Probleme mit Trojaner/ Malware

#1 Hallo zusammen,

bekomme bei nem Freund trotz Kapersky die Probleme nicht in den Griff.
hab alle Punkte soweit abgearbeitet.

1. Temporäre Dateien beseitigen wurde erledigt.

2. Combofix Report:

ComboFix 08-06-10.5 - DENIS 2008-06-11 20:39:23.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.664 [GMT 2:00]
Endroit: C:\Documents and Settings\DENIS\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE\vbase.tmp
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603145708140.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603192112734.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603195350546.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603195842500.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603201133234.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080604120239875.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080604184259250.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Documents and Settings\DENIS\err.log
C:\Documents and Settings\DENIS\Favoris\Online Security Test.url
C:\Program Files\NetProject
C:\Program Files\NetProject\myd.ico
C:\Program Files\NetProject\mym.ico
C:\Program Files\NetProject\myp.ico
C:\Program Files\NetProject\myv.ico
C:\WINDOWS\system32\824223
C:\WINDOWS\system32\824223\824223.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rtmipr.dll
C:\WINDOWS\system32\YccIPXyb.ini
C:\WINDOWS\system32\YccIPXyb.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

2008-06-11 20:24 . 2008-06-11 20:24 <REP> d----c--- C:\Program Files\CCleaner
2008-06-11 19:54 . 2008-06-11 19:54 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-06-11 19:54 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-06-11 19:54 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-06-11 19:49 . 2008-06-11 19:49 <REP> d----c--- C:\Program Files\SAGEM
2008-06-11 19:48 . 2008-06-11 19:48 <REP> d----c--- C:\Program Files\Securitoo
2008-06-07 19:11 . 2007-09-26 19:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-06-07 18:09 . 2008-06-11 20:02 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 18:09 . 2008-06-11 20:02 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 18:08 . 2008-06-07 18:08 <REP> d----c--- C:\Program Files\Kaspersky Lab
2008-06-07 18:08 . 2008-06-11 20:44 3,372,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 18:08 . 2008-06-11 20:42 46,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-07 18:08 . 2008-06-11 20:44 24,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 18:08 . 2008-06-11 20:42 3,260 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-03 14:57 . 2008-06-03 14:57 <REP> d----c--- C:\Program Files\ColorUtility
2008-05-20 12:58 . 2008-05-20 12:58 <REP> d----c--- C:\Documents and Settings\DENIS\Application Data\Icone

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 18:44 --------- dc----w C:\Program Files\Wanadoo
2008-06-11 18:42 27,852 -c--a-w C:\Documents and Settings\DENIS\Application Data\wklnhst.dat
2008-06-11 18:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-11 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 18:15 --------- dc----w C:\Program Files\Micro Application
2008-05-26 06:50 --------- d-----w C:\Program Files\Microsoft Works
2008-05-23 15:16 93,584 -c--a-w C:\Documents and Settings\DENIS\Application Data\GDIPFONTCACHEV1.DAT
2008-05-09 10:45 --------- dc----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-08 13:48 --------- dc----w C:\Program Files\MSN Messenger
2008-05-08 13:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-08 13:47 --------- dc----w C:\Program Files\Windows Live
2008-05-08 13:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-21 08:15 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
C:\Program Files\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB898C11-6F74-4986-A2EF-1053657C6A1D}]
C:\WINDOWS\system32\hgGyyxyA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE008EE8-9ADB-4B7B-9B69-26845387B39A}]
C:\WINDOWS\system32\byXPIccY.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-04 13:40 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"C:\WINDOWS\system32\V0250Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 14:00 12288]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-07 19:00 32768]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AB898C11-6F74-4986-A2EF-1053657C6A1D}"= C:\WINDOWS\system32\hgGyyxyA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyyxyA]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ne m'oublie pas !.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ne m'oublie pas !.lnk
backup=C:\WINDOWS\pss\Ne m'oublie pas !.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-02-04 13:40 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-09-28 19:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a--c--- 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"fsbwsys"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"BackWeb Plug-in - 6588780"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 05:25]
S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 10:24]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 20:44:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 20:47:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 18:47:41

