie ueber alles aufgeregt was ich gemacht habe.
Es hat ein paar (Invader gefunden und geloescht sowie 3 Tojaner.
Nach dem ich dann Kaspersky wieder deinstalliert habe und wie gewohnt auf meine Externe Festplatte klicken wollte kahm die Meldung:

Windows cannot find 'copy.exe'. Make sure you typed the name correctly and try again.

Wenn ich rechtsklick auf meine externe Festplatte oder auf Laufwerk C mache steht autoplay an erster stelle was mich sehr wundert.

Wenn ich rechtklick auf mein DVD Laufwerk mache steht die Suchfunktion an erster stellle. Also bei doppelklick auf dieses oeffnet er das suche Datei Fenster.

Hoffe das ihr mir helfen koennt danke schon mal fuer antworten.

PS: befinde mich in Australien deswegen die englische Meldung

#2 Tempest

um zu sehen, was los ist, arbeite das ab und poste die logs
http://board.protecus.de/t23188.htm
__________
MfG Sabina

rund um die PC-Sicherheit

#3 So hier die gewuenschten daten.

Logfile of HijackThis v1.99.1
Scan saved at 5:51:54 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDsnJKz/X5X
zqAjX7PHdH5Xiz/UyDJJq8a+Qaf8La1
+hoAD2pKiAHiCI5ET7sO0cFCsD5WKOd/K23LDMJs0dTCY0e0Tics2G2aI4yteoEL0V54aT/EAfvuMqy4GIz158yXCS
V6GXN6AeRTmlZDNnHeM/SRmbv+xywXmdJ8Avv1mzN4zQHWZmaHgw==
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: XBTB04651 Class - {1EAD0E5F-8B93-4c28-90BD-A9672968D6E3} - C:\DOCUME~1\Steve\Desktop\CHALLE~1\RACING~1.DLL (file missing)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ogleac] c:\windows\system32\ogleac.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE OptiView Camera
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk571YYAU
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04BEAB9D-5C42-4C40-BBF0-C6C7470AD2B2} (CupidBar) - http://www.incredidate.com/increditoolbar/Cupidstoolbar.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jdhitchen.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113228956671
O16 - DPF: {7A02704D-EAC8-45AF-B408-27D6FBA6C26D} (CandyBarBGM Control) - http://www.candybar.co.kr/common/ax/CandyBarBGM.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=1&id=60764&1s&ex&ppd=4
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.offexploring.com/journal/imageupload/ImageUploader3.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v7.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B263D942-0E20-481C-93C5-FBBB693AF9BC}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB424ACA-8024-4DD7-886E-98B9B1082A0F}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{D04D2625-8B51-49A7-B15D-28819779CB1E}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B18526-254D-4EE2-AEBB-BB1511F8F96D}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDC8F7D-809D-49D1-8949-5F5E96D48E15}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.110
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe







"Tim" - 07-04-02 18:25:20 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Tim\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\temp1.exe
c:\autorun.inf
f:\autorun.inf
f:\host.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\install.log
C:\WINDOWS\autorun.inf
C:\WINDOWS\xcopy.exe
C:\Program Files\outlook


((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))


2007-04-01 15:52 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-01 14:25 <DIR> d-------- C:\Program Files\GetData
2007-04-01 14:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-01 14:19 5,699,136 --a------ C:\BurnMyFiles-Setup.exe
2007-04-01 14:05 120,832 --a------ C:\tweakui.exe
2007-04-01 12:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-04-01 12:11 <DIR> d-------- C:\kav
2007-03-31 10:37 <DIR> d-------- C:\Clayton
2007-03-27 22:11 <DIR> d-------- C:\Program Files\MovieCommander
2007-03-24 07:06 <DIR> d-------- C:\DOCUME~1\TENNAN~1\APPLIC~1\FunWebProducts
2007-03-23 19:41 152,576 -ra------ C:\WINDOWS\system32\drivers\LV532AV.SYS
2007-03-22 05:02 <DIR> d-------- C:\DOCUME~1\TENNAN~1\APPLIC~1\Sony Corporation
2007-03-21 16:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\SonicStage
2007-03-21 16:10 90,112 --------- C:\WINDOWS\snymsico.dll
2007-03-21 16:10 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2007-03-21 16:10 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2007-03-21 16:10 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2007-03-21 16:10 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2007-03-21 16:10 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2007-03-21 16:10 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2007-03-21 16:10 <DIR> d-------- C:\Program Files\Sony Corporation
2007-03-21 16:09 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2007-03-21 16:09 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2007-03-21 16:09 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2007-03-21 16:09 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2007-03-21 16:09 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-21 16:09 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2007-03-21 16:09 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-21 16:09 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-21 16:09 <DIR> d-------- C:\Program Files\Sony
2007-03-21 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-03-21 16:08 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-03-21 16:08 <DIR> d-------- C:\DOCUME~1\Tim\APPLIC~1\Sony Corporation
2007-03-21 13:51 <DIR> d-------- C:\DOCUME~1\TENNAN~1\.limewire
2007-03-21 11:02 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr
2007-03-21 11:02 <DIR> d-------- C:\Program Files\MyWebSearch
2007-03-21 11:01 <DIR> d-------- C:\Program Files\FunWebProducts
2007-03-08 19:20 <DIR> d-------- C:\DOCUME~1\Tim\APPLIC~1\EPSON
2007-03-03 12:46 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-03 12:46 <DIR> d-------- C:\DOCUME~1\TENNAN~1\APPLIC~1\U3


