TrojanSPM/LX

Følg denne guide:
http://www.eksperten.dk/guide/1232

http://www.helgec.dk/virus_etc.html

Helge, det er ikke ret smart at installere AVG, hvis der er et andet antivirusprogram på maskinen.

Men vi er helt enige med Malwarebytes, den burde også snuppe denne infektion.

(Kom så med den Redigérmulighed!!!)

Følg fromsej

Ja det er meget godt, ligner svar inden i har laest hvad jeg skriver ? hvis jeg skriver jeg ikke kan starte programmer op hvordan vil i saa havde jeg installere og starter de programmer op i foreslaar ?
Kan desuden heller ikke starte op hvor jeg kan afinstallere programmer fra
I mellemtiden er housecall (online scanner) faerdig fandt lidt spyware den fjernede men problemet er der stadig.
Og ja er klar over computeren maaske ikke kan "redes"
Men nu hvor i foreslaar installere og koere programmer, har i saa ogsaa en ide til hvordan ? naar windows ikke vil lad mig ?

"Helge, det er ikke ret smart at installere AVG, hvis der er et andet antivirusprogram på maskinen. "  Netop og derfor skriver jeg også

"Hvis du kører XP, klik på Start -> Kontrolpanel -> Tilføj / Fjern programmer -> marker` og fjern dit nuværende antivirusprogram.

Hvis du kører Vista, klik på Start ->  Kontrolpanel -> Brugerkonti -> slå brugerkontistyring fra -> genstart ->  klik på Start -> Kontrolpanel -> Programmer og  funktioner -> marker` og fjern dit nuværende antivirusprogram. "

"Men nu hvor i foreslaar installere og koere programmer, har i saa ogsaa en ide til hvordan ? naar windows ikke vil lad mig ? Bliver du også afvist når du vil installere fra fejlsikret ? er det en bærbar eller stationær

Det er en stationaer
Og den vil ikke lade mig starte i fejlsikret :/ naar jeg trykker/holder F8 under opstart (har proevet begge) starter den bare normalt, den vil heller ikke lade mig aabne msconfig saa jeg kan "tvinge" den til at starte i fejlsikret naeste gang

Har du så ikke mulighed for at koble disken til som slave eller evt exter disk på en bærbar og herfra køre malware bytes

Hvis du bruger slave / xtern metoden skal du vælge "Kør et fuldstændigt systemscan" og derefter vælge den inficerede disk - processen kan være meget langvarig

Ellers se her:
http://www.eksperten.dk/guide/1296

Helge, det har jeg så overset, beklager.
Men jeg vil nu anbefale at du udskifter AVG med Avast eller Avira.

Vi har ingen ekstra harddiske (hvis det du mener med koble som slave ?) vi har kun 2 stationaere (denne jeg sidder ved pt og den infektede) og saa en baerbar af aeldre dato.

Pt. er jeg ved at vaere der hvor jeg tror det beste er at proeve at redde de informationer der kan og saa faa den formateret :/

Jamen hvis i har 2 stationære så skal du blot sætte den inficerede disk i som SLAVE på den raske computer hvis det altså ikke er en SATA disk så skal du blot hægte den på

Det er beskrevet i den guide jeg linker til i indlæg 12.

Hvis du bruger den LinuxCD til at redde hvad reddes skal, kan du så ikke lige tage en kopi af C:\boot.ini også, kopier så teksten herind.
Det er af ren nysgerrighed fra min side af.

Kaeresten er paa arbejde i dag, hun har ogsaa okay forstand paa det selv, havde bare lovet at kigge paa det mens hun var vaek, saa bliver hende der tager den endelig beslutning naar hun kommer hjem.

Nu slukkede computeren lige ned af sig selv og gav mig en blaa skaerm (er sket en gang foer) skrev en masse jeg ikke kunne naa at laese inden den sluttede, men stod bla. noget med ntfs.sys (mener jeg)

Men i skal havde tak for all den hjaelp i har givet indtil videre

Saa fik jeg tvunget computeren i fejlsikrettilstand
og derfra koert Ccleaner, malwarebytes, combogix og hijackthis

her er logfilerne fra de 3 sidste:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

