[Coolyxxx]

Hoi,
Nou, mijn moeder iets gedownload en de firewall kwam met enkele bericht. Of andere manier heb geïnstalleerd voordat ze vertelde me. Dus, scans uitvoeren, kan het enige tijd duren omdat het een trage computer. Ik weet niet wat het is al genoemd, het is allemaal rare symbolen en onleesbaar. Heb je een HijackThis log al ten minste een ding niet lang duren ...

Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen in 8:53:31 uur, op 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ SYSTEM32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Program Files \ DAP \ DAP.EXE
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Avast4 \ ashSimpl.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe
C: \ Program Files \ Avast4 \ setup \ avast.setup

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer die door Administrator Kevin
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
R3 - URLSearchHook: (geen naam) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (geen file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin voor Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (geen naam) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (geen file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / silent
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: AEO ¶ ¯ ÉËÙÍÁ ¶ ¹. Lnk =?
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra button: (geen naam) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (geen naam) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Onbekende eigenaar - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
End of file - 7692 bytes
_______________________________________________
Iedere hulp is welkom.
BTW. Ik kan het niet vinden van een pictogram dat lijkt op 'verwijderen' naar me, dus verwijderen is geen optie ...

[Coolyxxx]

Goed. Ik heb de scans uit te voeren overnachting, maar SuperAntiSpyware bijgehouden op problemen en gesloten ... Ik heb MalwareBytes log hier:

Malwarebytes' Anti-Malware 1.30
Database versie: 1343
Windows 5.1.2600 Service Pack 3

1/11/2008 9:19:03 AM
mbam-log-2008-11-01 (09-19-03). txt

Scan type: Volledige Scan (C: \ | D: \ | E: \ |)
Objecten gescand: 190626
De verstreken tijd: 3 uur ( 's), 56 minuut (s), 28 seconde (n)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Geïnfecteerde bestanden: 2

Memory Processes Infected:
(Geen kwaadaardige items gedetecteerd)

Memory Modules Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Keys Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Values Infected:
(Geen kwaadaardige items gedetecteerd)

Registry Data Items Infected:
(Geen kwaadaardige items gedetecteerd)

Folders Infected:
(Geen kwaadaardige items gedetecteerd)

Geïnfecteerde bestanden:
C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> quarantaine en verwijderd.
C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> quarantaine en verwijderd.

[Glasgow]

Hoi

Doorgaan met de scans u gebruikt, volg dan deze instructies.

Downloaden ComboFix uit een van deze locaties:

Link 1
Link 2
Link 3

* BELANGRIJK! ComboFix.exe opslaan op uw bureaublad

• Schakel uw antivirus-en antispywareprogramma aanvragen, meestal via een klik met de rechtermuisknop op het pictogram in het systeemvak. Zij kunnen anders bemoeien met onze tools
• Dubbelklik op ComboFix.exe & volg de instructies.
• Als onderdeel van het proces, ComboFix zal controleren om te zien of de Microsoft Windows Recovery Console wordt geïnstalleerd. Met malware-infecties worden zoals ze nu zijn, is het sterk aanbevolen om deze pre-installeren op uw machine alvorens eventuele malware verwijderen. Het zal u opstarten in een speciale herstel / reparatie modus die zal ons in staat stellen om gemakkelijker te helpen moet u uw computer een probleem na een poging tot het verwijderen van malware.
• Volg de instructies om ComboFix te downloaden en installeren van de Microsoft Windows Recovery Console, en wanneer wordt gevraagd akkoord te gaan met de End-User License Agreement voor het installeren van de Microsoft Windows Recovery Console.

** Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, ComboFix zal blijven is het malware verwijderingsprocedures.

Zodra het Microsoft Windows Recovery Console wordt geïnstalleerd met behulp van ComboFix, moet u het volgende bericht:




Klik op Ja, Om door te gaan scannen voor malware.

Wanneer u klaar bent, ComboFix produceren een log voor je. Geef ook de C: \ ComboFix.txt in je volgende antwoord, alog met de andere stammen.