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-29 16:05 -------- d-------- C:\Program Files\microsoft games
2007-03-23 19:58 -------- d-------- C:\DOCUME~1\Tim\APPLIC~1\teamspeak2
2007-03-21 16:10 -------- d--h----- C:\Program Files\installshield installation information
2007-03-21 11:02 -------- d-------- C:\Program Files\msn messenger
2007-03-10 08:14 -------- d-------- C:\DOCUME~1\Tim\APPLIC~1\ventrilo
2007-02-28 14:21 -------- d-------- C:\Program Files\epson
2007-02-15 17:33 -------- d-------- C:\Program Files\lemonade tycoon 2
2007-02-15 17:31 -------- d-------- C:\Program Files\pacificpoker
2007-02-09 07:13 -------- d-------- C:\Program Files\ventrilo
2007-02-09 07:13 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-02-03 19:08 -------- d-------- C:\Program Files\reflexivearcade


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ogleac"="c:\\windows\\system32\\ogleac.exe"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE OptiView Camera"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"My Web Search Bar Search Scope Monitor"="\"C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe\" /m=0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Common Files\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evihkyo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hyfzp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Jnberdg\\Hyfzp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="imc"
"hkey"="HKCU"
"command"="C:\\Program Files\\FriendFinder\\FriendFinder Messenger 30\\imc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="istsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\ISTsvc\\istsvc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[color=red]SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38146374-6cf4-11da-8cba-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44af056b-d46d-11db-bd79-0011506671f7}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80f06a0f-b1cf-11db-bd3b-0011506671f7}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b30c4b4-8ab8-11db-bd25-0011506671f7}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-02 18:29:07











Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\WINDOWS\system32

04/02/2007 04:05 PM 1,374 wpa.dbl
03/27/2007 11:17 PM 328,168 perfh009.dat
03/27/2007 11:17 PM 43,832 perfc009.dat
03/27/2007 11:17 PM 376,266 PerfStringBackup.INI
03/21/2007 11:02 AM 28,672 f3PSSavr.scr
03/08/2007 04:36 AM 12,619,736 MRT.exe
02/17/2007 02:01 AM 126,224 TZLog.log
02/17/2007 02:01 AM 4,681 MRT.INI
02/15/2007 05:01 PM 336,768 WgaTray.exe
02/15/2007 05:01 PM 1,476,992 LegitCheckControl.dll
02/15/2007 05:00 PM 236,928 WgaLogon.dll
01/29/2007 04:58 PM 60,416 tzchange.exe
01/24/2007 03:29 AM 546,304 hhctrl.ocx
01/04/2007 10:05 PM 1,498,112 shdocvw.dll
01/04/2007 10:05 PM 474,112 shlwapi.dll
01/04/2007 10:05 PM 1,022,976 browseui.dll
01/04/2007 10:05 PM 151,040 cdfview.dll
01/04/2007 10:05 PM 1,054,208 danim.dll
01/04/2007 06:50 PM 248,320 xpsp3res.dll
12/20/2006 05:52 AM 134,656 shsvcs.dll
12/20/2006 05:52 AM 8,453,632 shell32.dll
12/20/2006 02:16 AM 333,824 wiaservc.dll
12/19/2006 10:15 PM 2,136,064 ntoskrnl.exe
12/19/2006 08:55 PM 2,015,744 ntkrnlpa.exe
12/12/2006 03:28 PM 141,240 FNTCACHE.DAT
12/07/2006 01:29 PM 2,374,472 wmvcore.dll
12/03/2006 10:48 PM 75 LuResult.txt
11/27/2006 10:54 PM 539,136 msftedit.dll
11/27/2006 10:54 PM 433,152 riched20.dll
11/17/2006 02:14 PM 14,640 spmsg.dll
11/08/2006 01:06 PM 679,424 inetcomm.dll
11/07/2006 09:03 PM 3,577,856 mshtml.dll
11/07/2006 09:03 PM 475,648 mshtmled.dll
11/07/2006 09:03 PM 50,688 msfeedsbs.dll
11/07/2006 09:03 PM 191,488 iepeers.dll
11/07/2006 09:03 PM 458,752 msfeeds.dll
11/07/2006 09:03 PM 1,162,240 urlmon.dll
11/07/2006 09:03 PM 131,584 extmgr.dll
11/07/2006 09:03 PM 818,688 wininet.dll
11/07/2006 09:03 PM 27,136 jsproxy.dll
11/07/2006 09:03 PM 156,160 msls31.dll
11/07/2006 09:03 PM 670,720 mstime.dll
11/07/2006 09:03 PM 180,736 ieui.dll
11/07/2006 09:03 PM 231,424 webcheck.dll
11/07/2006 09:03 PM 413,696 vbscript.dll
11/07/2006 09:03 PM 6,049,280 ieframe.dll
11/07/2006 03:27 AM 382,976 iedkcs32.dll
11/07/2006 03:27 AM 229,376 ieaksie.dll
11/07/2006 03:26 AM 152,064 ieakeng.dll
11/07/2006 03:26 AM 71,680 admparse.dll
11/07/2006 03:26 AM 55,296 iesetup.dll
11/07/2006 03:26 AM 13,312 ieudinit.exe
11/07/2006 03:26 AM 54,784 ie4uinit.exe
11/07/2006 03:26 AM 43,008 iernonce.dll
11/07/2006 03:26 AM 123,904 advpack.dll
11/07/2006 03:26 AM 92,672 inseng.dll
11/07/2006 03:25 AM 10,240 advpack.dll.mui
11/07/2006 03:25 AM 161,792 ieakui.dll
11/07/2006 03:24 AM 56,483 ieuinit.inf
11/04/2006 02:14 PM 1,245,696 msxml4.dll
11/02/2006 03:17 AM 927,504 mfc40u.dll
10/25/2006 07:15 PM 65,536 QuickTimeVR.qtx
10/25/2006 07:15 PM 49,152 QuickTime.qts
10/19/2006 09:56 PM 713,216 sxs.dll
10/17/2006 12:06 PM 443,904 html.iec
10/17/2006 12:06 PM 78,336 ieencode.dll
10/17/2006 12:05 PM 206,336 WinFXDocObj.exe
10/17/2006 12:05 PM 1,817,088 inetcpl.cpl
10/17/2006 12:05 PM 105,984 url.dll
10/17/2006 12:05 PM 192,000 msrating.dll
10/17/2006 12:05 PM 40,960 licmgr10.dll
10/17/2006 12:04 PM 101,376 occache.dll
10/17/2006 12:03 PM 17,408 corpol.dll
10/17/2006 12:02 PM 991,232 ieframe.dll.mui
10/17/2006 12:00 PM 491,520 jscript.dll
10/17/2006 11:58 AM 12,288 msfeedssync.exe
10/17/2006 11:58 AM 61,952 icardie.dll
10/17/2006 11:58 AM 44,544 pngfilt.dll
10/17/2006 11:58 AM 346,624 dxtmsft.dll
10/17/2006 11:57 AM 36,352 imgutil.dll
10/17/2006 11:57 AM 214,528 dxtrans.dll
10/17/2006 11:57 AM 266,752 iertutil.dll
10/17/2006 11:56 AM 45,568 mshta.exe
10/17/2006 11:55 AM 66,560 tdc.ocx
10/17/2006 11:28 AM 48,128 mshtmler.dll
10/17/2006 11:27 AM 380,928 ieapfltr.dll
10/17/2006 11:19 AM 1,383,424 mshtml.tlb
10/17/2006 12:15 AM 122,880 oledlg.dll
10/15/2006 06:16 PM 1,192 Installer.log
10/15/2006 06:09 PM 4,854 lvcoinst.log
10/14/2006 04:13 PM 981,760 mfc42u.dll
10/13/2006 08:35 PM 142,336 nwprovau.dll