19-7-2009 13:09:10
mbam-log-2009-07-19 (13-09-10).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 173694
Time elapsed: 1 hour(s), 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\15696714 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Michelle\Menu Start\Programma's\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\All Users\Application Data\15696714\15696714.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\5_odb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\avto.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\avto2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\avto3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\avto4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\g.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\h.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\i.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\j.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\teste3_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\teste4_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP972\A0229379.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP976\A0229442.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP977\A0229456.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP977\A0229457.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP984\A0235462.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP984\A0235463.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP984\A0235464.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP984\A0235465.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP984\A0235466.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6f540cdb-4b16-4080-b90e-0012c25c2184}\RP984\A0235467.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\menu start\programma's\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\documents and settings\Michelle\bureaublad\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\4_pinnew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\6_ldr3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Michelle\local settings\Temp\q9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alrsvcj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

--------

ComboFix 09-07-14.08 - Administrator 19-07-2009 13:41.2.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.2047.1773 [GMT 2:00]
Gestart vanuit: d:\ny\ComboFix.exe
gebruikte Opdracht switches :: d:\ny\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

((((((((((((((((((((  Bestanden Gemaakt van 2009-06-19 to 2009-07-19  ))))))))))))))))))))))))))))))
.

2009-07-19 11:13 . 2009-07-19 11:13    --------    d-----w-    c:\program files\CCleaner
2009-07-19 10:06 . 2009-07-19 10:06    --------    d-----w-    c:\documents and

settings\Administrator\Application Data\Malwarebytes
2009-07-19 10:06 . 2009-07-13 11:36    38160    ----a-w-   

c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 10:06 . 2009-07-19 10:06    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Malwarebytes
2009-07-19 10:06 . 2009-07-13 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-19 10:06 . 2009-07-19 10:06    --------    d-----w-    c:\program files\Malwarebytes'

Anti-Malware
2009-07-19 08:03 . 2008-07-02 15:34    102664    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2009-07-18 22:03 . 2009-07-18 22:03    --------    d-----w-    c:\documents and settings\All

Users\Application Data\CA
2009-07-18 11:38 . 2009-07-18 11:38    109    --sha-w-    c:\windows\system32\1290018971.dat
2009-07-18 11:37 . 2009-07-19 11:09    --------    d-----w-    c:\documents and settings\All

Users\Application Data\15696714
2009-07-18 02:11 . 2009-07-18 02:11    --------    d-----w-    c:\documents and settings\Michelle\Local

Settings\Application Data\Temp
2009-07-14 22:24 . 2009-07-14 22:24    --------    d---a-w-    c:\program files\IncaBall Screen Saver
2009-07-14 22:24 . 2009-07-14 22:24    237568    ----a-w-    c:\windows\IncaBallCave.scr
2009-07-13 17:06 . 2009-07-14 09:09    --------    d-----w-    c:\program files\GamesBar
2009-07-13 17:06 . 2009-07-14 09:09    --------    d-----w-    c:\program files\Gamenext
2009-07-13 17:06 . 2009-07-13 17:06    --------    d-----w-    c:\program files\Oberon Media
2009-07-13 17:06 . 2009-07-13 17:06    --------    d-----w-    c:\program files\Common Files\Oberon

Media
2009-07-12 20:22 . 2009-07-12 21:17    --------    d-----w-    c:\program files\Inca Ball
2009-07-09 17:53 . 2009-07-09 19:09    --------    d-----w-    c:\program files\Playrix Games
2009-07-07 11:22 . 2009-07-15 11:01    --------    d-----w-    c:\documents and settings\Michelle\Local

Settings\Application Data\SecondLife
2009-07-01 06:56 . 2009-07-17 15:29    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-06-30 14:22 . 2009-06-30 14:22    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Motive
2009-06-30 12:22 . 2009-06-30 12:22    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\Motive
2009-06-30 12:21 . 2009-06-30 14:22    --------    d-----w-    c:\program files\Thuishelp
2009-06-20 20:23 . 2009-06-20 20:23    --------    d-----w-    c:\documents and

settings\NetworkService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 12:27 . 2007-05-09 16:11    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\uTorrent
2009-07-14 05:54 . 2009-02-01 00:32    --------    d---a-w-    c:\documents and settings\All

