CID Problem franz. System

23.06.2008, 10:36

dR.muH

...neu hier

Beiträge: 2

#1 Guten Morgen,
ich habe auch dieses CID problem an einem französischem Rechner.
Die CID Fenster öffnen sich nur, wenn der PC mit dem Internet verbunden ist.
Ich poste einfach mal das was ich hab...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:16, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\Axis Itch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Flag web] C:\DOCUME~1\benj\APPLIC~1\COALPO~1\dale 64 joy.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203957702000
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6886 bytes

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-06-20.4 - benj 2008-06-23 9:41:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1525 [GMT 2:00]
Endroit: C:\Documents and Settings\benj\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\benj\Application Data\macromedia\Flash Player\#SharedObjects\3MXYAU93\iforex.com
C:\Documents and Settings\benj\Application Data\macromedia\Flash Player\#SharedObjects\3MXYAU93\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\benj\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\benj\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\BM17e73716.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aeqtrcor.ini
C:\WINDOWS\system32\ahjuamaw.ini
C:\WINDOWS\system32\aJRqYJlm.ini
C:\WINDOWS\system32\aJRqYJlm.ini2
C:\WINDOWS\system32\apuyhfum.dll
C:\WINDOWS\system32\bbetqjbe.dll
C:\WINDOWS\system32\bnhchlhx.dll
C:\WINDOWS\system32\btwyfscj.ini
C:\WINDOWS\system32\cbjppnvu.dll
C:\WINDOWS\system32\cgycufjj.ini
C:\WINDOWS\system32\ckmqacra.dll
C:\WINDOWS\system32\cnmrsabb.ini
C:\WINDOWS\system32\dauiilfm.dll
C:\WINDOWS\system32\dbllcduj.dll
C:\WINDOWS\system32\djeiqgnb.ini
C:\WINDOWS\system32\dyeseljj.ini
C:\WINDOWS\system32\envhegwa.dll
C:\WINDOWS\system32\fkknoayq.dll
C:\WINDOWS\system32\fqrlaaac.ini
C:\WINDOWS\system32\gaiauaah.dll
C:\WINDOWS\system32\gnggqgef.dll
C:\WINDOWS\system32\hlaojhfb.ini
C:\WINDOWS\system32\hpksxqma.ini
C:\WINDOWS\system32\htlppyab.ini
C:\WINDOWS\system32\huuiyqpj.dll
C:\WINDOWS\system32\iaontkpv.dll
C:\WINDOWS\system32\idjqtirl.dll
C:\WINDOWS\system32\iejfwuvb.dll
C:\WINDOWS\system32\ipuxjuqt.dll
C:\WINDOWS\system32\iutkwoup.dll
C:\WINDOWS\system32\jbskgmor.dll
C:\WINDOWS\system32\jjxljpuj.ini
C:\WINDOWS\system32\jkpvjfek.ini
C:\WINDOWS\system32\jmjxgbem.dll
C:\WINDOWS\system32\juhspnob.dll
C:\WINDOWS\system32\kgidbgvs.dll
C:\WINDOWS\system32\kiwoidco.dll
C:\WINDOWS\system32\lhghjyoh.ini
C:\WINDOWS\system32\lkhsnqmg.dll
C:\WINDOWS\system32\lpreqgne.dll
C:\WINDOWS\system32\lritqjdi.ini
C:\WINDOWS\system32\lufqsiov.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\moeonmsy.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxwiaogv.dll
C:\WINDOWS\system32\nklvcoyb.dll
C:\WINDOWS\system32\npfwdqek.dll
C:\WINDOWS\system32\nsyasdjb.dll
C:\WINDOWS\system32\ocpdsxrd.dll
C:\WINDOWS\system32\omfhftaa.dll
C:\WINDOWS\system32\opnklkHx.dll
C:\WINDOWS\system32\oqptolhi.dll
C:\WINDOWS\system32\pcufouhh.dll
C:\WINDOWS\system32\pneekxwf.ini
C:\WINDOWS\system32\qdqutxml.ini
C:\WINDOWS\system32\qeakaqyq.ini
C:\WINDOWS\system32\qhissfhb.dll
C:\WINDOWS\system32\qmtocgbi.dll
C:\WINDOWS\system32\rdivrxhv.dll
C:\WINDOWS\system32\rkwytgix.dll
C:\WINDOWS\system32\rshkwngv.ini
C:\WINDOWS\system32\rwertwve.dll
C:\WINDOWS\system32\taaefhfj.dll
C:\WINDOWS\system32\tbenhxxk.dll
C:\WINDOWS\system32\tdhfxxut.dll
C:\WINDOWS\system32\tejiwagb.dll
C:\WINDOWS\system32\tfbvidxe.ini
C:\WINDOWS\system32\ticheydw.ini
C:\WINDOWS\system32\tjytqhjr.dll
C:\WINDOWS\system32\tpqaaoue.dll
C:\WINDOWS\system32\tumtgref.dll
C:\WINDOWS\system32\tuxxfhdt.ini
C:\WINDOWS\system32\uhwuseiw.ini
C:\WINDOWS\system32\ulfdseht.ini
C:\WINDOWS\system32\uyaroagb.ini
C:\WINDOWS\system32\vcuanqly.dll
C:\WINDOWS\system32\vgoaiwxm.ini
C:\WINDOWS\system32\vjoglcui.dll
C:\WINDOWS\system32\vmxooean.ini
C:\WINDOWS\system32\vodojkkl.dll
C:\WINDOWS\system32\vpktnoai.ini
C:\WINDOWS\system32\xajdkefo.dll
C:\WINDOWS\system32\xffskfmn.dll
C:\WINDOWS\system32\xkdhspno.dll
C:\WINDOWS\system32\xwjixfxp.dll
C:\WINDOWS\system32\yafcmjsb.dll
C:\WINDOWS\system32\ypansdfi.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))))
.