#4 Tempest

1.
wende cleanup an
http://virus-protect.org/cleanup.html

2.
wende fixwareout an und poste den scanreport
http://virus-protect.org/artikel/tools/fixwareout.html

3.
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDsnJKz/X5X
zqAjX7PHdH5Xiz/UyDJJq8a+Qaf8La1
+hoAD2pKiAHiCI5ET7sO0cFCsD5WKOd/K23LDMJs0dTCY0e0Tics2G2aI4yteoEL0V54aT/EAfvuMqy4GIz158yXCS
V6GXN6AeRTmlZDNnHeM/SRmbv+xywXmdJ8Avv1mzN4zQHWZmaHgw==

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: XBTB04651 Class - {1EAD0E5F-8B93-4c28-90BD-A9672968D6E3} - C:\DOCUME~1\Steve\Desktop\CHALLE~1\RACING~1.DLL (file missing)

O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O4 - HKLM\..\Run: [ogleac] c:\windows\system32\ogleac.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk571YYAU

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeFreeInstall.cab

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_24.cab


O17 - HKLM\System\CCS\Services\Tcpip\..\{B263D942-0E20-481C-93C5-FBBB693AF9BC}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB424ACA-8024-4DD7-886E-98B9B1082A0F}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{D04D2625-8B51-49A7-B15D-28819779CB1E}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B18526-254D-4EE2-AEBB-BB1511F8F96D}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDC8F7D-809D-49D1-8949-5F5E96D48E15}: NameServer = 85.255.116.69,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.69 85.255.112.110

PC neustarten

4.
Arbeitsplatz - Systemsteuerung - Netzwerk
Eigenschaften von TCP/IP, Register Allgemein, Option: IP-Adresse automatisch + DNS-Server-Adresse automatisch beziehen - anhaken

5.
Um die Diensteverwaltung explizit aufzurufen, eingeben unter: Start - Ausführen : services.msc
TCP/IP-NetBIOS-Hilfsprogramm - deaktivieren


6.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#5 Ok sorry das ist alles schon fast zu hoch fuer mich.

Was meinst du mit Editor?

Habe da Notpat dann diese Dos funktion, wordpat und den Windows explorer.

Dann wuesste ich auch nicht was du weiter meins. (mit und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an.)

kannst du das noch mal besser erklaeren Bitte?

#6 arbeite erst mal Punkt 1 bis 5 ab und poste dann das log vom <fixwareout + das neue HijackTHis, dann sehen wir weiter
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Ich dachte das haette ich gemacht.

also punkt 1: ist schon gepostet

punkt 2 : Clean up habe ich durchlaufen lassen. (habe bloss nichts eingestellt einfach nur start gedrueckt)

punkt 3: habe ich auch gemacht und gepostet

punkt 4: gemacht und gepostet.

sollte ich irgentwas vergessen haben lag es daran das das alles nicht so einfach ist sorry

#8 wo ist der scanreport vom Fixwareout ?
dann fixe alles mit dem hijackTHis, was ich angegeben habe und poste das neue log vom HijacktHis
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Nach dem ich

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

gemacht habe ist das autoplay verschwunden und serch ist jetzt da.

Also wenn ich doppelklick auf Laufwerk C mache oeffnet sich das suche Fenster von Windows wie schon beim CD Laufwerk.