Users\Application Data\TEMP
2009-07-13 17:20 . 2008-10-27 17:27    97    ----a-w-    c:\windows\popcinfo.dat
2009-07-09 22:51 . 2007-06-14 12:41    --------    d-----w-    c:\program files\Omerta Script
2009-07-09 19:13 . 2008-10-11 23:15    --------    d-----w-    c:\program files\ReflexiveArcade
2009-07-07 11:22 . 2007-04-23 21:12    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\SecondLife
2009-06-24 00:25 . 2009-05-28 10:55    --------    d-----w-    c:\program files\Pidgin
2009-06-24 00:25 . 2009-05-28 10:56    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\.purple
2009-06-22 20:34 . 2009-05-28 10:57    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\gtk-2.0
2009-06-18 20:53 . 2009-06-18 20:53    2141    ----a-w-    c:\documents and

settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-06-17 22:44 . 2007-05-20 10:30    --------    d-----w-    c:\program files\Google
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and

settings\Michelle\Application

Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E0

8B232864A94D2864.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and

settings\Michelle\Application

Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D611

5D4ADEE5E.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and

settings\Michelle\Application

Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115

D4ADEE5E.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and

settings\Michelle\Application

Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A75

6B57CAB4E6A8B.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and

settings\Michelle\Application

Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756

B57CAB4E6A8B.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and

settings\Michelle\Application

Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-17 22:44 . 2008-08-18 14:03    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Google Updater
2009-06-14 22:40 . 2008-06-23 13:45    --------    d-----w-    c:\program files\DivX
2009-06-14 22:40 . 2008-03-12 12:53    --------    d-----w-    c:\program files\Digital Image Tool 1.1
2009-06-13 19:54 . 2009-06-13 19:53    --------    d-----w-    c:\program files\QuickTime
2009-06-10 22:14 . 2009-06-10 14:30    --------    d-----w-    c:\program files\aMSN
2009-06-10 08:41 . 2009-06-10 08:41    --------    d-----w-    c:\program files\MSBuild
2009-06-09 13:21 . 2007-05-20 10:32    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Skype
2009-06-09 09:38 . 2009-06-09 09:38    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-06-09 09:38 . 2009-06-09 09:38    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\skypePM
2009-06-07 21:19 . 2009-05-27 19:30    --------    d-----w-    c:\program files\Microsoft
2009-06-07 21:19 . 2009-06-07 21:19    --------    d-----w-    c:\program files\Windows Live SkyDrive
2009-06-05 00:06 . 2009-06-05 00:06    --------    d-----w-    c:\program files\Common Files\Adobe AIR
2009-06-05 00:05 . 2008-02-13 12:49    --------    d-----w-    c:\program files\Common Files\Adobe
2009-06-01 10:44 . 2009-06-01 10:44    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-06-01 04:36 . 2009-06-01 04:36    2165    ----a-w-    c:\documents and

settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-05-29 17:30 . 2009-05-29 17:30    2145    ----a-w-    c:\documents and

settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\acccore
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\All

Users\Application Data\AOL OCP
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\All

Users\Application Data\AOL
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\program files\Viewpoint
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Viewpoint
2009-05-28 15:09 . 2009-05-28 15:09    --------    d-----w-    c:\program files\Common Files\AOL
2009-05-28 12:42 . 2009-05-28 12:42    --------    d-----w-    c:\program files\Reference Assemblies
2009-05-28 10:57 . 2009-05-28 10:57    2099    ----a-w-    c:\documents and

settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-05-28 10:55 . 2009-05-28 10:55    --------    d-----w-    c:\program files\Common Files\GTK
2009-05-27 22:29 . 2008-05-03 22:22    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\Zylom
2009-05-27 19:31 . 2009-05-27 19:31    --------    d-----w-    c:\program files\Windows Live
2009-05-27 14:30 . 2004-08-04 12:00    86370    ----a-w-    c:\windows\system32\perfc013.dat
2009-05-27 14:30 . 2004-08-04 12:00    499244    ----a-w-    c:\windows\system32\perfh013.dat
2009-05-27 14:21 . 2009-05-27 14:21    --------    d-----w-    c:\program files\Common Files\Windows

Live
2009-05-27 13:55 . 2009-05-27 13:55    --------    d-----w-    c:\program files\VS Revo Group
2009-05-27 11:49 . 2009-05-27 11:49    --------    d-----w-    c:\program files\Microsoft SQL Server