2008-06-23 09:46 . 2008-06-23 09:46 268 --ah----- C:\sqmdata01.sqm
2008-06-23 09:46 . 2008-06-23 09:46 244 --ah----- C:\sqmnoopt01.sqm
2008-06-23 09:33 . 2008-06-23 09:33 <REP> d-------- C:\Program Files\CCleaner
2008-06-20 10:23 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-20 10:23 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-20 10:23 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-20 10:23 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-13 15:40 . 2008-06-14 15:39 4,094 ---hs---- C:\WINDOWS\system32\tjwofysc.ini
2008-05-28 12:28 . 2008-05-28 12:28 <REP> d-------- C:\Program Files\COALPOLLDELETE
2008-05-25 03:00 . 2008-05-25 03:00 375,296 --a------ C:\WINDOWS\system32\mlJYqRJa.dll
2008-05-25 02:55 . 2008-05-25 02:55 <REP> d--hs---- C:\Documents and Settings\benj\!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-19 23:00 --------- d-----w C:\Documents and Settings\benj\Application Data\LimeWire
2008-05-28 10:30 --------- d-----w C:\Documents and Settings\benj\Application Data\COALPOLLDELETE
2008-05-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf
2008-04-29 10:24 --------- d-----w C:\Program Files\Google
2008-04-25 17:27 --------- d-----w C:\Documents and Settings\benj\Application Data\Ahead
2008-04-25 13:39 --------- d-----w C:\Program Files\CFWebAdvancedU
2008-04-25 13:39 --------- d-----w C:\Documents and Settings\benj\Application Data\CamfrogWEB
2008-02-26 07:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008022620080227\index.dat
2008-02-27 13:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008022720080228\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10D3CC35-A70D-490B-B07A-9F5FB1D333C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c671151-3c4e-470c-968c-a4bd2c515506}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA938E2-3D09-4B97-8B64-620351EDF762}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F5DCE06-374D-4787-84E9-27BCA4C67700}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3dbb2d9c-cf2f-4646-b2cd-26360ba48321}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA6ED1A-D147-47C1-9364-EF4E7DE1E08B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CB97CEB-484A-406D-A539-0E9478D8E41F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1235FD-7776-4DB9-936F-B0B98E041F02}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FA71426-E6FF-4D2E-822D-147186501466}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F09E0A-94C6-433A-8CA8-7246E0D683F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DE89538-0427-4D6F-BE28-295CA07ABA79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{719b07ef-171c-4b7c-988e-4c32201c7d71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AA7951D-E558-41F0-AB93-E65F96C99842}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F4594A5-7031-4366-8526-1502E383F038}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86F53D8A-47DE-4485-ACAC-950C47A8972D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F330F82-60C6-4D76-8FA6-D03D9656CB46}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD39C98-9FDD-41C5-98F4-CAA2329BFE63}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96EB35FB-9D21-4D1C-A407-2E1BF3ACF7A7}]
2008-05-25 03:00 375296 --a------ C:\WINDOWS\system32\mlJYqRJa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7E9BD7B-9B05-419D-9C78-9372B824A7C5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FFC72B-9DC0-49C4-BBD7-955061258297}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB30AA84-5B73-4681-8977-A9A23D9EE6F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABC9119F-8BBE-4A14-8F13-283EF9BCAE8A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF1E1233-E174-4494-885F-4C8CF4402F86}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6F2D7A-6A83-4FB6-A929-2FEF13D8CF17}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2ED0CF2-D461-4717-8E16-0A8919B38497}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA63505-7C31-4BB2-A16F-091AF14D2B53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F429B280-706D-42A0-BD13-4406AC850B7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6e2b92-c010-4495-9d2b-69c5e04e0ff5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Flag web"="C:\DOCUME~1\benj\APPLIC~1\COALPO~1\dale 64 joy.exe" [2008-05-28 12:28 426496]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-29 00:08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 05:57 16855552 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-28 19:06 949376]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-29 00:10 185632]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 11:20 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 11:39 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 22:00 864256]
"bait deaf idle setup"="C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\Axis Itch.exe" [2008-06-23 09:49 3569664]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe]
"BM17e73716"="C:\WINDOWS\system32\tejiwagb.dll" [ ]
"14d4048a"="C:\WINDOWS\system32\mxwiaogv.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklkHx]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mlJYqRJa

