Hijackthis log for anyone who wants to help...

Jurgennop · May 15, 2008

huh? where? i haven't seen anything yet?
i still have no idea what has to be done...

svtstang · May 15, 2008

My bad, I was looking at this thread http://forums.spybot.info/showthread.php?t=28014

I just scanned over the log and noticed the last 023 entry was similar to yours, I was mistaken.

Linky to your thread on the site?

Jurgennop · May 15, 2008

no prob, here's the link, i really hope you or someone can help me out,not very helpful people over there so it seems...

http://forums.spybot.info/showthread.php?t=27983

please help me out,or encourage people to help me out over there,every thread gets responsoe,except mine...

svtstang · May 15, 2008

Lol I have a few free moments, I will sign up just for a good old fashion bump

edit

Seems only the pro's can post in that forum, I am not able to respond in your thread. I will make a new thread with your log.

edit 2

Here is the link http://forums.spybot.info/showthread.php?p=192142#post192142

make sure to follow it, if somebody responds ill hand it over to you.

Jurgennop · May 16, 2008

strange that somehow they respond to you,but anyway,great. i'll post the log here asap,so you can copy it there,ok?

svtstang · May 16, 2008

Or you can just pm me your email addy, I will change my login there so you can just use my account, would be much easier that way.

Jurgennop · May 16, 2008

email is jurgen_noppe@hotmail.com,is this what you needed?

thx a million for the help,buddy!!

svtstang · May 16, 2008

Yeah I will my email to yours, and the pass will be the screen name you use here. Check your email in like 15 minutes.

Oh yea, edit out your email before the mods/spammers get a hold of it!

EDIT

Alright, the account is yours, the password is your screen name you use here, just make sure to change it asap once you log on! I used a random email since you were already using the email you gave me.

Jurgennop · May 16, 2008

thx a lot,changed it

here's the logs btw

ComboFix 08-05-15.3 - J.NOPPE 2008-05-17 1:27:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.606 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\J.NOPPE\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\adaway.lic
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))
.

2008-05-17 01:04 . 2008-05-17 01:05 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-05-17 01:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-05-17 01:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-05-17 01:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-05-17 01:04 . 2008-05-17 01:04 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-17 01:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-05-17 01:03 . 2008-05-17 01:17 <DIR> dr-h----- C:\Documents and Settings\J.NOPPE\Onlangs geopend
2008-05-11 03:12 . 2008-05-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-05-11 03:00 . 2008-05-11 03:00 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-11 03:00 . 2008-05-11 03:00 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-11 02:59 . 2007-06-22 11:34 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-05-11 02:59 . 2007-11-29 02:18 78,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-05-11 02:59 . 2007-11-29 02:17 63,120 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-05-11 02:59 . 2007-11-29 02:17 55,824 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-05-11 02:59 . 2007-11-29 02:17 36,368 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-05-11 02:59 . 2007-11-29 02:17 35,088 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-05-11 02:59 . 2007-11-29 02:17 20,240 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-05-11 02:58 . 2008-05-11 02:58 <DIR> d-------- C:\Documents and Settings\J.NOPPE\Application Data\InstallShield
2008-05-11 02:58 . 2008-05-11 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-11 02:55 . 2008-05-11 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-11 01:47 . 2008-04-14 19:02 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-11 01:47 . 2008-04-14 19:02 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-11 01:47 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-11 01:47 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-11 01:47 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-11 01:47 . 2008-04-13 20:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-07 20:17 . 2008-05-08 23:40 <DIR> d-------- C:\WINDOWS\system32\nl
2008-05-07 20:17 . 2008-05-08 23:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 20:17 . 2008-05-08 23:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 20:11 . 2008-04-14 18:42 2,193,408 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-05-07 20:04 . 2008-04-14 19:02 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-05-07 20:04 . 2008-04-14 19:02 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-07 20:02 . 2008-04-14 19:02 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-04-24 21:01 . 2008-04-24 21:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-24 18:34 . 2008-05-16 23:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\Program Files\AVG
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-24 18:34 . 2008-04-24 18:34 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-24 18:34 . 2008-04-24 18:34 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-24 18:34 . 2008-04-24 18:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-22 18:35 . 2008-04-22 19:09 <DIR> d-------- C:\Documents and Settings\J.NOPPE\Application Data\Azureus
2008-04-22 18:35 . 2008-04-22 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-22 18:30 . 2008-04-22 18:30 <DIR> d-------- C:\Documents and Settings\J.NOPPE\Application Data\.BitTornado

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 23:07 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-11 11:22 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-11 11:20 --------- d-----w C:\Program Files\Logitech
2008-05-11 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 22:00 --------- d-----w C:\Program Files\MSN Messenger
2008-04-27 11:39 --------- d-----w C:\Documents and Settings\J.NOPPE\Application Data\uTorrent
2008-04-23 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 16:27 --------- d-----w C:\Program Files\Java
2008-04-16 21:20 --------- d-----w C:\Program Files\JoWooD
2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 17:03 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 17:03 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 17:03 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 17:03 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 17:03 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 16:43 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 16:43 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 16:43 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 16:43 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 16:43 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 16:40 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 16:40 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 16:39 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 16:38 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 16:38 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 16:37 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 16:36 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 16:35 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 16:34 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 16:34 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 16:34 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 16:33 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 16:32 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 16:32 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 16:31 41,856 ------w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 16:31 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 16:30 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 16:30 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 16:30 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 11:27 --------- d-----w C:\Program Files\iTunes
2008-04-14 11:27 --------- d-----w C:\Program Files\iPod
2008-04-14 11:26 --------- d-----w C:\Program Files\QuickTime
2008-04-14 11:26 --------- d-----w C:\Program Files\Bonjour
2008-04-14 10:57 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2004-12-14 08:35 56 --sh--r C:\WINDOWS\system32\7323EC62DF.sys
2004-12-14 08:35 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-24 18:34 1177368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"services32"="C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=interceptor.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VIA RAID TOOL.lnk]
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-11-07 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-05-14 09:47 67072 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-05 09:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-02-26 18:52]
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-24 18:34]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-24 18:34]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-24 18:34]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-24 18:34]
S3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 08:32]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 20:49]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95496280-a929-11da-b121-00508de94c6f}]
\Shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - AEGISP
.
Inhoud van de 'Gedeelde Taken' map
"2008-05-12 11:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 23:33:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 01:31:12
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-17 1:35:03 - machine was rebooted [J.NOPPE]
ComboFix-quarantined-files.txt 2008-05-16 23:35:00

Pre-Run: 17,273,356,288 bytes beschikbaar
Post-Run: 17,245,605,888 bytes beschikbaar

277 --- E O F --- 2008-05-13 16:11:30

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:42 , on 17/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
D:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe (User 'Default user')
O4 - Global Startup: StartupFaster
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: interceptor.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Log in or Sign up

Hijackthis log for anyone who wants to help...

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

Share This Page

Log in or Sign up

Hijackthis log for anyone who wants to help...

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

svtstang Regular member

Jurgennop Regular member

Share This Page

Useful Searches