[Coolyxxx]

For some reason, ComboFix gesloten SuperAntiSpyware terwijl zij scannen, dus is het nu opnieuw. En avast! start niet op standaard meer ... Ik open het programma, maar het is nog niet in het systeemvak ding ... En het programma dat mijn moeder gedownload is ingesteld om op te draaien opstarten ... Log hier in ieder geval:

ComboFix 08-10-30.13 - Vip 2008-11-01 9:36:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [GMT 11:00]
Running from: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
* Gemaakt van een nieuw herstelpunt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Warcraft III \ _desktop.ini
C: \ WINDOWS \ system32 \ _005058_.tmp.dll
C: \ WINDOWS \ system32 \ _005059_.tmp.dll
C: \ WINDOWS \ system32 \ _005060_.tmp.dll
C: \ WINDOWS \ system32 \ _005061_.tmp.dll
C: \ WINDOWS \ system32 \ _005068_.tmp.dll
C: \ WINDOWS \ system32 \ _005070_.tmp.dll
C: \ WINDOWS \ system32 \ _005071_.tmp.dll
C: \ WINDOWS \ system32 \ _005072_.tmp.dll
C: \ WINDOWS \ system32 \ _005073_.tmp.dll
C: \ WINDOWS \ system32 \ _005074_.tmp.dll
C: \ WINDOWS \ system32 \ _005075_.tmp.dll
C: \ WINDOWS \ system32 \ _005076_.tmp.dll
C: \ WINDOWS \ system32 \ _005077_.tmp.dll
C: \ WINDOWS \ system32 \ _005078_.tmp.dll
C: \ WINDOWS \ system32 \ _005079_.tmp.dll
C: \ WINDOWS \ system32 \ _005080_.tmp.dll
C: \ WINDOWS \ system32 \ _005081_.tmp.dll
C: \ WINDOWS \ system32 \ _005082_.tmp.dll
C: \ WINDOWS \ system32 \ _005084_.tmp.dll
C: \ WINDOWS \ system32 \ _005087_.tmp.dll
C: \ WINDOWS \ system32 \ _005088_.tmp.dll
C: \ WINDOWS \ system32 \ _005092_.tmp.dll
C: \ WINDOWS \ system32 \ _005093_.tmp.dll
C: \ WINDOWS \ system32 \ _005094_.tmp.dll
C: \ WINDOWS \ system32 \ _005095_.tmp.dll
C: \ WINDOWS \ system32 \ _005096_.tmp.dll
C: \ WINDOWS \ system32 \ _005097_.tmp.dll
C: \ WINDOWS \ system32 \ _005098_.tmp.dll
C: \ WINDOWS \ system32 \ _005099_.tmp.dll
C: \ WINDOWS \ system32 \ _005100_.tmp.dll
C: \ WINDOWS \ system32 \ _005102_.tmp.dll
C: \ WINDOWS \ system32 \ _005103_.tmp.dll
C: \ WINDOWS \ system32 \ _005104_.tmp.dll
C: \ WINDOWS \ system32 \ _005106_.tmp.dll
C: \ WINDOWS \ system32 \ _005107_.tmp.dll
C: \ WINDOWS \ system32 \ _005108_.tmp.dll
C: \ WINDOWS \ system32 \ _005109_.tmp.dll
C: \ WINDOWS \ system32 \ _005110_.tmp.dll
C: \ WINDOWS \ system32 \ _005111_.tmp.dll
C: \ WINDOWS \ system32 \ _005112_.tmp.dll
C: \ WINDOWS \ system32 \ _005115_.tmp.dll
C: \ WINDOWS \ system32 \ _005116_.tmp.dll
C: \ WINDOWS \ system32 \ _005117_.tmp.dll
C: \ WINDOWS \ system32 \ _005118_.tmp.dll
C: \ WINDOWS \ system32 \ _005119_.tmp.dll
C: \ WINDOWS \ system32 \ _005121_.tmp.dll
C: \ WINDOWS \ system32 \ _005122_.tmp.dll
C: \ WINDOWS \ system32 \ _005123_.tmp.dll
C: \ WINDOWS \ system32 \ _005125_.tmp.dll
C: \ WINDOWS \ system32 \ _005128_.tmp.dll
C: \ WINDOWS \ system32 \ _005129_.tmp.dll
C: \ WINDOWS \ system32 \ _005133_.tmp.dll
C: \ WINDOWS \ system32 \ _005134_.tmp.dll
C: \ WINDOWS \ system32 \ _005136_.tmp.dll
C: \ WINDOWS \ system32 \ _005137_.tmp.dll
C: \ WINDOWS \ system32 \ _005139_.tmp.dll
C: \ WINDOWS \ system32 \ _005141_.tmp.dll
C: \ WINDOWS \ system32 \ _005142_.tmp.dll
C: \ WINDOWS \ system32 \ _005143_.tmp.dll
C: \ WINDOWS \ system32 \ _005144_.tmp.dll
C: \ WINDOWS \ system32 \ _005147_.tmp.dll
C: \ WINDOWS \ system32 \ _005148_.tmp.dll
C: \ WINDOWS \ system32 \ _005149_.tmp.dll
C: \ WINDOWS \ system32 \ _005150_.tmp.dll
C: \ WINDOWS \ system32 \ _005151_.tmp.dll
C: \ WINDOWS \ system32 \ _005156_.tmp.dll
C: \ WINDOWS \ system32 \ _005158_.tmp.dll
C: \ WINDOWS \ system32 \ Cache
C: \ WINDOWS \ system32 \ Cfx32.lic
C: \ WINDOWS \ system32 \ cfx32.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_NPF