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

S3 FXDrv32;FXDrv32;D:\FXDrv32.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-21 16:00:00 C:\WINDOWS\Tasks\AF2E149E91858942.job"
- c:\docume~1\benj\applic~1\coalpo~1\For Seek Program.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 09:48:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mlJYqRJa.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-23 9:51:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 07:51:20

Pre-Run: 145,823,752,192 octets libres
Post-Run: 146,326,241,280 octets libres

248 --- E O F --- 2008-05-16 01:32:39

Ich hoffe ihr könnt mir helfen, will den Rechner nicht unbedingt formatieren.

Gruß
dR.muH

23.06.2008, 11:31

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Hallo, dR.muH

1.
wende cleaner an und lösche alle temporären Dateien
http://www.ccleaner.de/?protecus.de

2.
scanne mit Malwarebytes, lasse alles entfernen, was gefunden wird
http://virus-protect.org/artikel/tools/malwarebytes.html

3.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10D3CC35-A70D-490B-B07A-9F5FB1D333C6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c671151-3c4e-470c-968c-a4bd2c515506}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA938E2-3D09-4B97-8B64-620351EDF762}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F5DCE06-374D-4787-84E9-27BCA4C67700}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3dbb2d9c-cf2f-4646-b2cd-26360ba48321}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA6ED1A-D147-47C1-9364-EF4E7DE1E08B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CB97CEB-484A-406D-A539-0E9478D8E41F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1235FD-7776-4DB9-936F-B0B98E041F02}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FA71426-E6FF-4D2E-822D-147186501466}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F09E0A-94C6-433A-8CA8-7246E0D683F1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DE89538-0427-4D6F-BE28-295CA07ABA79}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{719b07ef-171c-4b7c-988e-4c32201c7d71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AA7951D-E558-41F0-AB93-E65F96C99842}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F4594A5-7031-4366-8526-1502E383F038}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86F53D8A-47DE-4485-ACAC-950C47A8972D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F330F82-60C6-4D76-8FA6-D03D9656CB46}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD39C98-9FDD-41C5-98F4-CAA2329BFE63}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96EB35FB-9D21-4D1C-A407-2E1BF3ACF7A7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7E9BD7B-9B05-419D-9C78-9372B824A7C5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FFC72B-9DC0-49C4-BBD7-955061258297}
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB30AA84-5B73-4681-8977-A9A23D9EE6F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABC9119F-8BBE-4A14-8F13-283EF9BCAE8A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF1E1233-E174-4494-885F-4C8CF4402F86}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6F2D7A-6A83-4FB6-A929-2FEF13D8CF17}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2ED0CF2-D461-4717-8E16-0A8919B38497}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA63505-7C31-4BB2-A16F-091AF14D2B53}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F429B280-706D-42A0-BD13-4406AC850B7C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6e2b92-c010-4495-9d2b-69c5e04e0ff5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklkHx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bait deaf idle setup"=-
"BM17e73716"=-
"14d4048a"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flag web"=-

File::
C:\WINDOWS\Tasks\AF2E149E91858942.job
C:\WINDOWS\system32\tjwofysc.ini
C:\WINDOWS\system32\mlJYqRJa.dll

Folder::
C:\Documents and Settings\benj\Application Data\COALPOLLDELETE
C:\Documents and Settings\benj\!
C:\Program Files\COALPOLLDELETE
C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

danach: Combofix noch einmal anwenden

-----------------

4.
wende punkt 2- 4 an (Punkt 1 : LOP-uninstall
ist nicht mehr notwendig)
http://virus-protect.org/artikel/tools/cid-uninstaller.html

5.
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

dann sollte wieder alles o.k. sein

__________
MfG Sabina

rund um die PC-Sicherheit

23.06.2008, 11:59

dR.muH

...neu hier

Themenstarter

Beiträge: 2

#3 also gut,
vielen Dank ich probiers nochmal in richtig :-)

23.06.2008, 12:22

Sabina

Ehrenmitglied

Beiträge: 29434

#4 wenn du nicht zurechtkommst, melde dich...
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1