Compact Edition
2009-05-27 10:09 . 2008-07-02 15:28    --------    d-----w-    c:\program files\Sun
2009-05-27 10:06 . 2009-01-31 20:29    --------    d-----w-    c:\program files\Panda Security
2009-05-27 10:02 . 2008-12-30 16:55    --------    d-----w-    c:\program files\Nufsoft
2009-05-25 22:17 . 2009-05-25 22:16    --------    d-----w-    c:\program files\SecondLife
2009-05-25 14:32 . 2009-05-25 14:32    --------    d-----w-    c:\documents and

settings\Michelle\Application Data\DivX
2009-05-25 13:45 . 2009-05-25 13:45    1629024    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-25 13:45 . 2009-05-25 13:46    64160    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-05-25 13:45 . 2009-05-25 13:45    73064    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-05-25 13:45 . 2009-05-25 13:45    64160    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-25 13:45 . 2009-05-25 13:45    40288    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-25 13:45 . 2009-05-25 13:45    212848    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-25 13:45 . 2009-05-25 13:45    632680    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-25 13:45 . 2009-05-25 13:45    539512    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-25 13:45 . 2009-05-25 13:45    552808    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-25 13:45 . 2009-05-25 13:45    2324808    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-25 13:45 . 2009-05-25 13:45    626000    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-25 13:45 . 2009-05-25 13:45    953168    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-25 13:45 . 2009-05-25 13:45    516440    ----a-w-    c:\documents and settings\All

Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-25 13:44 . 2009-05-25 13:44    --------    dc-h--w-    c:\documents and settings\All

Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-25 13:44 . 2009-01-26 11:44    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Lavasoft
2009-05-24 23:35 . 2009-05-24 23:35    --------    d-----w-    c:\program files\ESET
2009-05-24 23:35 . 2009-05-24 23:35    --------    d-----w-    c:\documents and settings\All

Users\Application Data\ESET
2009-05-24 17:16 . 2009-05-24 17:16    --------    d-----w-    c:\program files\Common Files\DivX

Shared
2009-05-24 14:00 . 2009-05-24 14:00    --------    d-----w-    c:\program files\Alwil Software
2009-05-24 13:51 . 2008-10-11 23:18    --------    d-----w-    c:\program files\BoontyGames
2009-05-24 13:49 . 2009-05-21 00:07    --------    d-----w-    c:\program files\GameHouse
2009-05-24 10:37 . 2007-04-23 20:03    --------    d--h--w-    c:\program files\InstallShield Installation

Information
2009-05-21 00:03 . 2009-05-21 00:03    --------    d-----w-    c:\program files\Trymedia
2009-05-20 22:46 . 2009-05-20 22:46    --------    d-----w-    c:\documents and settings\All

Users\Application Data\Trymedia
2009-05-07 15:34 . 2004-08-04 12:00    347136    ----a-w-    c:\windows\system32\localspl.dll
2009-04-29 04:49 . 2004-08-04 12:00    827392    ----a-w-    c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2009-05-24 16:48    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-13 17:25 . 2009-05-27 13:17    134648    ----a-w-    c:\program files\mozilla

firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\program files\mozilla

firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\program files\mozilla

firefox\plugins\ssldivx.dll
2007-08-27 19:44 . 2007-08-27 19:44    23    --sha-w-    c:\windows\system32\deeaebcff_d.dll
.

------- Sigcheck -------

• 2006-04-20 12:18    360576    B2220C618B42A2212A59D91EBD6FC4B4   
  

c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

• 2007-10-30 16:53    360832    64798ECFA43D78C7178375FCDD16D8C8   
  

c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44    360960    744E57C99232201AE98C49168B918F48   

c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51    361600    9AEFA14BD6B182D61E3119FA5F436D3D   

c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59    361600    AD978A1B783B5719720CFF204B666C8E   

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

• 2008-04-13 19:20    361344    ACCF5A9A1FFAA490F33DBA1C632B95E1   
  

c:\windows\ServicePackFiles\i386\tcpip.sys

• 2008-06-20 11:51    361600    9425B72F40257B45D45D24773273DAD0   
  

c:\windows\system32\dllcache\tcpip.sys

• 2008-06-20 11:51    361600    9425B72F40257B45D45D24773273DAD0   
  

c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((  Reg Opstartpunten  )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-25 516440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27

35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 08:10    72208    ----a-w-    c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware

Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Omerta Script\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25-5-2009 15:46 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23-4-2007 21:44 11264]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6-2-2009 14:23 106208]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6-2-2009 14:24 93336]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program

files\SpywareDetector\SDManager.sys [?]
S2 AppToService_TuDienHND;AppToService

TuDienHND;c:\vietnam\TuDienHND\3rdparty\basta\AppToService.exe [23-11-2007 18:23 45056]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6-2-2009 14:23 727720]
S2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys --> c:\windows\system32\DRIVERS\fssfltr_tdi.sys