Haste jetzt ne ahnung was es sein kann?

#10 so kann ich nicht arbeiten - und dein Rechner ist total verseucht - die internetverbindung wird auf einen Server in die Ukraine umgeleitet...usw. usw.
entweder formatiere gleich oder post die logs, die ich sehen moechte.
(fixwareout + das neue Log vom HijackThis)
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Ist das jetzt das neue was du meinst?

Logfile of HijackThis v1.99.1
Scan saved at 7:45:15 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Programme\HijackThis.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


und wenn du schreibst die internetverbindung wird auf einen Server in die Ukraine umgeleitet...
wie schlimm ist das?

#12 Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.Jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#13 Den folgenden Text in den TEXTEditor - findest du unter: (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#14 Ok muss fuer heute schluss machen bei mir ist schon recht spaet jetzt, danke dir erst mal rechtherzlich fuer deine Hilfe und sorry nochmals das ich es dir mit meiner unkompetenz noch schwer mache. Hoffentlich koennen wir das Problem morgen loesen

Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\WINDOWS\Downloaded Program Files

04/26/2004 02:25 PM 403 ATPartners.inf
10/25/2004 05:59 PM 1,996 CandyBarBGM.inf
01/03/2007 09:49 PM <DIR> CONFLICT.1
04/17/2006 04:06 AM <DIR> CONFLICT.10
04/17/2006 04:07 AM <DIR> CONFLICT.11
04/17/2006 04:07 AM <DIR> CONFLICT.12
04/17/2006 04:07 AM <DIR> CONFLICT.13
04/17/2006 04:07 AM <DIR> CONFLICT.14
04/17/2006 04:07 AM <DIR> CONFLICT.15
04/17/2006 04:07 AM <DIR> CONFLICT.16
04/17/2006 04:07 AM <DIR> CONFLICT.17
04/17/2006 04:07 AM <DIR> CONFLICT.18
04/17/2006 04:07 AM <DIR> CONFLICT.19
04/17/2006 04:07 AM <DIR> CONFLICT.2
04/17/2006 04:07 AM <DIR> CONFLICT.20
04/17/2006 04:07 AM <DIR> CONFLICT.21
04/17/2006 04:07 AM <DIR> CONFLICT.22
04/17/2006 04:07 AM <DIR> CONFLICT.23
04/17/2006 04:07 AM <DIR> CONFLICT.24
04/17/2006 04:07 AM <DIR> CONFLICT.25
04/17/2006 04:07 AM <DIR> CONFLICT.26
04/17/2006 04:13 AM <DIR> CONFLICT.27
04/17/2006 04:13 AM <DIR> CONFLICT.28
04/17/2006 04:13 AM <DIR> CONFLICT.29
04/17/2006 04:13 AM <DIR> CONFLICT.3
04/17/2006 04:13 AM <DIR> CONFLICT.30
04/17/2006 04:13 AM <DIR> CONFLICT.31
04/17/2006 04:13 AM <DIR> CONFLICT.4
04/17/2006 04:13 AM <DIR> CONFLICT.5
04/17/2006 04:13 AM <DIR> CONFLICT.6
04/17/2006 04:13 AM <DIR> CONFLICT.7
04/17/2006 04:13 AM <DIR> CONFLICT.8
04/17/2006 04:13 AM <DIR> CONFLICT.9
08/19/2005 03:53 PM 516 CTPID.inf
08/19/2005 03:52 PM 32,768 CTPID.ocx
06/23/2005 03:53 PM 523 CTSUEng.inf
06/22/2005 06:37 PM 225,280 CTSUEng.ocx
07/25/2002 06:13 PM 24,576 dwusplay.dll
07/25/2002 06:13 PM 196,608 dwusplay.exe
02/09/2005 04:54 PM 1,271 erma.inf
07/14/2005 03:28 PM 365 f3initialsetup1.0.0.15-3.inf
05/21/2005 01:36 PM 378 ImageUploader3.inf
07/02/2005 10:02 AM 1,873,432 ImageUploader3.ocx
12/27/2005 07:31 PM 1,467 int_ver34.INF
02/16/2005 05:15 PM 401,408 isusweb.dll
08/25/2003 06:12 PM 1,096 iuctl.inf
11/03/2005 08:24 PM 495 LegitCheckControl.inf
05/29/2003 03:00 PM 160,864 messengerstatsclient.dll
04/06/2004 07:03 PM 172,072 MessengerStatsPAClient.dll
01/20/2000 03:25 PM 1,162 Microsoft XML Parser for Java.osd
05/29/2003 02:00 PM 84,064 minesweeper.dll
02/14/2006 09:36 PM 133,232 miniclipGameLoader.dll
05/29/2003 03:00 PM 77,408 msgrchkr.dll
12/14/2005 10:24 AM 323,272 MsnInstC.dll
12/13/2005 05:10 PM 251 MsnInstC.inf
06/30/2005 03:19 PM 227 MsnMessengerSetupDownloader.inf
08/14/2005 12:26 AM 113,664 MsnMessengerSetupDownloader.ocx
06/20/2006 03:44 PM 379,704 MsnPUpld.dll
06/19/2006 02:40 PM 393 MsnPUpld.inf
06/29/2005 05:17 PM 227 opuc.inf
10/02/2004 10:34 PM 599 OSD28E7.OSD
11/09/2004 04:24 PM 126,976 popcaploader.dll
11/09/2004 01:22 PM 241 popcaploader.inf
05/31/2002 09:19 AM 117,328 puren-gb.dll
09/22/2004 03:59 PM 110,592 PURen-us.dll
01/08/2006 06:24 AM 123 qames.inf
12/04/2006 03:16 PM 144 QTPlugin.inf
09/10/2004 02:52 PM 139,264 ReflexiveWebGameLoader.dll
09/10/2004 02:52 PM 1,430 ReflexiveWebGameLoader.INF
10/02/2004 10:34 PM 151,552 RSGameLoader.dll
11/20/1997 09:23 PM 252 searchsettings.inf
11/20/1997 09:25 PM 34,816 searchsettings.ocx
09/13/2004 04:19 PM 249 SproutLauncher.inf
09/13/2004 04:26 PM 159,744 SproutWebLauncher.dll
11/09/2006 02:36 PM 5,019 swflash.inf
07/25/2006 01:02 PM 81,920 UERS_9999_N91S2507NetInstaller.exe
02/18/2005 10:11 AM 437,488 uploader.ocx
10/27/2002 07:32 PM 3,036 wmv9dmo.inf
06/30/2003 10:41 PM 1,689 WMV9VCM.inf
08/03/2004 02:51 PM 293 wuweb.inf
04/10/2006 03:48 PM 1,195 Yahoo! Pool 2.osd
01/26/2004 06:42 PM 856 yinst.inf
01/26/2004 06:40 PM 133,120 yinsthelper.dll
11/17/2004 10:44 PM 114,728 Zintro.ocx
53 File(s) 5,831,776 bytes
31 Dir(s) 74,539,479,040 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\Program Files

04/02/2007 06:28 PM <DIR> .
04/02/2007 06:28 PM <DIR> ..
12/14/2005 09:40 PM <DIR> AAALOGO
07/09/2006 11:47 PM <DIR> Absolute Poker
02/07/2006 10:28 AM <DIR> AC3Filter
02/26/2007 04:32 PM <DIR> Activision
07/02/2005 06:59 PM <DIR> Adobe
12/12/2006 05:42 PM <DIR> AVSMedia
10/10/2005 08:06 PM <DIR> Belkin
02/25/2006 01:04 AM <DIR> BitLord
03/21/2007 04:08 PM <DIR> Common Files
12/04/2005 06:02 PM <DIR> Creative
06/18/2005 09:37 PM <DIR> directx
12/12/2006 05:44 PM <DIR> dvdSanta
01/20/2005 10:16 PM <DIR> eBlocs
01/19/2007 12:27 PM <DIR> ElastoMania111
12/12/2006 05:49 PM <DIR> EphPod
02/28/2007 02:21 PM <DIR> epson
02/08/2006 08:23 PM <DIR> Freeze.com
11/19/2006 12:10 PM <DIR> FriendFinder
03/21/2007 04:12 PM <DIR> FunWebProducts
10/11/2005 11:20 PM <DIR> fxsgts
08/27/2005 07:48 PM <DIR> FXtrainer
09/05/2005 06:26 AM <DIR> FXtrainerPro
05/01/2006 02:55 PM <DIR> GameHouse
04/02/2006 08:36 AM <DIR> GanymedeNet
04/01/2007 02:25 PM <DIR> GetData
02/17/2007 01:17 PM <DIR> Grisoft
11/18/2006 03:13 PM <DIR> IncrediMail
04/14/2006 02:59 PM <DIR> Infogrames
11/28/2005 02:41 PM <DIR> Intel
04/01/2007 06:36 PM <DIR> Internet Explorer
12/13/2006 04:40 PM <DIR> iPod
12/15/2005 12:03 AM <DIR> IrfanView
12/13/2006 04:40 PM <DIR> iTunes
04/16/2006 06:17 PM <DIR> Java
04/17/2006 01:53 AM <DIR> Jnberdg
12/12/2006 05:51 PM <DIR> JpegSizer 5
04/01/2007 12:12 PM <DIR> Kaspersky Lab
11/28/2005 03:31 PM <DIR> Lavasoft
02/15/2007 05:33 PM <DIR> Lemonade Tycoon 2
06/11/2006 01:24 PM 359,112 LimeWireWin.exe
01/16/2005 10:46 PM <DIR> linksw
12/12/2006 05:52 PM <DIR> Logitech
12/14/2005 09:40 PM <DIR> Logo Cre8or
03/25/2005 11:21 AM <DIR> LucasArts
11/28/2005 02:57 PM <DIR> Marvell
01/29/2006 06:44 PM <DIR> Messenger
12/22/2005 06:04 PM <DIR> microsoft frontpage
03/29/2007 04:05 PM <DIR> Microsoft Games
12/12/2006 05:55 PM <DIR> Microsoft Office
07/08/2006 09:38 PM <DIR> Mingjong
12/12/2006 05:56 PM <DIR> mIRC
12/18/2005 12:22 PM <DIR> Movie Maker
03/27/2007 10:11 PM <DIR> MovieCommander
12/12/2006 05:56 PM <DIR> Mozilla Firefox
12/14/2005 11:49 PM <DIR> MSN
05/05/2004 10:23 AM <DIR> MSN Gaming Zone
03/21/2007 11:02 AM <DIR> MSN Messenger
03/06/2006 06:07 PM <DIR> MusicMatch
03/21/2007 11:02 AM <DIR> MyWebSearch
04/30/2006 11:44 AM <DIR> Nero
10/07/2005 10:08 AM <DIR> NetComm
01/29/2006 06:44 PM <DIR> NetMeeting
12/03/2006 10:51 PM <DIR> Norton AntiVirus
11/11/2006 12:49 PM <DIR> Oberon Media
12/14/2005 09:35 PM <DIR> OfficeUpdate11
05/05/2004 10:26 AM <DIR> Online Services
02/25/2006 12:54 AM <DIR> OpenOffice.org 2.0
12/14/2005 09:37 PM <DIR> OpenOffice.org1.1.5
12/13/2006 09:14 PM <DIR> Outlook Express
02/15/2007 05:31 PM <DIR> PacificPoker
11/28/2005 12:09 PM <DIR> PowerQuest
12/13/2006 04:40 PM <DIR> QuickTime
12/20/2006 10:42 PM <DIR> Realtek
02/03/2007 07:08 PM <DIR> ReflexiveArcade
12/12/2006 05:59 PM <DIR> SiS Compatible VGA V2.05a.01
10/06/2006 03:44 PM 12,841,240 SkypeSetup.exe
03/21/2007 04:10 PM <DIR> Sony
03/21/2007 04:10 PM <DIR> Sony Corporation
07/09/2006 11:54 PM <DIR> SPYWAREfighter
12/03/2006 10:41 PM <DIR> The Weather Channel FW
04/13/2005 05:19 PM <DIR> THQ
02/09/2006 07:56 AM <DIR> VCW VicMan's Photo Editor
02/09/2007 07:13 AM <DIR> Ventrilo
12/12/2006 06:03 PM <DIR> Virtools
10/26/2005 05:24 PM <DIR> WebCams
04/03/2006 10:13 PM <DIR> WinAntiSpyware 2006 Scanner
12/12/2006 06:02 PM <DIR> Windows Live Toolbar
03/24/2005 03:00 AM <DIR> Windows Media Components
03/05/2007 04:39 PM <DIR> Windows Media Player
12/18/2005 12:22 PM <DIR> Windows NT
12/15/2005 12:10 AM <DIR> WinMX
11/04/2006 09:12 PM <DIR> WinZip
09/29/2006 05:49 PM 3,030,016 wrar351.exe
10/25/2006 05:16 PM 1,035,090 wrar361.exe
05/05/2004 10:28 AM <DIR> xerox
04/17/2006 01:16 AM <DIR> XoftSpy
12/12/2006 06:02 PM <DIR> Yahoo!
07/22/2005 11:44 AM <DIR> Zsysdrive
03/16/2006 04:48 PM <DIR> _uninstallation_info
4 File(s) 17,265,458 bytes
97 Dir(s) 74,539,474,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\WINDOWS\Temp

04/02/2007 06:31 PM <DIR> .
04/02/2007 06:31 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 74,539,474,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\Temp

03/31/2007 04:44 PM <DIR> .
03/31/2007 04:44 PM <DIR> ..
11/18/2006 03:08 PM 21,290,704 AdbeRdr708_en_US.exe
10/04/2005 10:42 PM 1,284 article.htm
04/01/2007 12:10 PM 21,793 debug.txt
05/17/2005 12:17 PM 5,228,544 diagcd20.iso
06/18/2005 09:23 PM 24,576 IadHide3.dll
11/18/2006 02:54 PM 7,050,552 psa30se_en_us.exe
03/31/2007 04:59 PM 452,715 WMALog.txt
11/18/2006 02:52 PM 762,512 ytb612_efgsip.exe
8 File(s) 34,832,680 bytes
2 Dir(s) 74,539,474,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\

Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\Windows\tasks

Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\WINDOWS\Downloaded Program Files

04-04-26 14:25 403 ATPartners.inf
07-04-02 19:11 <DIR> CONFLICT.1
06-04-17 04:06 <DIR> CONFLICT.10
06-04-17 04:07 <DIR> CONFLICT.11
06-04-17 04:07 <DIR> CONFLICT.12
06-04-17 04:07 <DIR> CONFLICT.13
06-04-17 04:07 <DIR> CONFLICT.14
06-04-17 04:07 <DIR> CONFLICT.15
06-04-17 04:07 <DIR> CONFLICT.16
06-04-17 04:07 <DIR> CONFLICT.17
06-04-17 04:07 <DIR> CONFLICT.18
06-04-17 04:07 <DIR> CONFLICT.19
06-04-17 04:07 <DIR> CONFLICT.2
06-04-17 04:07 <DIR> CONFLICT.20
06-04-17 04:07 <DIR> CONFLICT.21
06-04-17 04:07 <DIR> CONFLICT.22
06-04-17 04:07 <DIR> CONFLICT.23
06-04-17 04:07 <DIR> CONFLICT.24
06-04-17 04:07 <DIR> CONFLICT.25
06-04-17 04:07 <DIR> CONFLICT.26
06-04-17 04:13 <DIR> CONFLICT.27
06-04-17 04:13 <DIR> CONFLICT.28
06-04-17 04:13 <DIR> CONFLICT.29
06-04-17 04:13 <DIR> CONFLICT.3
06-04-17 04:13 <DIR> CONFLICT.30
07-04-02 19:11 <DIR> CONFLICT.31
06-04-17 04:13 <DIR> CONFLICT.4
06-04-17 04:13 <DIR> CONFLICT.5
06-04-17 04:13 <DIR> CONFLICT.6
06-04-17 04:13 <DIR> CONFLICT.7
06-04-17 04:13 <DIR> CONFLICT.8
06-04-17 04:13 <DIR> CONFLICT.9
05-08-19 15:53 516 CTPID.inf
05-08-19 15:52 32,768 CTPID.ocx
05-06-23 15:53 523 CTSUEng.inf
05-06-22 18:37 225,280 CTSUEng.ocx
02-07-25 18:13 24,576 dwusplay.dll
02-07-25 18:13 196,608 dwusplay.exe
05-02-09 16:54 1,271 erma.inf
05-02-16 17:15 401,408 isusweb.dll
03-08-25 18:12 1,096 iuctl.inf
05-11-03 20:24 495 LegitCheckControl.inf
00-01-20 15:25 1,162 Microsoft XML Parser for Java.osd
05-06-29 17:17 227 opuc.inf
04-10-02 22:34 599 OSD28E7.OSD
02-05-31 09:19 117,328 puren-gb.dll
04-09-22 15:59 110,592 PURen-us.dll
06-12-04 15:16 144 QTPlugin.inf
04-10-02 22:34 151,552 RSGameLoader.dll
06-11-09 14:36 5,019 swflash.inf
06-07-25 13:02 81,920 UERS_9999_N91S2507NetInstaller.exe
02-10-27 19:32 3,036 wmv9dmo.inf
03-06-30 22:41 1,689 WMV9VCM.inf
04-01-26 18:42 856 yinst.inf
04-01-26 18:40 133,120 yinsthelper.dll
24 File(s) 1,492,188 bytes
31 Dir(s) 74,108,243,968 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\Program Files

