Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP! Please, with my HijackThis Log File.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » June 29th, 2008, 5:08 pm

Hi Rick

1 - Empty your Outlook Express Deleted Items folder
  • Open Outlook Express
  • Right click on Deleted Items
  • Select 'Empty Deleted Items folder'.
  • Click 'Yes' at the next popup box to succesfully empty the Deleted Items folder

2 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
C:\Documents and Settings\Administrator\Bureaublad\mappen\Muziek\Muziek\nederlandstalig\Frans Bauer & Marianne Weber - Zolang je bij me bent.mp3
C:\WINDOWS\pss\findfast.exe
C:\WINDOWS\system32\drivers\etc\hosts.bak
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^findfast.exe]



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

3 - Run F-Secure Online Scan

Scan online using F-Secure Online Scanner Next Generation using Internet Explorer
http://support.f-secure.com/enu/home/ols.shtml
Click on the link "F-Secure Online Scanner Next Generation".
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then Click Insall ActiveX component.
Read the license agreement and click "Accept".
Click "Full System Scan" to download the scanning components and begin scan and cleaning.
When done click "Show report" and copy/paste its contents into your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the ComboFix log
2. the F-Secure online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Re: HELP! Please, with my HijackThis Log File.

Unread postby rickrogf*kmalware » June 30th, 2008, 12:34 pm

ComboFix 08-06-20.4 - Administrator 2008-06-30 16:14:32.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.99 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\mappen\virusclean\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\mappen\virusclean\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\Documents and Settings\Administrator\Bureaublad\mappen\Muziek\Muziek\nederlandstalig\Frans Bauer & Marianne Weber - Zolang je bij me bent.mp3
C:\WINDOWS\pss\findfast.exe
C:\WINDOWS\system32\drivers\etc\hosts.bak
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Bureaublad\mappen\Muziek\Muziek\nederlandstalig\Frans Bauer & Marianne Weber - Zolang je bij me bent.mp3
C:\WINDOWS\system32\drivers\etc\hosts.bak

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))
.

2008-06-28 13:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 13:31 . 2008-06-28 13:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-26 17:54 . 2008-06-26 17:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-06-26 17:54 . 2008-06-26 17:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-06-25 03:22 . 2008-06-25 03:22 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-24 21:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-24 21:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-24 21:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-24 15:33 . 2008-06-25 13:46 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-24 15:10 . 2008-06-24 15:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-24 15:09 . 2008-06-24 15:11 <DIR> d-------- C:\Program Files\Windows Live
2008-06-24 15:08 . 2008-06-24 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-24 03:55 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-24 03:55 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 00:56 . 2008-06-24 00:56 125 --a------ C:\ioSpecial.ini
2008-06-23 05:41 . 2008-06-23 05:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 22:40 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-15 22:40 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-14 07:58 . 2008-05-14 07:58 0 --a------ C:\WINDOWS\system32\wscmp.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 11:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 11:32 --------- d-----w C:\Program Files\Java
2008-06-26 01:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 00:01 --------- d-----w C:\Program Files\Steam
2008-06-23 23:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-23 23:05 --------- d-----w C:\Program Files\Conduit
2008-06-23 23:03 --------- d-----w C:\Program Files\iPod
2008-06-23 23:01 --------- d-----w C:\Program Files\Winamp
2008-06-23 23:01 --------- d-----w C:\Program Files\Google
2008-06-23 22:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-23 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 22:55 --------- d-----w C:\Program Files\eidos
2008-06-22 22:57 --------- d-----w C:\Program Files\Hitman Pro
2008-06-08 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 06:54 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-31 14:56 --------- d-----w C:\Program Files\LimeWire
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 17:01 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-30 04:50 1,786 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2006-12-17 18:32 106 ----a-w C:\Program Files\piconfig.lx
2005-12-13 14:19 20,921,040 ----a-w C:\Program Files\AdbeRdr705_enu_full.exe
2005-12-13 14:18 7,050,552 ----a-w C:\Program Files\psa30se_en_us.exe
2005-12-13 14:17 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2005-10-25 09:09 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-20 22:46 34,511,160 ----a-w C:\Program Files\iTunesSetup.exe
2005-10-05 21:45 627,312 ----a-w C:\Program Files\SqirlzMorph.zip
2005-08-29 11:30 353,888 ----a-w C:\Program Files\LimeWireWin.exe
2005-08-28 20:06 1,094,021 ------w C:\Program Files\dvdshrink32setup1.zip
.