[?]
S2 gupdate1c9ef9d1ccfed64;Google Updateservice (gupdate1c9ef9d1ccfed64);c:\program

files\Google\Update\GoogleUpdate.exe [18-6-2009 0:44 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

files\Lavasoft\Ad-Aware\AAWService.exe [18-1-2009 23:34 953168]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" --> c:\program

files\Windows Live\Family Safety\fsssvc.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program

files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [23-4-2007 22:33 14095]
S3 ovt530;TM507A USB Camera;c:\windows\system32\drivers\ov530vid.sys [11-7-2007 0:30 161792]
.
Inhoud van de 'Gedeelde Taken' map

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:45]

2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-28 22:43]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 22:43]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 22:43]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://www.cooxer.com/
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 13:51
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppToService_TuDienHND]
"ImagePath"="c:\vietnam\TuDienHND\3rdparty\basta\AppToService.exe /sys

\"C:/vietnam/TuDienHND/3rdparty/jre/bin/jrew.exe\" /Arguments:\"-mx64m -cp vietdict.jar

vietdict.server.vietdictserver\" /Directory:\"c:/vietnam/tudienhnd\" /Name:\"tudienhnd\" /Startup:A"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Voltooingstijd: 2009-07-19 13:56 - machine werd herstart
ComboFix-quarantined-files.txt  2009-07-19 11:56
ComboFix2.txt  2009-07-19 11:37

Pre-Run: 33.357.324.288 bytes beschikbaar
Post-Run: 33.325.600.768 bytes beschikbaar

223    --- E O F ---    2009-07-18 20:01

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:53, on 19-7-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192383790500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppToService TuDienHND (AppToService_TuDienHND) - Basta Computing  - C:\vietnam\TuDienHND\3rdparty\basta\AppToService.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate1c9ef9d1ccfed64) (gupdate1c9ef9d1ccfed64) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 7647 bytes

Afinstaller uTorrent i Tilføj/fjern programmer, drop fildeling.
Lad Spywaredetector gå samme vej, det er ikke helt fint i kanten.
http://www.emsisoft.com/en/malware/?Adware.Win32.SpywareDetector
---------------------------------------
Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\Program Files\utorrent
C:\documents and settings\Michelle\Application Data\uTorrent
c:\program files\SpywareDetector
Driver::
SDManager

Fcopy::
c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys|c:\windows\system32\dllcache\tcpip.sys

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Her er den nye log fra combofix:

ComboFix 09-07-14.08 - Administrator 19-07-2009 14:38.3.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.2047.1767 [GMT 2:00]
Gestart vanuit: d:\ny\ComboFix.exe
gebruikte Opdracht switches :: d:\ny\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

((((((((((((((((((((((((((((((((((  Andere Verwijderingen  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Program Files\utorrent
c:\\Program Files\utorrent\utorrent.exe

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SDManager


((((((((((((((((((((  Bestanden Gemaakt van 2009-06-19 to 2009-07-19  ))))))))))))))))))))))))))))))
.