07-04-02 19:27 <DIR> .
07-04-02 19:27 <DIR> ..
05-12-14 21:40 <DIR> AAALOGO
06-07-09 23:47 <DIR> Absolute Poker
06-02-07 10:28 <DIR> AC3Filter
07-02-26 16:32 <DIR> Activision
05-07-02 18:59 <DIR> Adobe
06-12-12 17:42 <DIR> AVSMedia
05-10-10 20:06 <DIR> Belkin
06-02-25 01:04 <DIR> BitLord
07-03-21 16:08 <DIR> Common Files
05-12-04 18:02 <DIR> Creative
05-06-18 21:37 <DIR> directx
06-12-12 17:44 <DIR> dvdSanta
05-01-20 22:16 <DIR> eBlocs
07-01-19 12:27 <DIR> ElastoMania111
06-12-12 17:49 <DIR> EphPod
07-02-28 14:21 <DIR> epson
06-02-08 20:23 <DIR> Freeze.com
06-11-19 12:10 <DIR> FriendFinder
07-03-21 16:12 <DIR> FunWebProducts
05-10-11 23:20 <DIR> fxsgts
05-08-27 19:48 <DIR> FXtrainer
05-09-05 06:26 <DIR> FXtrainerPro
06-05-01 14:55 <DIR> GameHouse
06-04-02 08:36 <DIR> GanymedeNet
07-04-01 14:25 <DIR> GetData
07-02-17 13:17 <DIR> Grisoft
06-11-18 15:13 <DIR> IncrediMail
06-04-14 14:59 <DIR> Infogrames
05-11-28 14:41 <DIR> Intel
07-04-01 18:36 <DIR> Internet Explorer
06-12-13 16:40 <DIR> iPod
05-12-15 00:03 <DIR> IrfanView
06-12-13 16:40 <DIR> iTunes
06-04-16 18:17 <DIR> Java
06-04-17 01:53 <DIR> Jnberdg
06-12-12 17:51 <DIR> JpegSizer 5
07-04-01 12:12 <DIR> Kaspersky Lab
05-11-28 15:31 <DIR> Lavasoft
07-02-15 17:33 <DIR> Lemonade Tycoon 2
06-06-11 13:24 359,112 LimeWireWin.exe
05-01-16 22:46 <DIR> linksw
06-12-12 17:52 <DIR> Logitech
05-12-14 21:40 <DIR> Logo Cre8or
05-03-25 11:21 <DIR> LucasArts
05-11-28 14:57 <DIR> Marvell
06-01-29 18:44 <DIR> Messenger
05-12-22 18:04 <DIR> microsoft frontpage
07-03-29 16:05 <DIR> Microsoft Games
06-12-12 17:55 <DIR> Microsoft Office
06-07-08 21:38 <DIR> Mingjong
06-12-12 17:56 <DIR> mIRC
05-12-18 12:22 <DIR> Movie Maker
07-03-27 22:11 <DIR> MovieCommander
06-12-12 17:56 <DIR> Mozilla Firefox
05-12-14 23:49 <DIR> MSN
04-05-05 10:23 <DIR> MSN Gaming Zone
07-03-21 11:02 <DIR> MSN Messenger
06-03-06 18:07 <DIR> MusicMatch
07-03-21 11:02 <DIR> MyWebSearch
06-04-30 11:44 <DIR> Nero
05-10-07 10:08 <DIR> NetComm
06-01-29 18:44 <DIR> NetMeeting
06-12-03 22:51 <DIR> Norton AntiVirus
06-11-11 12:49 <DIR> Oberon Media
05-12-14 21:35 <DIR> OfficeUpdate11
04-05-05 10:26 <DIR> Online Services
06-02-25 00:54 <DIR> OpenOffice.org 2.0
05-12-14 21:37 <DIR> OpenOffice.org1.1.5
06-12-13 21:14 <DIR> Outlook Express
07-02-15 17:31 <DIR> PacificPoker
07-04-02 19:27 <DIR> PENTAX
05-11-28 12:09 <DIR> PowerQuest
06-12-13 16:40 <DIR> QuickTime
06-12-20 22:42 <DIR> Realtek
07-02-03 19:08 <DIR> ReflexiveArcade
06-12-12 17:59 <DIR> SiS Compatible VGA V2.05a.01
06-10-06 15:44 12,841,240 SkypeSetup.exe
07-03-21 16:10 <DIR> Sony
07-03-21 16:10 <DIR> Sony Corporation
06-07-09 23:54 <DIR> SPYWAREfighter
06-12-03 22:41 <DIR> The Weather Channel FW
05-04-13 17:19 <DIR> THQ
06-02-09 07:56 <DIR> VCW VicMan's Photo Editor
07-02-09 07:13 <DIR> Ventrilo
06-12-12 18:03 <DIR> Virtools
05-10-26 17:24 <DIR> WebCams
06-04-03 22:13 <DIR> WinAntiSpyware 2006 Scanner
06-12-12 18:02 <DIR> Windows Live Toolbar
05-03-24 03:00 <DIR> Windows Media Components
07-03-05 16:39 <DIR> Windows Media Player
05-12-18 12:22 <DIR> Windows NT
05-12-15 00:10 <DIR> WinMX
06-11-04 21:12 <DIR> WinZip
06-09-29 17:49 3,030,016 wrar351.exe
06-10-25 17:16 1,035,090 wrar361.exe
04-05-05 10:28 <DIR> xerox
06-04-17 01:16 <DIR> XoftSpy
06-12-12 18:02 <DIR> Yahoo!
05-07-22 11:44 <DIR> Zsysdrive
06-03-16 16:48 <DIR> _uninstallation_info
4 File(s) 17,265,458 bytes
98 Dir(s) 74,108,239,872 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\WINDOWS\Temp