((((((((((((((((((((((((((((( snapshot_2008-06-26_ 3.44.45,39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-28 11:41:02 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-06-28 11:35:35 1,640 ----a-w C:\WINDOWS\mozver.dat
- 2004-08-10 22:41:00 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-20 04:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2005-11-10 10:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 10:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 12:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-11-09 14:20:00 2,111,096 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-09 14:20:00 190,072 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-06-28 11:47:38 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-10-18 19:47:18 757,248 ------w C:\WINDOWS\system32\WMADMOD.dll
+ 2004-08-10 23:38:48 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2007-10-25 08:28:30 222,720 ------w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-20 04:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-11-02 20:53:24 99,840 ------w C:\WINDOWS\system32\wmpshell.dll
+ 2004-08-11 19:30:16 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2006-10-18 19:47:22 2,450,944 ------w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2001-06-26 19:23 401493]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-10-11 13:54:26 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^ubisoft register.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ubisoft register.lnk
backup=C:\WINDOWS\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-04 03:03 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2001-06-26 19:23 401493 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-01-04 14:17 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-07 19:48 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Team17\\Worms2\\frontend.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=

[HKLM\~\Services\\_common\\RWVoice.exe"=]
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45408:UDP"= 45408:UDP:azureus
"6881:TCP"= 6881:TCP:azureus 2
"6881:UDP"= 6881:UDP:azureus 3
"6999:UDP"= 6999:UDP:azureus 4

R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 15:11]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []

.
Inhoud van de 'Gedeelde Taken' map
"2008-06-30 14:00:00 C:\WINDOWS\Tasks\{60D94997-04A9-4E51-9DF7-D2C5321AE47F}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-05-02 14:00:12 C:\WINDOWS\Tasks\{65CB179F-35FC-4474-831E-F323E40D827D}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
"2008-06-23 07:00:00 C:\WINDOWS\Tasks\{F9D79E87-FF41-4143-8B7F-CA010D76E877}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 16:17:20
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
Voltooingstijd: 2008-06-30 16:22:52
ComboFix-quarantined-files.txt 2008-06-30 14:21:49
ComboFix2.txt 2008-06-26 01:46:28
ComboFix3.txt 2008-06-24 23:01:26
ComboFix4.txt 2008-06-24 11:48:47

Pre-Run: 61,398,309,888 bytes beschikbaar
Post-Run: 61,525,280,768 bytes beschikbaar

205 --- E O F --- 2008-06-27 01:01:39


Scanning Report
Monday, June 30, 2008 17:03:45 - 18:16:42

Computer name: DETERS
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 0 malware found
Statistics
Scanned:

* Files: 29038
* System: 3276
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{06EB1DE4-52A5-4E98-B945-3F75793029F5}.BIN

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-06-30
* F-Secure AVP: 7.0.171, 2008-06-30
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:19, on 30-6-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 5399 bytes
rickrogf*kmalware
Active Member
 
Posts: 14
Joined: June 22nd, 2008, 11:46 pm

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » June 30th, 2008, 5:40 pm

Hi Rick

Why do you not have an antivirus program installed? It is simply not safe to use the Internet without one anymore. This computer is seriously compromised, and it is completely uncertain that it can be cleaned and every made safe to use again

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

1 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2 - Malwarebytes' Anti-Malware

  • Launch Malwarebytes' Anti-Malware
  • Click Update
  • Then click Check for Updates
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



3 - Run Hijackthis

Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the ComboFix log (C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby rickrogf*kmalware » July 1st, 2008, 8:13 pm

ComboFix 08-06-20.4 - Administrator 2008-07-01 12:33:00.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.79 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\mappen\virusclean\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\mappen\virusclean\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))
.