2009-07-19 11:15 . 2009-07-19 12:36    --------    d--h--r-    c:\documents and settings\Administrator\Onlangs geopend
2009-07-19 11:13 . 2009-07-19 11:13    --------    d-----w-    c:\program files\CCleaner
2009-07-19 10:06 . 2009-07-19 10:06    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-19 10:06 . 2009-07-13 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 10:06 . 2009-07-19 10:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-19 10:06 . 2009-07-13 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-19 10:06 . 2009-07-19 10:06    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-07-19 08:03 . 2008-07-02 15:34    102664    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2009-07-18 22:03 . 2009-07-18 22:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\CA
2009-07-18 11:38 . 2009-07-18 11:38    109    --sha-w-    c:\windows\system32\1290018971.dat
2009-07-18 11:37 . 2009-07-19 11:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\15696714
2009-07-18 02:11 . 2009-07-18 02:11    --------    d-----w-    c:\documents and settings\Michelle\Local Settings\Application Data\Temp
2009-07-14 22:24 . 2009-07-14 22:24    --------    d---a-w-    c:\program files\IncaBall Screen Saver
2009-07-14 22:24 . 2009-07-14 22:24    237568    ----a-w-    c:\windows\IncaBallCave.scr
2009-07-13 17:06 . 2009-07-14 09:09    --------    d-----w-    c:\program files\GamesBar
2009-07-13 17:06 . 2009-07-14 09:09    --------    d-----w-    c:\program files\Gamenext
2009-07-13 17:06 . 2009-07-13 17:06    --------    d-----w-    c:\program files\Oberon Media
2009-07-13 17:06 . 2009-07-13 17:06    --------    d-----w-    c:\program files\Common Files\Oberon Media
2009-07-12 20:22 . 2009-07-12 21:17    --------    d-----w-    c:\program files\Inca Ball
2009-07-09 17:53 . 2009-07-09 19:09    --------    d-----w-    c:\program files\Playrix Games
2009-07-07 11:22 . 2009-07-15 11:01    --------    d-----w-    c:\documents and settings\Michelle\Local Settings\Application Data\SecondLife
2009-07-01 06:56 . 2009-07-17 15:29    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-06-30 14:22 . 2009-06-30 14:22    --------    d-----w-    c:\documents and settings\All Users\Application Data\Motive
2009-06-30 12:22 . 2009-06-30 12:22    --------    d-----w-    c:\documents and settings\Michelle\Application Data\Motive
2009-06-30 12:21 . 2009-06-30 14:22    --------    d-----w-    c:\program files\Thuishelp
2009-06-20 20:23 . 2009-06-20 20:23    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 12:27 . 2007-05-09 16:11    --------    d-----w-    c:\documents and settings\Michelle\Application Data\uTorrent
2009-07-14 05:54 . 2009-02-01 00:32    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 17:20 . 2008-10-27 17:27    97    ----a-w-    c:\windows\popcinfo.dat
2009-07-09 22:51 . 2007-06-14 12:41    --------    d-----w-    c:\program files\Omerta Script
2009-07-09 19:13 . 2008-10-11 23:15    --------    d-----w-    c:\program files\ReflexiveArcade
2009-07-07 11:22 . 2007-04-23 21:12    --------    d-----w-    c:\documents and settings\Michelle\Application Data\SecondLife
2009-06-24 00:25 . 2009-05-28 10:55    --------    d-----w-    c:\program files\Pidgin
2009-06-24 00:25 . 2009-05-28 10:56    --------    d-----w-    c:\documents and settings\Michelle\Application Data\.purple
2009-06-22 20:34 . 2009-05-28 10:57    --------    d-----w-    c:\documents and settings\Michelle\Application Data\gtk-2.0
2009-06-18 20:53 . 2009-06-18 20:53    2141    ----a-w-    c:\documents and settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-06-17 22:44 . 2007-05-20 10:30    --------    d-----w-    c:\program files\Google
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-17 22:44 . 2009-06-17 22:44    25214    ----a-r-    c:\documents and settings\Michelle\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-17 22:44 . 2008-08-18 14:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\Google Updater
2009-06-14 22:40 . 2008-06-23 13:45    --------    d-----w-    c:\program files\DivX
2009-06-14 22:40 . 2008-03-12 12:53    --------    d-----w-    c:\program files\Digital Image Tool 1.1
2009-06-13 19:54 . 2009-06-13 19:53    --------    d-----w-    c:\program files\QuickTime
2009-06-10 22:14 . 2009-06-10 14:30    --------    d-----w-    c:\program files\aMSN
2009-06-10 08:41 . 2009-06-10 08:41    --------    d-----w-    c:\program files\MSBuild
2009-06-09 13:21 . 2007-05-20 10:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2009-06-09 09:38 . 2009-06-09 09:38    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-06-09 09:38 . 2009-06-09 09:38    --------    d-----w-    c:\documents and settings\Michelle\Application Data\skypePM
2009-06-07 21:19 . 2009-05-27 19:30    --------    d-----w-    c:\program files\Microsoft
2009-06-07 21:19 . 2009-06-07 21:19    --------    d-----w-    c:\program files\Windows Live SkyDrive
2009-06-05 00:06 . 2009-06-05 00:06    --------    d-----w-    c:\program files\Common Files\Adobe AIR