07-04-02 19:59 <DIR> .
07-04-02 19:59 <DIR> ..
07-04-02 19:12 255 WGAErrLog.txt
1 File(s) 255 bytes
2 Dir(s) 74,108,239,872 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\Temp

07-03-31 16:44 <DIR> .
07-03-31 16:44 <DIR> ..
06-11-18 15:08 21,290,704 AdbeRdr708_en_US.exe
05-10-04 22:42 1,284 article.htm
07-04-01 12:10 21,793 debug.txt
05-05-17 12:17 5,228,544 diagcd20.iso
05-06-18 21:23 24,576 IadHide3.dll
06-11-18 14:54 7,050,552 psa30se_en_us.exe
07-03-31 16:59 452,715 WMALog.txt
06-11-18 14:52 762,512 ytb612_efgsip.exe
8 File(s) 34,832,680 bytes
2 Dir(s) 74,108,239,872 bytes free
Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\

Volume in drive C has no label.
Volume Serial Number is 900A-34A7

Directory of C:\Windows\tasks

#15 Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6217428-905B-452F-B14D-1D2FEA169D52}
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evihkyo

Files to delete:
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
C:\WINDOWS\Downloaded Program Files\ATPartners.inf
C:\WINDOWS\Downloaded Program Files\CandyBarBGM.inf
C:\WINDOWS\system32\f3PSSavr.scr
c:\windows\system32\ogleac.exe
C:\Windows\System32\drivers\uwasfsd.sys

Folders to delete:
C:\Program Files\Common Files\GMT
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.10
C:\WINDOWS\Downloaded Program Files\CONFLICT.11
C:\WINDOWS\Downloaded Program Files\CONFLICT.12
C:\WINDOWS\Downloaded Program Files\CONFLICT.13
C:\WINDOWS\Downloaded Program Files\CONFLICT.14
C:\WINDOWS\Downloaded Program Files\CONFLICT.15
C:\WINDOWS\Downloaded Program Files\CONFLICT.16
C:\WINDOWS\Downloaded Program Files\CONFLICT.17
C:\WINDOWS\Downloaded Program Files\CONFLICT.18
C:\WINDOWS\Downloaded Program Files\CONFLICT.19
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.20
C:\WINDOWS\Downloaded Program Files\CONFLICT.21
C:\WINDOWS\Downloaded Program Files\CONFLICT.22
C:\WINDOWS\Downloaded Program Files\CONFLICT.23
C:\WINDOWS\Downloaded Program Files\CONFLICT.24
C:\WINDOWS\Downloaded Program Files\CONFLICT.25
C:\WINDOWS\Downloaded Program Files\CONFLICT.26
C:\WINDOWS\Downloaded Program Files\CONFLICT.27
C:\WINDOWS\Downloaded Program Files\CONFLICT.28
C:\WINDOWS\Downloaded Program Files\CONFLICT.29
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.30
C:\WINDOWS\Downloaded Program Files\CONFLICT.31
C:\WINDOWS\Downloaded Program Files\CONFLICT.4
C:\WINDOWS\Downloaded Program Files\CONFLICT.5
C:\WINDOWS\Downloaded Program Files\CONFLICT.6
C:\WINDOWS\Downloaded Program Files\CONFLICT.7
C:\WINDOWS\Downloaded Program Files\CONFLICT.8
C:\WINDOWS\Downloaded Program Files\CONFLICT.9
C:\Program Files\Absolute Poker
C:\Program Files\FunWebProducts
C:\Program Files\Jnberdg
C:\Program Files\MyWebSearch
C:\Program Files\PacificPoker
C:\Program Files\PowerQuest
C:\Program Files\WinAntiSpyware 2006 Scanner
C:\Program Files\Common Files\WinAntiSpyware 2006 Free

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

-----------------
««
scanne, stelle nach dem scan alles auf remove und poste den scanreport
http://virus-protect.org/counterspy1.html
__________
MfG Sabina

rund um die PC-Sicherheit