((((((((((((((((((((((((( Bestanden Gemaakt van 2008-09-28 tot 2008-10-31 ))))))))))) ))))))))))))))))))))
.

2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ Tudou
2008-10-24 12:04. 2008-10-16 03:34 337,408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ NetApi32.DLL
2008-10-15 20:43. 2008-09-15 23:12 1846400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-15 20:43. 2008-09-08 21:41 333,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys
2008-10-15 20:42. 2008-08-14 21:11 2,189,184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008-10-15 20:42. 2008-08-14 21:09 2145280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-15 20:42. 2008-08-14 20:33 2,023,936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe
2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-22 05:10 38,496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-22 05:10 15,504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008-09-08 10:41 333,824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \
' "Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudou \ ú ÓëTudou \ TudouVa.exe [2008-07-06 3248128]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Opstarten

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Opstarten

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Opstarten

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ eMule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ LimeWire Op Startup.lnk]
backup = C: \ WINDOWS \ PSS \ LimeWire Op Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ LimeWire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ PowerReg Scheduler V3.exe]
backup = C: \ WINDOWS \ PSS \ PowerReg Scheduler V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Registratie Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ PSS \ Registratie Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ WordWeb.lnk]
backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SWG
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools]
- a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut]
- a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ afstandsbediening]
- a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam]
- a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent]
- a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent]
- a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer]
- a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ services]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"OSE" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"<Geen NAME>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" =
"C: \ \ Program Files \ \ Tudou \ \ ÉËÙTudou \ \ TudouVa.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: *: Disabled: @ Xpsp2res.dll, -22009
"15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP
"15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP
"6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP
"6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP

R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Motorola USB Composite Device Driver, C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680]
S3 MotDev; Motorola Inc USB Device, C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys []
.
Inhoud van de 'Geplande taken' map

2008-10-01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007-05-14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008-10-25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.
- - - - WEZEN REMOVED - - - --

URLSearchHooks-(0A94B116-4504-4e26-AB05-E61E474AA38B) - (geen file)
ShellIconOverlayIdentifiers-hex (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (geen file)
ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (geen file)
MSConfigStartUp-Comodo Firewall Pro - C: \ Program Files \ Comodo \ Firewall \ cfp.exe
MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe
MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe


.
------- Bijkomende Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com /
.
.
------- File Associations -------
.
txtfile = C: \ WINDOWS \ NOTEPAD.EXE% 1
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 09:42:02
Windows 5.1.2600 Service Pack 3 NTFS

het scannen van verborgen processen ...

het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen bestanden: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ imapi.exe
.
************************************************** ************************
.
Voltooiingstijdstip: 2008-11-01 9:47:03 - machine werd herstart
ComboFix-quarantaine-files.txt 2008-10-31 22:46:53

Pre-Run: 17476198400 bytes vrij
Post-Run: 17429176320 bytes vrij

WindowsXP-KB310994-SP2-Pro-Bootdisk-NLD.exe
[boot loader]
timeout = 2
standaard = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect

335 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________________________________

EDIT: ik was te klikken rond en ik vond een pictogram dat leek verwijderen. Ik klikte en begon het verwijderen (of althans ik hoop het was), omdat het was in rare symbolen.