2009-06-05 00:05 . 2008-02-13 12:49    --------    d-----w-    c:\program files\Common Files\Adobe
2009-06-01 10:44 . 2009-06-01 10:44    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-06-01 04:36 . 2009-06-01 04:36    2165    ----a-w-    c:\documents and settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-05-29 17:30 . 2009-05-29 17:30    2145    ----a-w-    c:\documents and settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\Michelle\Application Data\acccore
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\AOL
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\program files\Viewpoint
2009-05-28 15:10 . 2009-05-28 15:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-28 15:09 . 2009-05-28 15:09    --------    d-----w-    c:\program files\Common Files\AOL
2009-05-28 12:42 . 2009-05-28 12:42    --------    d-----w-    c:\program files\Reference Assemblies
2009-05-28 10:57 . 2009-05-28 10:57    2099    ----a-w-    c:\documents and settings\Michelle\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-05-28 10:55 . 2009-05-28 10:55    --------    d-----w-    c:\program files\Common Files\GTK
2009-05-27 22:29 . 2008-05-03 22:22    --------    d-----w-    c:\documents and settings\Michelle\Application Data\Zylom
2009-05-27 19:31 . 2009-05-27 19:31    --------    d-----w-    c:\program files\Windows Live
2009-05-27 14:30 . 2004-08-04 12:00    86370    ----a-w-    c:\windows\system32\perfc013.dat
2009-05-27 14:30 . 2004-08-04 12:00    499244    ----a-w-    c:\windows\system32\perfh013.dat
2009-05-27 14:21 . 2009-05-27 14:21    --------    d-----w-    c:\program files\Common Files\Windows Live
2009-05-27 13:55 . 2009-05-27 13:55    --------    d-----w-    c:\program files\VS Revo Group
2009-05-27 11:49 . 2009-05-27 11:49    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2009-05-27 10:09 . 2008-07-02 15:28    --------    d-----w-    c:\program files\Sun
2009-05-27 10:06 . 2009-01-31 20:29    --------    d-----w-    c:\program files\Panda Security
2009-05-27 10:02 . 2008-12-30 16:55    --------    d-----w-    c:\program files\Nufsoft
2009-05-25 22:17 . 2009-05-25 22:16    --------    d-----w-    c:\program files\SecondLife
2009-05-25 14:32 . 2009-05-25 14:32    --------    d-----w-    c:\documents and settings\Michelle\Application Data\DivX
2009-05-25 13:45 . 2009-05-25 13:45    1629024    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-25 13:45 . 2009-05-25 13:46    64160    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-05-25 13:45 . 2009-05-25 13:45    73064    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-05-25 13:45 . 2009-05-25 13:45    64160    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-25 13:45 . 2009-05-25 13:45    40288    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-25 13:45 . 2009-05-25 13:45    212848    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-25 13:45 . 2009-05-25 13:45    632680    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-25 13:45 . 2009-05-25 13:45    539512    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-25 13:45 . 2009-05-25 13:45    552808    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-25 13:45 . 2009-05-25 13:45    2324808    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-25 13:45 . 2009-05-25 13:45    626000    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-25 13:45 . 2009-05-25 13:45    953168    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-25 13:45 . 2009-05-25 13:45    516440    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-25 13:44 . 2009-05-25 13:44    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-25 13:44 . 2009-01-26 11:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-24 23:35 . 2009-05-24 23:35    --------    d-----w-    c:\program files\ESET
2009-05-24 23:35 . 2009-05-24 23:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\ESET
2009-05-24 17:16 . 2009-05-24 17:16    --------    d-----w-    c:\program files\Common Files\DivX Shared
2009-05-24 14:00 . 2009-05-24 14:00    --------    d-----w-    c:\program files\Alwil Software
2009-05-24 13:51 . 2008-10-11 23:18    --------    d-----w-    c:\program files\BoontyGames
2009-05-24 13:49 . 2009-05-21 00:07    --------    d-----w-    c:\program files\GameHouse
2009-05-24 10:37 . 2007-04-23 20:03    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-05-21 00:03 . 2009-05-21 00:03    --------    d-----w-    c:\program files\Trymedia
2009-05-20 22:46 . 2009-05-20 22:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\Trymedia
2009-05-07 15:34 . 2004-08-04 12:00    347136    ----a-w-    c:\windows\system32\localspl.dll
2009-04-29 04:49 . 2004-08-04 12:00    827392    ----a-w-    c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2009-05-24 16:48    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-13 17:25 . 2009-05-27 13:17    134648    ----a-w-    c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-08-27 19:44 . 2007-08-27 19:44    23    --sha-w-    c:\windows\system32\deeaebcff_d.dll
.