2008-07-01 12:30 . 2008-07-01 12:30 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-30 16:59 . 2008-06-30 16:59 <DIR> d-------- C:\fsaua.data
2008-06-28 13:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 13:31 . 2008-06-28 13:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-26 17:54 . 2008-06-26 17:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-06-26 17:54 . 2008-06-26 17:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-06-25 03:22 . 2008-06-25 03:22 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-24 21:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-24 21:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-24 21:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-24 15:33 . 2008-06-25 13:46 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-24 15:10 . 2008-06-24 15:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-24 15:09 . 2008-06-24 15:11 <DIR> d-------- C:\Program Files\Windows Live
2008-06-24 15:08 . 2008-06-24 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 03:55 . 2008-07-01 12:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 03:55 . 2008-06-24 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-24 03:55 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-24 03:55 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 00:56 . 2008-06-24 00:56 125 --a------ C:\ioSpecial.ini
2008-06-23 05:41 . 2008-06-23 05:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 22:40 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-15 22:40 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 11:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 11:32 --------- d-----w C:\Program Files\Java
2008-06-26 01:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 00:01 --------- d-----w C:\Program Files\Steam
2008-06-23 23:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-23 23:05 --------- d-----w C:\Program Files\Conduit
2008-06-23 23:03 --------- d-----w C:\Program Files\iPod
2008-06-23 23:01 --------- d-----w C:\Program Files\Winamp
2008-06-23 23:01 --------- d-----w C:\Program Files\Google
2008-06-23 22:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-23 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 22:55 --------- d-----w C:\Program Files\eidos
2008-06-22 22:57 --------- d-----w C:\Program Files\Hitman Pro
2008-06-08 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 06:54 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-31 14:56 --------- d-----w C:\Program Files\LimeWire
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 17:01 691,545 ----a-w C:\WINDOWS\unins000.exe
2006-12-17 18:32 106 ----a-w C:\Program Files\piconfig.lx
2005-12-13 14:19 20,921,040 ----a-w C:\Program Files\AdbeRdr705_enu_full.exe
2005-12-13 14:18 7,050,552 ----a-w C:\Program Files\psa30se_en_us.exe
2005-12-13 14:17 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2005-10-25 09:09 3,200,856 ----a-w C:\Program Files\hitmanpro221.exe
2005-10-20 22:46 34,511,160 ----a-w C:\Program Files\iTunesSetup.exe
2005-10-05 21:45 627,312 ----a-w C:\Program Files\SqirlzMorph.zip
2005-08-29 11:30 353,888 ----a-w C:\Program Files\LimeWireWin.exe
2005-08-28 20:06 1,094,021 ------w C:\Program Files\dvdshrink32setup1.zip
.

((((((((((((((((((((((((((((( snapshot_2008-06-26_ 3.44.45,39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 13:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 13:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 14:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 13:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
+ 2008-06-28 11:41:02 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-06-28 11:35:35 1,640 ----a-w C:\WINDOWS\mozver.dat
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-10 22:41:00 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-20 04:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2005-11-10 10:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 10:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 12:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-11-09 14:20:00 2,111,096 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-09 14:20:00 190,072 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-06-28 11:47:38 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-10-18 19:47:18 757,248 ------w C:\WINDOWS\system32\WMADMOD.dll
+ 2004-08-10 23:38:48 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2007-10-25 08:28:30 222,720 ------w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-20 04:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-11-02 20:53:24 99,840 ------w C:\WINDOWS\system32\wmpshell.dll
+ 2004-08-11 19:30:16 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2006-10-18 19:47:22 2,450,944 ------w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2001-06-26 19:23 401493]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-10-11 13:54:26 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^ubisoft register.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ubisoft register.lnk
backup=C:\WINDOWS\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-04 03:03 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2001-06-26 19:23 401493 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-01-04 14:17 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-07 19:48 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Team17\\Worms2\\frontend.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=

[HKLM\~\Services\\_common\\RWVoice.exe"=]
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45408:UDP"= 45408:UDP:azureus
"6881:TCP"= 6881:TCP:azureus 2
"6881:UDP"= 6881:UDP:azureus 3
"6999:UDP"= 6999:UDP:azureus 4

