Hijackthis log for anyone who wants to help... [page 2/2]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Thursday 6.3.2025 / 20:11

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis log for anyone who wants to help...

Browse by topic

Forums

Start a new thread

Hijackthis log for anyone who wants to help...

Jump to:

Posted

Message

Page:	< Previous	1	2

svtstang

AfterDawn Addict

16. May 2008 @ 18:23

Link to this message

Or you can just pm me your email addy, I will change my login there so you can just use my account, would be much easier that way.

[ + quote]

Jurgennop

Member

16. May 2008 @ 19:25

Link to this message

email is jurgen_noppe@hotmail.com,is this what you needed?

thx a million for the help,buddy!!

[ + quote]

svtstang

AfterDawn Addict

16. May 2008 @ 19:29

Link to this message

Yeah I will my email to yours, and the pass will be the screen name you use here. Check your email in like 15 minutes.

Oh yea, edit out your email before the mods/spammers get a hold of it!

EDIT

Alright, the account is yours, the password is your screen name you use here, just make sure to change it asap once you log on! I used a random email since you were already using the email you gave me.

[ + quote]

This message has been edited since posting. Last time this message was edited on 16. May 2008 @ 19:34

Jurgennop

Member

16. May 2008 @ 19:48

Link to this message

thx a lot,changed it

here's the logs btw

ComboFix 08-05-15.3 - J.NOPPE 2008-05-17 1:27:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.606 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\J.NOPPE\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\adaway.lic
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))
.

2008-05-17 01:04 . 2008-05-17 01:05 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-05-17 01:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-05-17 01:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-05-17 01:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-05-17 01:04 . 2008-05-17 01:04 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-17 01:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-05-17 01:03 . 2008-05-17 01:17 <DIR> dr-h----- C:\Documents and Settings\J.NOPPE\Onlangs geopend
2008-05-11 03:12 . 2008-05-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-05-11 03:00 . 2008-05-11 03:00 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-11 03:00 . 2008-05-11 03:00 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-11 02:59 . 2007-06-22 11:34 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-05-11 02:59 . 2007-11-29 02:18 78,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-05-11 02:59 . 2007-11-29 02:17 63,120 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-05-11 02:59 . 2007-11-29 02:17 55,824 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-05-11 02:59 . 2007-11-29 02:17 36,368 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-05-11 02:59 . 2007-11-29 02:17 35,088 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-05-11 02:59 . 2007-11-29 02:17 20,240 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-05-11 02:58 . 2008-05-11 02:58 <DIR> d-------- C:\Documents and Settings\J.NOPPE\Application Data\InstallShield
2008-05-11 02:58 . 2008-05-11 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-11 02:55 . 2008-05-11 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-11 01:47 . 2008-04-14 19:02 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-11 01:47 . 2008-04-14 19:02 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-11 01:47 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-11 01:47 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-11 01:47 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-11 01:47 . 2008-04-13 20:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-07 20:17 . 2008-05-08 23:40 <DIR> d-------- C:\WINDOWS\system32\nl
2008-05-07 20:17 . 2008-05-08 23:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-07 20:17 . 2008-05-08 23:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 20:11 . 2008-04-14 18:42 2,193,408 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-05-07 20:04 . 2008-04-14 19:02 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-05-07 20:04 . 2008-04-14 19:02 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-07 20:02 . 2008-04-14 19:02 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-04-24 21:01 . 2008-04-24 21:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-24 18:34 . 2008-05-16 23:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\Program Files\AVG
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-24 18:34 . 2008-04-24 18:34 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-24 18:34 . 2008-04-24 18:34 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-24 18:34 . 2008-04-24 18:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-22 18:35 . 2008-04-22 19:09 <DIR> d-------- C:\Documents and Settings\J.NOPPE\Application Data\Azureus
2008-04-22 18:35 . 2008-04-22 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-22 18:30 . 2008-04-22 18:30 <DIR> d-------- C:\Documents and Settings\J.NOPPE\Application Data\.BitTornado

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 23:07 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-11 11:22 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-11 11:20 --------- d-----w C:\Program Files\Logitech
2008-05-11 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 22:00 --------- d-----w C:\Program Files\MSN Messenger
2008-04-27 11:39 --------- d-----w C:\Documents and Settings\J.NOPPE\Application Data\uTorrent
2008-04-23 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 16:27 --------- d-----w C:\Program Files\Java
2008-04-16 21:20 --------- d-----w C:\Program Files\JoWooD
2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 17:03 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 17:03 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 17:03 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 17:03 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 17:03 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 16:43 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 16:43 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 16:43 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 16:43 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 16:43 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 16:40 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 16:40 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 16:39 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 16:38 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 16:38 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 16:37 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 16:36 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 16:35 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 16:34 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 16:34 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 16:34 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 16:33 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 16:32 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 16:32 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 16:31 41,856 ------w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 16:31 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 16:30 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 16:30 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 16:30 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 11:27 --------- d-----w C:\Program Files\iTunes
2008-04-14 11:27 --------- d-----w C:\Program Files\iPod
2008-04-14 11:26 --------- d-----w C:\Program Files\QuickTime
2008-04-14 11:26 --------- d-----w C:\Program Files\Bonjour
2008-04-14 10:57 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2004-12-14 08:35 56 --sh--r C:\WINDOWS\system32\7323EC62DF.sys
2004-12-14 08:35 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-24 18:34 1177368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"services32"="C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=interceptor.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VIA RAID TOOL.lnk]
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-11-07 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-05-14 09:47 67072 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-05 09:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-02-26 18:52]
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-24 18:34]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-24 18:34]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-24 18:34]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-24 18:34]
S3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 08:32]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 20:49]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95496280-a929-11da-b121-00508de94c6f}]
\Shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - AEGISP
.
Inhoud van de 'Gedeelde Taken' map
"2008-05-12 11:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 23:33:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 01:31:12
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-17 1:35:03 - machine was rebooted [J.NOPPE]
ComboFix-quarantined-files.txt 2008-05-16 23:35:00

Pre-Run: 17,273,356,288 bytes beschikbaar
Post-Run: 17,245,605,888 bytes beschikbaar

277 --- E O F --- 2008-05-13 16:11:30

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:42 , on 17/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
D:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe (User 'Default user')
O4 - Global Startup: StartupFaster
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: interceptor.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[ + quote]

Page:	< Previous	1	2

Start a new thread


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.