------- Sigcheck -------

• 2006-04-20 12:18    360576    B2220C618B42A2212A59D91EBD6FC4B4    c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
  

• 2007-10-30 16:53    360832    64798ECFA43D78C7178375FCDD16D8C8    c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
  

[7] 2008-06-20 10:44    360960    744E57C99232201AE98C49168B918F48    c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51    361600    9AEFA14BD6B182D61E3119FA5F436D3D    c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59    361600    AD978A1B783B5719720CFF204B666C8E    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

• 2008-04-13 19:20    361344    ACCF5A9A1FFAA490F33DBA1C632B95E1    c:\windows\ServicePackFiles\i386\tcpip.sys
  

• 2008-06-20 11:51    361600    9425B72F40257B45D45D24773273DAD0    c:\windows\system32\dllcache\tcpip.sys
  

• 2008-06-20 11:51    361600    9425B72F40257B45D45D24773273DAD0    c:\windows\system32\drivers\tcpip.sys
  

.
(((((((((((((((((((((((((((((((((((((  Reg Opstartpunten  )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-25 516440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 08:10    72208    ----a-w-    c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Omerta Script\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25-5-2009 15:46 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23-4-2007 21:44 11264]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6-2-2009 14:23 106208]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6-2-2009 14:24 93336]
S2 AppToService_TuDienHND;AppToService TuDienHND;c:\vietnam\TuDienHND\3rdparty\basta\AppToService.exe [23-11-2007 18:23 45056]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6-2-2009 14:23 727720]
S2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys --> c:\windows\system32\DRIVERS\fssfltr_tdi.sys [?]
S2 gupdate1c9ef9d1ccfed64;Google Updateservice (gupdate1c9ef9d1ccfed64);c:\program files\Google\Update\GoogleUpdate.exe [18-6-2009 0:44 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18-1-2009 23:34 953168]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" --> c:\program files\Windows Live\Family Safety\fsssvc.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [23-4-2007 22:33 14095]
S3 ovt530;TM507A USB Camera;c:\windows\system32\drivers\ov530vid.sys [11-7-2007 0:30 161792]
.
Inhoud van de 'Gedeelde Taken' map

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:45]

2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-28 22:43]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 22:43]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 22:43]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://www.cooxer.com/
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 14:49
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppToService_TuDienHND]
"ImagePath"="c:\vietnam\TuDienHND\3rdparty\basta\AppToService.exe /sys \"C:/vietnam/TuDienHND/3rdparty/jre/bin/jrew.exe\" /Arguments:\"-mx64m -cp vietdict.jar vietdict.server.vietdictserver\" /Directory:\"c:/vietnam/tudienhnd\" /Name:\"tudienhnd\" /Startup:A"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(240)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Voltooingstijd: 2009-07-19 14:54 - machine werd herstart
ComboFix-quarantined-files.txt  2009-07-19 12:54
ComboFix2.txt  2009-07-19 11:56
ComboFix3.txt  2009-07-19 11:37

Pre-Run: 33.326.129.152 bytes beschikbaar
Post-Run: 33.305.849.856 bytes beschikbaar

231    --- E O F ---    2009-07-18 20:01

Download Norton Removal Tool (SymNRT) til dit skrivebord.


http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Når du har hentet det, skal du lukke alle åbne browsere og vinduer, fordi det vil kræve en genstart.

Gå så til dit skrivebord og dobbeltklik på værktøjet og klik derefter på Setup.
Klik på Næste.
Accepter licensaftalen, og klik på Næste
skriv de bogstaver og tal, du ser i tekstfeltet og klik derefter på Næste.
Derefter klik på Næste og værktøjet vil begynde at køre.
Når det er færdigt genstart computeren og kør værktøjet igen for at sikre, at alt er blevet fjernet.
Slet Nortonremoval værktøj fra dit skrivebord.
Genstart.

Kan maskinen køre nu?

Nu spoerger jeg sikkert dumt, men vil hellere spoerge for meget end goere forkert, hvilket af dem "har" jeg hvor jeg skal vaelge:

"Choose your product"

for er som sagt ikke min egen maskine saa ved ikke hvilken der er/var installeret, og kan ikke umildbart selv se paa comp. hvilken det skulle vaere

Prøv med denne:
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&ssfromlink=true&sprt_cid=1a13409b-29db-4397-a286-9dec49f8e252&seg=hho&ct=us&lg=en&docurl=20080828154508EN

Umildbart koere maskinen fint nu, nu maa havde mange tak, nu har jeg bare brug for faa at vide hvordan jeg kan give dig point ?
og saa maaske hvordan jeg forhindre det i at ske igen, har hoert/laest at avast og avira er de beste gratis alternativer af virus programmer ?

Jeg ville også vælge et af de to nævnte.

Tag et kig her for mere beskyttelse:
http://www.spywarefri.dk/sikkerhedspakken/

Du kan give point nu, hvor jeg har lagt et svar.