[Coolyxxx]

SuperAntiSpyware logboek. Ik moest doen quick scan, want het zou komen altijd met een foutmelding wanneer ik de volledige scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Gegenereerd 11.01.2008 op 11:45

Toepassing Versie: 4.21.1004

Core Rules Database Version: 3618
Trace Rules Database Version: 1603

Scan type: Quick Scan
Totaal Scan tijd: 00:35:28

Geheugen objecten gescand: 490
Geheugen bedreigingen gedetecteerd: 0
Register-items gescand: 436
Griffie bedreigingen gedetecteerd: 0
Bestand objecten gescand: 33788
Bestand bedreigingen gedetecteerd: 2

Trojan.Vundo-Variant / F
C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL

[Glasgow]

Hallo weer

Klik niet op alles of voer meer scans tenzij ik u adviseren om zo. Het maakt de zaken alleen maar verwarrend voor mij - ik zie een item in een logboek, maar het is verdwenen uit de volgende, enzovoort - thanks.

Ik vermoed dat dit het probleem is

C: \ Program Files \ Tudou

tenzij je moeder is een fan van de Chinese versie van YouTube.

Ik wil eens een kijkje op deze twee bestanden gevonden door SAS.


Ga naar: VirusTotal

• In het midden van de pagina vind je een "Bladeren"Knop.
  
  
  
  Klik op de knop "Bladeren" en ga naar dit bestand in RED:
  
  C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL

• Klik op 'Open".
• Klik op de "Stuur Bestand"Knop aan de onderkant van de VirusTotal pagina.
• Dit zal scan van het bestand. Even geduld aub.
• Eenmaal scannen, kopiëren en plak de resultaten in je volgende antwoord.

Herhaal het bovenstaande voor dit bestand ook.

C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL




Combofix

• Sluit alle geopende browsers.
• Open notitieblok en kopieer en plak de tekst in het vak hieronder in:

Code:

  Map:
  C: \ Program Files \ Tudou 

Kijkend naar de afbeelding hieronder als voorbeeld



Opslaan als CFScript.txt, Op dezelfde locatie als ComboFix.exe




Verwijzend naar de bovenstaande afbeelding, sleept u CFScript op ComboFix.exe.

Wanneer u klaar bent, zal een log voor je op "C: \ ComboFix.txt"

Niet muisklik combofix het venster terwijl het draait. Dit kan leiden tot stilstand.

LET OP! Iemand anders denken van het gebruik van de bovenstaande script doet dit op eigen risico - u kunt eindigen met opnieuw installeren van Windows!


Gelieve na de log C: \ ComboFix.txt De VirusTotal resultaten en een frisse HijackThis Log voor verdere toetsing.

[Coolyxxx]

Ja, mijn moeder horloges Sommige Chinese video's ... Ik kon het niet vinden van de bestanden tijdens het browsen in VirusTotal. Ik ging zelfs bij hen in de verkenner, en kan niet vinden beiden. Heb je de logs:
ComboFix:

ComboFix 08-11-01.01 - Vip 2008-11-02 10:36:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [GMT 11:00]
Running from: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
Command switches gebruikt:: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt
* Gemaakt van een nieuw herstelpunt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Tudou

.
((((((((((((((((((((((((( Bestanden Gemaakt van 2008-10-01 tot 2008-11-01 ))))))))))) ))))))))))))))))))))
.

2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008-10-24 12:04. 2008-10-16 03:34 337,408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ NetApi32.DLL
2008-10-15 20:43. 2008-09-15 23:12 1846400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-15 20:43. 2008-09-08 21:41 333,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys
2008-10-15 20:42. 2008-08-14 21:11 2,189,184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008-10-15 20:42. 2008-08-14 21:09 2145280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-15 20:42. 2008-08-14 20:33 2,023,936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4
2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-22 05:10 38,496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-22 05:10 15,504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008-09-15 12:12 1,846,400 ---- aw C: \ WINDOWS \ system32 \ Win32k.sys
2008-09-08 10:41 333,824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys
2008-08-28 07:46 74.752 ---- aw C: \ WINDOWS \ system32 \ msw3prt.dll
2008-08-28 07:46 104,960 ---- aw C: \ WINDOWS \ system32 \ win32spl.dll
2008-08-26 07:24 826,368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008-08-14 10:11 2,189,184 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008-08-14 09:33 2.066.048 ---- aw C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008-07-29 12:05 32.768 - sha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ Geschiedenis \ History.IE5 \ MSHist012008072920080 730 \ Index.dat
.

((((((((((((((((((((((((((((( Snapshot @ 2008-11-01_ 9.46.14.14 ))))))))))) ))))))))))))))))))))))))))))))
.
- 2008-10-31 22:41:26 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
+ 2008-11-01 23:26:02 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]
"avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Opstarten

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Opstarten

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Opstarten

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ eMule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ LimeWire Op Startup.lnk]
backup = C: \ WINDOWS \ PSS \ LimeWire Op Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ LimeWire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ PowerReg Scheduler V3.exe]
backup = C: \ WINDOWS \ PSS \ PowerReg Scheduler V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Registratie Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ PSS \ Registratie Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Menu Start ^ Programma's ^ Opstarten ^ WordWeb.lnk]
backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SWG
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools]
- a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut]
- a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ afstandsbediening]
- a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam]
- a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent]
- a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent]
- a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer]
- a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ services]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"OSE" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"<Geen NAME>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: *: Disabled: @ Xpsp2res.dll, -22009
"15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP
"15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP
"6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP
"6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP

R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Motorola USB Composite Device Driver, C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680]
S3 MotDev; Motorola Inc USB Device, C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys []
.
Inhoud van de 'Geplande taken' map

2008-10-01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007-05-14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008-10-25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 10:39:31
Windows 5.1.2600 Service Pack 3 NTFS

het scannen van verborgen processen ...

het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen bestanden: 0

************************************************** ************************
.
Afronding tijd: 2008-11-02 10:41:44
ComboFix-quarantaine-files.txt 2008-11-01 23:41:32
ComboFix2.txt 2008-10-31 22:47:05

Pre-Run: 17222828032 bytes vrij
Post-Run: 17200967680 bytes vrij

233 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________

HijackThis:

Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen om 10:50:19, op 2.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = lokale
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin voor Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (geen naam) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (geen file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download met & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & allemaal met DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra button: (geen naam) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Onbekende eigenaar - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
End of file - 6734 bytes

[Glasgow]

Hoi

Deze twee bestanden zijn niet gevonden door combofix, dus ik heb niet echt verwachten dat ze daar te zijn.

Hoe is het systeem draait nu?

Laten we het uitvoeren van een online scan.

Voer een online scan met Panda ActiveScan

• Klik op Scan uw pc kopen
• Een "pop up"-venster, of een nieuw tabblad te openen.
• Klik op Registreer
• Kies de optie die u net als de meeste, maar we raden de Vrije Registratie.
• Klik op Registreer
• Voer uw e-mailadres en een wachtwoord.
• Selecteer "Ik wil niet op een soort van informatie". (Tenzij u wilt ontvangen deze informatie)
• Klik op Sturen
• Bevestig registratie, en verder door het invoeren van uw gebruikersnaam en wachtwoord, klik dan op Voer
• Selecteer Volledige Scan, klik dan op Scan Now
• Wacht voor de componenten worden geladen en geïnstalleerd. Niet in dit venster sluiten of ga naar een andere pagina, terwijl het downloaden. U kunt gebruik blijven maken van het internet door het openen van een ander venster in uw browser.
• Indien hij vaststelt alle malware kan ontsmetten, de Desinfecteer knop worden ingeschakeld. Klik op Desinfecteer
• Please ignore het aanbod tot koop van het programma. Klik op Exporteren naar
  
• Exporteer de log en sla het op uw bureaublad.
• Alsjeblieft hechten de inhoud van dit log voor uw antwoord, samen met een nieuw HijackThis log.

* Schakel de real-time scanner van bestaande antivirus-programma tijdens het uitvoeren van de online scan.

[Coolyxxx]

Citaat:

Oorspronkelijk geplaatst door Glasgow

• Alsjeblieft hechten de inhoud van dit log voor uw antwoord, samen met een nieuw HijackThis log.

Nou, dat deed je zeggen hechten, in de kleuren rood, dus ik dacht dat ik zou hechten. Niet zeker wat het verschil is tussen verbonden en kopiëren / plakken, behalve voor een langere post ... De Panda Active Scan gevonden sommige dingen, maar ik kon alleen een te ontsmetten, de worm, want voor de anderen, hij zei dat ik moet kopen.

[Glasgow]

Hallo weer

Excuses voor het niet steeds terug naar je vroeger - het echte leven is nogal druk op het moment.

Hoe is het systeem draait nu?


Het enige object is PowerRegScheduler - u kunt verwijderen als u dat wenst.