Pre-Run: 147,546,411,008 octets libres
Post-Run: 147,507,773,440 octets libres

191 --- E O F --- 2008-06-07 16:59:46


3. Hijackthis - Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:49, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\V0250Mon.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\DENIS\Bureau\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: (no name) - {AB898C11-6F74-4986-A2EF-1053657C6A1D} - C:\WINDOWS\system32\hgGyyxyA.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DE008EE8-9ADB-4B7B-9B69-26845387B39A} - C:\WINDOWS\system32\byXPIccY.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ne m'oublie pas !.lnk = C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D67789C-A9DF-4483-90F3-5334940C207B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D67789C-A9DF-4483-90F3-5334940C207B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D67789C-A9DF-4483-90F3-5334940C207B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: hgGyyxyA - C:\WINDOWS\
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5682 bytes

4. Logfile Datfind


R‚pertoire de C:\WINDOWS\system32

11/06/2008 20:03 0 clkcnt.txt
11/06/2008 19:37 2ÿ422 wpa.dbl
07/06/2008 18:08 3ÿ072 CONFIG.NT
04/06/2008 19:06 367ÿ658 perfh00C.dat
04/06/2008 19:06 48ÿ616 perfc00C.dat
04/06/2008 19:06 311ÿ604 perfh009.dat
04/06/2008 19:06 39ÿ992 perfc009.dat
09/05/2008 23:35 16ÿ863ÿ864 MRT.exe
09/04/2008 17:48 302ÿ032 FNTCACHE.DAT
30/03/2008 13:14 951ÿ946 PerfStringBackup.INI
25/03/2008 06:51 621ÿ344 mswstr10.dll
25/03/2008 06:51 194ÿ144 msjint40.dll
25/03/2008 06:50 355ÿ104 msxbde40.dll
25/03/2008 06:50 838ÿ432 mswdat10.dll
25/03/2008 06:50 264ÿ992 mstext40.dll
25/03/2008 06:50 559ÿ904 msrepl40.dll
25/03/2008 06:50 322ÿ336 msrd3x40.dll
25/03/2008 06:50 432ÿ928 msrd2x40.dll
25/03/2008 06:50 355ÿ104 mspbde40.dll
25/03/2008 06:50 219ÿ936 msltus40.dll
25/03/2008 06:50 60ÿ192 msjter40.dll
25/03/2008 06:50 248ÿ608 msjtes40.dll
25/03/2008 06:50 355ÿ112 msjetoledb40.dll
25/03/2008 06:50 1ÿ516ÿ568 msjet40.dll
25/03/2008 06:50 326ÿ432 msexcl40.dll
25/03/2008 06:50 518ÿ944 msexch40.dll
20/03/2008 10:09 1ÿ845ÿ376 win32k.sys
26/02/2008 14:00 294ÿ912 msctf.dll
22/02/2008 12:00 13ÿ824 ieudinit.exe
20/02/2008 08:51 282ÿ624 gdi32.dll
20/02/2008 07:35 45ÿ568 dnsrslvr.dll
20/02/2008 07:35 148ÿ992 dnsapi.dll

5. Problembeschreibung

Kapersky bringt ständig Meldung über Trojaner unterschiedlicher Art, trotz Reperatur - Aufforderung bzw. Quarantäne-Stellung wirds nicht weniger.
Pfadverweis ist eigentlich immer System32.
Kapersky wurde auch erst vor kurzem installiert, davor war Avast installiert..... (Nicht auf meinem Mist gewachsen)

Zusätzlich geht keine Internetverbindung mehr, oder wenn dann nur ganz kurz. An der Verbindung selbst kanns eigentlich nicht liegen da an der Live-Box (französiches Pendant zur T-Net Box) 3 Abnehmer hängen, und bei denen anderen klappt die Internetverbindung ohne Probleme.


Wäre schön wenn uns jemand helfen könnte :-)


Gruß

Zizou

#2 1. Lade folgende Datein bei www.virustotal.com/de hoch und poste das Ergebnis:

C:\WINDOWS\system32\RegSvr32.exe
C:\WINDOWS\system32\V0250Cvw.dll

2.
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

NetProject

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

Das gleiche mit

WinSpywareProtect


3.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: (no name) - {AB898C11-6F74-4986-A2EF-1053657C6A1D} - C:\WINDOWS\system32\hgGyyxyA.dll (file missing)
O2 - BHO: (no name) - {DE008EE8-9ADB-4B7B-9B69-26845387B39A} - C:\WINDOWS\system32\byXPIccY.dll (file missing)

4.
PC neustarten

5.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Dokumente und Einstellungen\Mert\Eigene Dateien" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Desktop" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Desktop" >>files.txt
dir "C:\Dokumente und Einstellungen\Mert\Startmenü\Programme" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Windows\tasks" >>files.txt
notepad files.txt

6.
scanne mit malwarebytes, lasse alles entfernen, was gefunden wird
http://virus-protect.org/artikel/tools/malwarebytes.html

7.
Erstelle ein neues Log von Combofix

Gruss Swiss

#3 1. Hab die Dateien bei Virustotal hochgeladen, in der Ergebnissspalte ergab sich jedoch kein Eintrag.

2. Text Netproject:


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "NetProject" 13/06/2008 20:07:21

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99BA268B-4021-4739-9945-3C774217FE75}\InprocServer32]
@="C:\\Program Files\\NetProject\\sbmdl.dll"


WinSpywareProtect brachte kein Ergebnis.


3. + 4. erledigt


5. Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCC6-B057

R‚pertoire de C:\WINDOWS\Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCC6-B057

R‚pertoire de C:\Program Files

11/06/2008 21:34 <REP> .
11/06/2008 21:34 <REP> ..
18/02/2008 20:12 <REP> Adobe
28/05/2006 18:26 <REP> Ahead
24/02/2008 18:47 <REP> Alwil Software
02/10/2007 18:41 <REP> AntivirusFirewall
03/06/2008 14:57 <REP> ColorUtility
02/02/2006 12:39 <REP> ComPlus Applications
02/02/2006 15:15 <REP> CyberLink
23/02/2006 16:26 <REP> Disney Interactive
04/02/2006 13:40 <REP> DivX
23/02/2006 16:12 <REP> DVD Shrink
18/03/2008 19:21 <REP> eMule
02/02/2006 15:48 <REP> Encarta
04/06/2008 19:07 <REP> Fichiers communs
04/03/2008 19:59 <REP> Google
04/02/2006 12:28 <REP> Hewlett-Packard
04/02/2006 12:29 <REP> HP
07/06/2008 19:16 <REP> Internet Explorer
07/06/2008 18:08 <REP> Kaspersky Lab
05/10/2007 16:05 <REP> Messenger
21/04/2008 10:15 <REP> Messenger Plus! Live
03/06/2008 20:15 <REP> Micro Application
02/02/2006 15:53 <REP> Microsoft AutoRoute
09/05/2008 12:45 <REP> Microsoft CAPICOM 2.1.0.2
21/02/2007 14:08 <REP> Microsoft Digital Image 2006
10/02/2006 12:11 <REP> microsoft frontpage
31/01/2008 17:59 <REP> Microsoft LifeCam
10/02/2006 12:11 <REP> Microsoft Office
13/09/2006 20:30 <REP> Microsoft R‚f‚rence
10/02/2006 12:13 <REP> Microsoft Visual Studio
26/05/2008 08:50 <REP> Microsoft Works
02/02/2006 15:27 <REP> Microsoft Works Suite 2006
02/02/2006 12:40 <REP> Movie Maker
02/02/2006 12:38 <REP> MSN
02/02/2006 12:38 <REP> MSN Gaming Zone
08/05/2008 15:48 <REP> MSN Messenger
05/10/2007 16:01 <REP> MSXML 4.0
02/02/2006 12:40 <REP> NetMeeting
04/02/2006 14:56 <REP> OLYMPUS
02/02/2006 12:38 <REP> Online Services
05/10/2007 16:05 <REP> Outlook Express
04/02/2006 13:41 <REP> QuickTime
11/06/2008 21:31 <REP> SAGEM
13/06/2008 19:28 <REP> Samsung
11/06/2008 19:48 <REP> Securitoo
02/02/2006 12:40 <REP> Services en ligne
28/09/2007 22:16 <REP> VideoLAN
13/06/2008 20:22 <REP> Wanadoo
08/05/2008 15:47 <REP> Windows Live
20/10/2007 16:15 <REP> Windows Media Connect 2
20/10/2007 16:15 <REP> Windows Media Player
02/02/2006 12:38 <REP> Windows NT
02/02/2006 12:42 <REP> xerox
04/06/2006 13:18 <REP> XviD
0 fichier(s) 0 octets
55 R‚p(s) 147ÿ265ÿ568ÿ768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCC6-B057

R‚pertoire de C:\WINDOWS\Temp

13/06/2008 20:22 <REP> .
13/06/2008 20:22 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 147ÿ265ÿ568ÿ768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCC6-B057

R‚pertoire de C:\

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCC6-B057

R‚pertoire de C:\

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est DCC6-B057

R‚pertoire de C:\Windows\tasks

6. Ergab 21 infizierte Objekte, alles gelöscht.

7. Log neu Kombofix:

ComboFix 08-06-10.5 - DENIS 2008-06-14 15:41:24.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 2:00]
Endroit: J:\Other files\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
.

