Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt  (Read 4628 times)

0 Members and 1 Guest are viewing this topic.

ephemeridos

    Topic Starter


    Beginner

    Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
    « on: August 27, 2009, 12:39:31 PM »
    Hello,

    my computer is infected with virus. It happened few days ago when I opened an email in my yahoo inbox.
    my avast has immediately restored infections to the chest and later i have scanned my computer with avast and kaspersky online virus scanner. all results where showing no infection. today my computer crushed down
    and i had blue screen. i got report from microsoft windows that my computer is infected with virus (see attached pdf file:

    Win32/Apropos.B
    WinNT/Zufyx.A
    Spyware.Apropos.C
    Trojan.Win32.Crypt.t

    I have cleaned and scanned my computer in safty modus. all logs are again showing no infection see attachment. Can someone please check the hijak log. In the mean time i'll try to scann my computer with another online virus scanner.

    Thank you. :)



    Hijak This Report

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:25:55, on 27.08.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programme\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Programme\Comodo\CBOClean\BOCORE.exe
    C:\Programme\Hotspot Shield\bin\openvpnas.exe
    C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Programme\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
    C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
    C:\Programme\SweetIM\Messenger\SweetIM.exe
    C:\Programme\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE
    C:\Programme\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programme\Windows Desktop Search\WindowsSearch.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\OpenOffice.org 3\program\soffice.exe
    C:\Programme\OpenOffice.org 3\program\soffice.bin
    C:\Programme\Hotspot Shield\bin\openvpntray.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Programme\Trend Micro\HijackThis\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot1.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    R3 - URLSearchHook: (no name) -  - (no file)
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
    O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: BOCore - COMODO - C:\Programme\Comodo\CBOClean\BOCORE.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe (file missing)
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe

    --
    End of file - 12208 bytes


    [attachment deleted by admin]
    Logged

    Karnac



      Specialist

      Thanked: 211
      Re: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
      « Reply #1 on: August 27, 2009, 01:02:23 PM »
      Here's a link to the process tool analysis of your HJT log...

      http://www.computerhope.com/cgi-bin/process.pl?o=27115932


      Follow the cleaning instructions.
      Logged


      Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

      ephemeridos

        Topic Starter


        Beginner

        Re: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
        « Reply #2 on: August 27, 2009, 02:44:38 PM »
        thank you. i'm finalyzing the cleaning proces and will post the malwarebytes scan as soon as it finished.
        the online bitdefender scan report is also showing no virus infection  ???

        BitDefender Online Scanner - Echtzeit-Virenmeldung
         
         
         
        Erstellt am: Thu, Aug 27, 2009 - 21:26:39
         

        --------------------------------------------------------------------------------

         
         
         
         
        Prüf-Info
         
         
         
        Geprüfte Dateien
         121971
         
        Infizierte Dateien
         0
         
         
         
         
         
         
         
         
        Erkannte Viren
         
         
         
        Keine Viren gefunden
         
         
         
         
         
         
         
        Logged

        ephemeridos

          Topic Starter


          Beginner

          Re: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
          « Reply #3 on: August 27, 2009, 03:56:26 PM »
          here is the final malwarebytes log. is there anything else i need to do?

          Malwarebytes' Anti-Malware 1.40
          Datenbank Version: 2706
          Windows 5.1.2600 Service Pack 3

          27.08.2009 23:06:09
          mbam-log-2009-08-27 (23-06-09).txt

          Scan-Methode: Vollständiger Scan (C:\|)
          Durchsuchte Objekte: 234337
          Laufzeit: 1 hour(s), 10 minute(s), 1 second(s)

          Infizierte Speicherprozesse: 0
          Infizierte Speichermodule: 0
          Infizierte Registrierungsschlüssel: 0
          Infizierte Registrierungswerte: 0
          Infizierte Dateiobjekte der Registrierung: 0
          Infizierte Verzeichnisse: 0
          Infizierte Dateien: 0

          Infizierte Speicherprozesse:
          (Keine bösartigen Objekte gefunden)

          Infizierte Speichermodule:
          (Keine bösartigen Objekte gefunden)

          Infizierte Registrierungsschlüssel:
          (Keine bösartigen Objekte gefunden)

          Infizierte Registrierungswerte:
          (Keine bösartigen Objekte gefunden)

          Infizierte Dateiobjekte der Registrierung:
          (Keine bösartigen Objekte gefunden)

          Infizierte Verzeichnisse:
          (Keine bösartigen Objekte gefunden)

          Infizierte Dateien:
          (Keine bösartigen Objekte gefunden)

          and i made again a HJT log

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 23:55:24, on 27.08.2009
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v8.00 (8.00.6001.18702)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
          C:\Programme\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\AVG\AVG8\avgfws8.exe
          C:\Programme\Comodo\CBOClean\BOCORE.exe
          C:\Programme\Hotspot Shield\bin\openvpnas.exe
          C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
          C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          C:\Programme\Java\jre6\bin\jqs.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
          C:\Programme\Synaptics\SynTP\SynTPEnh.exe
          C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
          C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
          C:\WINDOWS\system32\SearchIndexer.exe
          C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
          C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
          C:\Programme\SweetIM\Messenger\SweetIM.exe
          C:\Programme\iTunes\iTunesHelper.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE
          C:\Programme\Java\jre6\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
          C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Programme\Windows Desktop Search\WindowsSearch.exe
          C:\Programme\OpenOffice.org 3\program\soffice.exe
          C:\Programme\OpenOffice.org 3\program\soffice.bin
          C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
          C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
          C:\WINDOWS\system32\wbem\wmiapsrv.exe
          C:\Programme\iPod\bin\iPodService.exe
          C:\Programme\Hotspot Shield\bin\openvpntray.exe
          C:\Programme\Mozilla Firefox\firefox.exe
          C:\WINDOWS\system32\notepad.exe
          C:\WINDOWS\system32\SearchProtocolHost.exe
          C:\Programme\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
          R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot1.dll
          O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
          O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
          O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot1.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
          O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
          O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
          O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll
          O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
          O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
          O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
          O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
          O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
          O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
          O4 - HKLM\..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot
          O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.EXE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
          O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
          O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
          O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
          O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
          O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
          O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
          O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
          O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
          O23 - Service: BOCore - COMODO - C:\Programme\Comodo\CBOClean\BOCORE.exe
          O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
          O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe
          O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
          O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
          O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe

          --
          End of file - 11373 bytes

          Logged

          Karnac



            Specialist

            Thanked: 211
            Re: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
            « Reply #4 on: August 27, 2009, 04:17:30 PM »
            How is the computer running?

            To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
            Click Start, and then click Control Panel.
            Double-click System.
            Click the System Restore tab, and then click to select the Turn off System Restore for all drives check box.
            Click OK, and then click Yes to initiate the restore point deletion.
            To turn on System Restore again after the restore point deletion has completed, repeat these steps, but click to clear the Turn off System Restore for all drives check box.

            This will purge any infected files from SVI in system restore. 
            Logged


            Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

            ephemeridos

              Topic Starter


              Beginner

              Re: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
              « Reply #5 on: August 27, 2009, 05:25:50 PM »
              i think that computer is running well. lets see if it keeps working without crushing again.
              thank you for your help.  :)
              Logged

              Karnac



                Specialist

                Thanked: 211
                Re: Infected with Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt
                « Reply #6 on: August 27, 2009, 05:51:10 PM »
                You're most welcome....
                Logged


                Never argue with a stupid person, they'll drag you down to their level and beat you with experience.
                Pages: [1]   Go Up
                « previous next »