R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 15:11]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-30 14:00:00 C:\WINDOWS\Tasks\{60D94997-04A9-4E51-9DF7-D2C5321AE47F}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-05-02 14:00:12 C:\WINDOWS\Tasks\{65CB179F-35FC-4474-831E-F323E40D827D}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
"2008-07-01 07:00:00 C:\WINDOWS\Tasks\{F9D79E87-FF41-4143-8B7F-CA010D76E877}_CC232369-A_Administrator.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 12:36:15
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
Voltooingstijd: 2008-07-01 12:42:13
ComboFix-quarantined-files.txt 2008-07-01 10:41:08
ComboFix2.txt 2008-06-30 14:22:53
ComboFix3.txt 2008-06-26 01:46:28
ComboFix4.txt 2008-06-24 23:01:26
ComboFix5.txt 2008-06-24 11:48:47

Pre-Run: 61,347,455,488 bytes beschikbaar
Post-Run: 61,447,255,040 bytes beschikbaar

207 --- E O F --- 2008-06-27 01:01:39


Malwarebytes' Anti-Malware 1.19
Database versie: 910
Windows 5.1.2600 Service Pack 2

13:31:51 1-7-2008
mbam-log-7-1-2008 (13-31-51).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 89348
Verstreken tijd: 22 minute(s), 27 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:31, on 2-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 5957 bytes



Before I had made an new hijackthis report the virus scanner automaticly switched on, it made a scan and asked me to remove wat was found by "avast anti-virus" and I did. I don't know if that matters in the results but perhaps it does so i am telling it to you anyway

Greetz,

Rick.
rickrogf*kmalware
Active Member
 
Posts: 14
Joined: June 22nd, 2008, 11:46 pm

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 2nd, 2008, 2:46 am

Hi Rick

Logs, looks good but let's run one online scan to be sure

PANDA ONLINE SCAN
Place a shortcut to Panda ActiveScan on your desktop.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 7th, 2008, 1:46 pm

Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby rickrogf*kmalware » July 7th, 2008, 5:22 pm

i'm sorry but i had to work very long days so i had no time to reply i've tried the panda scan but avast says it is an worm and trojan and it won't open...

greetz,
Rick
rickrogf*kmalware
Active Member
 
Posts: 14
Joined: June 22nd, 2008, 11:46 pm

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 9th, 2008, 6:05 am

Hi Rick

We must disable AVAST before you start panda scan by doing the following;

Right click on the avast! icon in system tray (looks like this: Image) and choose Stop On-Access Protection

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby rickrogf*kmalware » July 10th, 2008, 4:14 pm

i've done that and i have runed the scan but then it says that i don't have a virus scanner and that i should get one...
rickrogf*kmalware
Active Member
 
Posts: 14
Joined: June 22nd, 2008, 11:46 pm

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 12th, 2008, 3:30 am

Hi Rick

i don't have a virus scanner and that i should get one


Your avast! Antivirus was disabled......

Enabling avast! Antivirus is just as simple. Do the following:

In the bottom, right-hand corner of your Desktop is the System Tray and, within it, the avast! Antivirus icon.

Right click the avast! Antivirus icon and select Start avast! Antivirus from the menu.

avast! Antivirus is now enabled.

Please post the contents of the Panda scan report, along with a new HijackThis Log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby rickrogf*kmalware » July 12th, 2008, 11:27 pm

i tried to tell you when i have it on avast then it can't open because he blockes it and iv'e i turn it off avast the scan tells me to get a virus scanner
rickrogf*kmalware
Active Member
 
Posts: 14
Joined: June 22nd, 2008, 11:46 pm

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 14th, 2008, 2:54 pm

Hi Rick

Let`s run another online scan......

Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 19th, 2008, 7:45 am

Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: HELP! Please, with my HijackThis Log File.

Unread postby rickrogf*kmalware » July 19th, 2008, 4:38 pm

yes but i don't get it since i tried to do the panda scan end i turned advast off for a few minuts to do the scan the computer has slowed up again this is my new hijacklist since the panda check

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:09, on 19-7-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 6056 bytes


Greetz,
Rick
rickrogf*kmalware
Active Member
 
Posts: 14
Joined: June 22nd, 2008, 11:46 pm

Re: HELP! Please, with my HijackThis Log File.

Unread postby peku006 » July 20th, 2008, 4:29 am

Hi Rick

1 - Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Eset NOD32 online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 138 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware