Kenny Posted November 11, 2007 ID:9855 Share Posted November 11, 2007 Hey,I noticed in the past two weeks that my computer started slower than usually. I did some scans but those said everything was clean, so I thought nothing of it. Yesterday however, I got an annoying pop-up which closed down my firefox and prompted me to download "Antivirusscherm" because I have a virus on my computer. I did a google search and apparently this is a form of spyware. I tried some normal scans but they didn't reveal anything. Then I completed the steps from the "HijackThis Pre-Post Instructions" thread, but that didnt really help either. Though I didn't get any new pop-up since yesterday, I would like to make sure that my system is clean.Anyhow, without further ado, here's my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:58:59, on 11-11-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161375139656O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 6370 bytesKenny Link to post Share on other sites More sharing options...
JeanInMontana Posted November 12, 2007 ID:9891 Share Posted November 12, 2007 Hi there Kenny, and welcome to Malwarebytes.Run HJT and put a check next to the items below and click fix.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.AVG AntiSpyware Be sure to "take action"Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and AVG scans please. Also a new HJT.You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
Kenny Posted November 13, 2007 Author ID:9937 Share Posted November 13, 2007 Hey,Spybot S&D and panda both didn't find anything. For some reason AVG didn't create a log (it's set to automatically generate a report), so I can't post it. However, it only found two tracking cookies. Panda didn't find anything and I didn't get a see report button. Here's my new HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:33:00, on 13-11-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.pandasecurity.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161375139656O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 5998 bytesThanks, Kenny Link to post Share on other sites More sharing options...
JeanInMontana Posted November 14, 2007 ID:9970 Share Posted November 14, 2007 Well let's see what if anything this scan finds. Nothing is showing in your log.1. Download this file :http://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites More sharing options...
Kenny Posted November 17, 2007 Author ID:10040 Share Posted November 17, 2007 Hey,I downloaded combofix and ran it, but I dont think it found anything. However, my computer is still slow while starting up (it does nothing for about a minute) and last time I had that problem, I found a trojan and my computer started at a normal speed again. Anyhow, here's the combofix log:ComboFix 07-11-08.1 - Sergio 2007-11-17 14:55:19.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.608 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Sergio\Bureaublad\ComboFix(2).exe * Nieuw herstelpunt werd aangemaakt.(((((((((((((((((((( Bestanden Gemaakt van 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))).2007-11-17 14:53 51,200 --a------ C:\WINDOWS\NirCmd.exe2007-11-13 18:11 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2007-11-11 11:58 <DIR> d-------- C:\Program Files\Trend Micro2007-11-11 10:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot2007-11-11 10:37 <DIR> d-------- C:\Program Files\Common Files\Java2007-11-11 10:22 <DIR> d-------- C:\Documents and Settings\Sergio\Application Data\Grisoft2007-11-11 10:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-11-11 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2007-11-11 10:11 <DIR> d-------- C:\Downloads2007-10-29 16:45 <DIR> d-------- C:\Program Files\Windows Defender2007-10-21 17:04 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr2007-10-21 17:04 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys2007-10-21 17:04 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys2007-10-21 17:04 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys2007-10-21 17:04 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys2007-10-21 17:04 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys2007-10-21 17:03 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe.((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-11-13 18:18 --------- d-----w C:\Program Files\MSN Messenger2007-11-11 09:37 --------- d-----w C:\Program Files\Java2007-11-11 09:36 --------- d-----w C:\Program Files\Uniblue2007-11-11 09:36 --------- d-----w C:\Documents and Settings\Sergio\Application Data\Uniblue2007-11-11 00:49 --------- d-----w C:\Program Files\Hitman Pro2007-11-11 00:21 --------- d-----w C:\Program Files\Spyware Doctor2007-11-01 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2007-11-01 17:06 --------- d-----w C:\Program Files\SpywareBlaster2007-10-17 15:15 --------- d-----w C:\Program Files\Common Files\Adobe2007-10-17 15:07 --------- d-----w C:\Documents and Settings\Sergio\Application Data\AdobeUM2007-10-10 14:17 --------- d-----w C:\Program Files\Google2007-10-06 14:38 --------- d-----w C:\Program Files\Guild Wars2007-09-30 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-09-30 16:20 --------- d-----w C:\Program Files\UT2004Demo2007-09-30 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx2007-09-19 16:18 --------- d-----w C:\Program Files\Common Files\xing shared2007-09-19 16:18 --------- d-----w C:\Program Files\Common Files\Real2007-09-19 16:17 --------- d-----w C:\Program Files\Real2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\inetcomm.dll.((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS*Newly Created Service* - CATCHME.Inhoud van de 'Gedeelde Taken' map"2007-11-17 13:30:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"- C:\Program Files\Windows Defender\MpCmdRun.exe"2007-11-05 15:30:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"2007-04-19 14:29:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe.**************************************************************************catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-11-17 14:58:53Windows 5.1.2600 Service Pack 2 NTFSscannen van verborgen processen ...scannen van verborgen autostart items ...scannen van verborgen bestanden ...Scan succesvol afgerond verborgen bestanden: 0 **************************************************************************.Voltooingstijd: 2007-11-17 15:00:09. --- E O F ---It's in Dutch, I dont know if that's a problem, but I didnt see an option to change the language to englishKenny Link to post Share on other sites More sharing options...
JeanInMontana Posted November 17, 2007 ID:10057 Share Posted November 17, 2007 Please do the following:1. Open Hijackthis and select: Open the Misc Tools section.2. Then choose: Open Uninstall Manager and click Save List.3. Save the list to your computer.4. Then copy the contents of the list back to your thread.In English please I don't read or speak Dutch. Link to post Share on other sites More sharing options...
Kenny Posted November 17, 2007 Author ID:10070 Share Posted November 17, 2007 Ad-Aware SE PersonalAdobe Flash Player ActiveXAdobe Reader 8.1.1 - Nederlandsavast! AntivirusAVG Anti-Spyware 7.5Beveiligingsupdate for Windows Media Player 10 (KB917734)Beveiligingsupdate for Windows XP (KB923689)Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)Beveiligingsupdate voor Windows Media Player (KB911564)Beveiligingsupdate voor Windows Media Player 11 (KB936782)Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)Beveiligingsupdate voor Windows Media Player 8 (KB917734)Beveiligingsupdate voor Windows Media Player 9 (KB917734)Beveiligingsupdate voor Windows XP (KB890046)Beveiligingsupdate voor Windows XP (KB893756)Beveiligingsupdate voor Windows XP (KB896358)Beveiligingsupdate voor Windows XP (KB896423)Beveiligingsupdate voor Windows XP (KB896424)Beveiligingsupdate voor Windows XP (KB896428)Beveiligingsupdate voor Windows XP (KB899587)Beveiligingsupdate voor Windows XP (KB899591)Beveiligingsupdate voor Windows XP (KB900725)Beveiligingsupdate voor Windows XP (KB901017)Beveiligingsupdate voor Windows XP (KB901214)Beveiligingsupdate voor Windows XP (KB902400)Beveiligingsupdate voor Windows XP (KB904706)Beveiligingsupdate voor Windows XP (KB905414)Beveiligingsupdate voor Windows XP (KB905749)Beveiligingsupdate voor Windows XP (KB908519)Beveiligingsupdate voor Windows XP (KB911562)Beveiligingsupdate voor Windows XP (KB911567)Beveiligingsupdate voor Windows XP (KB911927)Beveiligingsupdate voor Windows XP (KB912812)Beveiligingsupdate voor Windows XP (KB912919)Beveiligingsupdate voor Windows XP (KB913433)Beveiligingsupdate voor Windows XP (KB913580)Beveiligingsupdate voor Windows XP (KB914388)Beveiligingsupdate voor Windows XP (KB914389)Beveiligingsupdate voor Windows XP (KB917344)Beveiligingsupdate voor Windows XP (KB917422)Beveiligingsupdate voor Windows XP (KB917953)Beveiligingsupdate voor Windows XP (KB918118)Beveiligingsupdate voor Windows XP (KB918899)Beveiligingsupdate voor Windows XP (KB919007)Beveiligingsupdate voor Windows XP (KB920213)Beveiligingsupdate voor Windows XP (KB920214)Beveiligingsupdate voor Windows XP (KB920670)Beveiligingsupdate voor Windows XP (KB920683)Beveiligingsupdate voor Windows XP (KB920685)Beveiligingsupdate voor Windows XP (KB921398)Beveiligingsupdate voor Windows XP (KB921503)Beveiligingsupdate voor Windows XP (KB921883)Beveiligingsupdate voor Windows XP (KB922616)Beveiligingsupdate voor Windows XP (KB922760)Beveiligingsupdate voor Windows XP (KB922819)Beveiligingsupdate voor Windows XP (KB923191)Beveiligingsupdate voor Windows XP (KB923414)Beveiligingsupdate voor Windows XP (KB923694)Beveiligingsupdate voor Windows XP (KB923980)Beveiligingsupdate voor Windows XP (KB924191)Beveiligingsupdate voor Windows XP (KB924270)Beveiligingsupdate voor Windows XP (KB924496)Beveiligingsupdate voor Windows XP (KB924667)Beveiligingsupdate voor Windows XP (KB925454)Beveiligingsupdate voor Windows XP (KB925486)Beveiligingsupdate voor Windows XP (KB925902)Beveiligingsupdate voor Windows XP (KB926255)Beveiligingsupdate voor Windows XP (KB926436)Beveiligingsupdate voor Windows XP (KB927779)Beveiligingsupdate voor Windows XP (KB927802)Beveiligingsupdate voor Windows XP (KB928255)Beveiligingsupdate voor Windows XP (KB928843)Beveiligingsupdate voor Windows XP (KB929123)Beveiligingsupdate voor Windows XP (KB930178)Beveiligingsupdate voor Windows XP (KB931261)Beveiligingsupdate voor Windows XP (KB931784)Beveiligingsupdate voor Windows XP (KB932168)Beveiligingsupdate voor Windows XP (KB933729)Beveiligingsupdate voor Windows XP (KB935839)Beveiligingsupdate voor Windows XP (KB935840)Beveiligingsupdate voor Windows XP (KB936021)Beveiligingsupdate voor Windows XP (KB938829)Beveiligingsupdate voor Windows XP (KB941202)Beveiligingsupdate voor Windows XP (KB943460)Dell ResourceCDDell Solution CenterDivX CodecDivX ConverterDivX PlayerDivX Web PlayerEasyCleanerEPN werkboek-i chemie overal/vwo NG NT1Google EarthGuild WarsHijackThis 2.0.2Hitman ProHotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB926239)Hotfix voor Windows Media Player 11 (KB939683)Intel Link to post Share on other sites More sharing options...
JeanInMontana Posted November 19, 2007 ID:10130 Share Posted November 19, 2007 OK I don't know what these two items are:EPN werkboek-i chemie overal/vwo NG NT1SacrificeYou are also running an old version of Spybot Search & Destroy. The current version is 1.5 you should update to that and update definitions and immunize. Let me know what those two items are. Otherwise I just don't see any malware. Link to post Share on other sites More sharing options...
Kenny Posted November 20, 2007 Author ID:10153 Share Posted November 20, 2007 Alright then, I guess it's my computer getting old or something... EPN is something I used for chemistry and sacrifice is a game. Thank you for all your help and cyaKenny Link to post Share on other sites More sharing options...
JeanInMontana Posted November 20, 2007 ID:10157 Share Posted November 20, 2007 Just because I don't see it doesn't mean your clean. Your running an outdated version of SB S&D. I never saw logs from two programs I requested. I can't say your clean at all. Link to post Share on other sites More sharing options...
Recommended Posts