2008-06-14 03:00 . 2008-06-14 03:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-13 23:44 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 23:44 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 20:30 . 2008-06-13 20:30 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 20:30 . 2008-06-13 20:30 <REP> d----c--- C:\Documents and Settings\DENIS\Application Data\Malwarebytes
2008-06-13 20:30 . 2008-06-13 20:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-13 20:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-13 20:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 19:31 . 2008-06-13 19:31 <REP> d----c--- C:\Documents and Settings\DENIS\Application Data\SAMSUNG
2008-06-13 19:30 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-13 19:29 . 2008-06-13 19:29 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-13 19:29 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-06-13 19:29 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-06-13 19:29 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-06-13 19:29 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-06-13 19:29 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-06-13 19:29 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-06-13 19:29 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-06-13 19:29 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-13 19:29 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-11 21:36 . 2008-06-11 21:36 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-06-11 21:36 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-06-11 21:36 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-06-11 21:31 . 2008-06-11 21:31 <REP> d----c--- C:\Program Files\SAGEM
2008-06-11 19:48 . 2008-06-11 19:48 <REP> d----c--- C:\Program Files\Securitoo
2008-06-07 19:11 . 2007-09-26 19:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-06-07 18:09 . 2008-06-11 20:02 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 18:09 . 2008-06-11 20:02 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 18:08 . 2008-06-07 18:08 <REP> d----c--- C:\Program Files\Kaspersky Lab
2008-06-07 18:08 . 2008-06-14 15:44 3,618,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 18:08 . 2008-06-14 03:07 49,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-07 18:08 . 2008-06-14 15:44 48,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 18:08 . 2008-06-14 03:07 5,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-20 12:58 . 2008-05-20 12:58 <REP> d----c--- C:\Documents and Settings\DENIS\Application Data\Icone

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 13:28 28,066 -c--a-w C:\Documents and Settings\DENIS\Application Data\wklnhst.dat
2008-06-14 01:08 --------- dc----w C:\Program Files\Wanadoo
2008-06-14 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-13 18:05 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-13 17:28 --------- dc----w C:\Program Files\Samsung
2008-06-13 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 18:15 --------- dc----w C:\Program Files\Micro Application
2008-05-26 06:50 --------- d-----w C:\Program Files\Microsoft Works
2008-05-23 15:16 93,584 -c--a-w C:\Documents and Settings\DENIS\Application Data\GDIPFONTCACHEV1.DAT
2008-05-09 10:45 --------- dc----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-08 13:48 --------- dc----w C:\Program Files\MSN Messenger
2008-05-08 13:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-08 13:47 --------- dc----w C:\Program Files\Windows Live
2008-05-08 13:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 08:15 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_20.47.19.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru040c.dll
+ 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-21 06:43:36 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:43:36 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:30:24 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:30:24 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-11 18:43:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 01:08:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2007-08-22 13:13:05 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 13:13:05 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-06-11 17:56:58 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-13 16:41:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-11 17:56:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-13 16:41:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-06-11 17:56:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-13 16:41:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-22 13:13:05 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-08-22 13:13:05 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-08-22 13:13:05 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:27 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-08-22 13:13:05 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-08-22 13:13:05 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:13:05 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 13:13:05 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-22 13:13:05 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:29 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-22 13:13:06 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:29 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:31:21 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 13:13:06 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-22 13:13:07 3,079,168 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 13:13:07 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-22 13:13:07 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-22 13:13:07 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:35 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-22 13:13:07 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-08-22 13:13:08 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-08-22 13:13:08 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-08-22 13:13:08 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-05 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-08-22 13:13:08 663,040 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-06-27 15:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-06-13 18:05:38 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-08-22 13:13:05 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:13:05 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 13:13:05 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-22 13:13:05 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-22 13:13:06 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:13:06 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-22 13:13:07 3,079,168 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:13:07 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 13:13:07 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 13:13:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-06-04 17:06:10 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-13 17:32:15 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-04 17:06:10 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-13 17:32:15 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-04 17:06:10 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-13 17:32:15 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-04 17:06:10 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-13 17:32:15 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-08-22 13:13:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-05-02 09:11:16 83,592 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys
+ 2007-05-02 09:11:16 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
+ 2007-05-02 09:11:18 15,112 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
+ 2007-05-02 09:11:18 109,704 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
+ 2007-05-02 09:11:18 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
+ 2007-05-02 09:11:12 72,968 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2007-05-02 09:12:34 83,592 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
+ 2007-05-02 09:12:34 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
+ 2007-05-02 09:12:36 15,112 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
+ 2007-05-02 09:12:36 109,704 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
+ 2007-05-02 09:12:36 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
+ 2007-05-02 09:12:28 72,968 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2007-07-03 14:54:24 80,552 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys
+ 2007-07-03 14:56:00 9,256 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
+ 2007-07-03 14:57:24 11,944 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
+ 2007-07-03 14:58:20 106,792 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
+ 2007-07-03 14:59:10 86,824 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys
+ 2007-07-03 15:00:16 9,256 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
+ 2007-07-03 14:53:24 70,824 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2007-07-05 10:37:34 83,456 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys
+ 2007-07-05 10:37:34 12,160 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
+ 2007-07-05 10:37:34 14,848 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
+ 2007-07-05 10:37:34 109,696 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
+ 2007-07-05 10:37:34 103,808 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
+ 2007-07-05 10:37:36 99,712 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys
+ 2007-07-05 10:37:36 12,160 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
+ 2007-07-19 07:44:10 70,904 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
- 2007-08-22 13:13:08 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 13:13:08 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-22 13:13:08 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-05 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-04 13:40 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"C:\WINDOWS\system32\V0250Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 14:00 12288]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-07 19:00 32768]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ne m'oublie pas !.lnk - C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE [2006-03-18 18:11:16 99952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyyxyA]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ne m'oublie pas !.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ne m'oublie pas !.lnk
backup=C:\WINDOWS\pss\Ne m'oublie pas !.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-02-04 13:40 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-09-28 19:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a--c--- 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"fsbwsys"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"BackWeb Plug-in - 6588780"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 05:25]
S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 10:24]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 15:44:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-14 15:45:32
ComboFix-quarantined-files.txt 2008-06-14 13:45:30
ComboFix2.txt 2008-06-11 18:47:49

Pre-Run: 147,114,786,816 octets libres
Post-Run: 147,100,340,224 octets libres

357 --- E O F --- 2008-06-14 01:01:59



Gruss Zizou

#4 Hallo

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99BA268B-4021-4739-9945-3C774217FE75}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyyxyA]

Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry beifügen.

PC neustarten

««
dann poste ein neues Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hallo ,

hab aus Versehen in der Mail auf Thema abbestellen gedrückt...
War natürlich ein Irrtum

#6 dann gehe direkt zur Hauptseite von Protecus und von dort in deinen Thread, um zu sehe, ob es neuigkeiten gibt

poste dann das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Hallo, alles soweit erledigt. Anbei das neue Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:19, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\V0250Mon.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\DENIS\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ne m'oublie pas !.lnk = C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D67789C-A9DF-4483-90F3-5334940C207B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D67789C-A9DF-4483-90F3-5334940C207B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D67789C-A9DF-4483-90F3-5334940C207B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5338 bytes


Gruss

Zizou

#8 Hallo,

«
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

«
scanne auch diesen Rechner mit Malwarebytes (geladen hast du es ja schon ) + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo,

Combofix hab ich entfernt, Report von Malewarebytes brachte keine Beanstandungen; der lieben Ordnung wegen poste ich ihn trotzdem:

Malwarebytes' Anti-Malware 1.19
Datenbank Version: 914
Windows 5.1.2600 Service Pack 2

18:46:29 02/07/2008
mbam-log-7-2-2008 (18-46-29).txt

Scan Art: Komplett Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objekte gescannt: 93081
Scan Dauer: 23 minute(s), 16 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)


PC lauft auch wieder einwandfrei, denke sollte dann ok sein oder?

Gruss

Zizou