MagisterMagic
21 December 2006, 18:13
Logfile of HijackThis v1.99.1
scan saved at 12:00:38, on 21/12/2006
platform: windows xp sp2 (winnt 5.01.2600)
msie: internet explorer v7.00 (7.00.5730.0011)
browser: Internet Explorer 7.0
ColorCoder Build: 4021a
Running Processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\program files\messengerplus! 3\msgplus.exe
c:\program files\telemeter 3.0\telemeter3.exe
c:\program files\java\jre1.5.0_09\bin\jusched.exe
c:\progra~1\grisoft\avgfre~1\avgcc.exe
c:\program files\messenger\msmsgs.exe
c:\windows\system32\rundll32.exe
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
c:\progra~1\grisoft\avgfre~1\avgemc.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\program files\hijackthis\hijackthis.exe
(r0) - hkcu\software\microsoft\internet explorer\main,start page = h**p://www.google.be/
(r1) - hklm\software\microsoft\internet explorer\main,default_page_url = h**p://go.microsoft.com/fwlink/?linkid=69157
(r1) - hklm\software\microsoft\internet explorer\main,default_search_url = h**p://go.microsoft.com/fwlink/?linkid=54896
(r1) - hklm\software\microsoft\internet explorer\main,search page = h**p://go.microsoft.com/fwlink/?linkid=54896
(r0) - hklm\software\microsoft\internet explorer\main,start page = h**p://go.microsoft.com/fwlink/?linkid=69157
(r0) - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
(o2) - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
(o2) - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\sdhelper.dll
(o2) - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
(o4) - HKLM\..\Run: [cmaudio] rundll32 cmicnfg.cpl,cmictrlwnd
(o4) - HKLM\..\Run: [chotkey] mhotkey.exe
(o4) - HKLM\..\Run: [messengerplus3] "c:\program files\messengerplus! 3\msgplus.exe"
(o4) - HKLM\..\Run: [telemeter 3.0] "c:\program files\telemeter 3.0\telemeter3.exe"
(o4) - HKLM\..\Run: [sunjavaupdatesched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
(o4) - HKLM\..\Run: [avg7_cc] c:\progra~1\grisoft\avgfre~1\avgcc.exe /startup
(o4) - HKLM\..\Run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
(o4) - HKCU\..\Run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
(o4) - HKCU\..\Run: [messengerplus3] "c:\program files\messengerplus! 3\msgplus.exe" /winstart
(o4) - HKCU\..\Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
(o4) - HKCU\..\Run: [nview] rundll32.exe nview.dll,nviewloadhook
(o8) - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
(o9) - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
(o9) - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
(o9) - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
(o9) - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
(o9) - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
(o9) - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
(o9) - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
(o11) - options group: [international] international*
(o16) - dpf: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (symantec antivirus scanner) - h**p://security.symantec.com/sscv6/sharedcontent/vc/bin/avsniff.cab
(o16) - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - h**p://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1163106783798
(o16) - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - h**p://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
(o16) - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - h**p://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1163110560484
(o16) - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} (java runtime environment 1.5.0) - h**p://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
(o16) - dpf: {a18962f6-e6ed-40b1-97c9-1fb36f38bfa8} (aurigma image uploader 3.5 control) - h**p://www.extrafilm.be/net/import/imageuploader3.cab
(o18) - protocol: msnim - {828030a1-22c1-4009-854f-8e305202313f} - "c:\progra~1\msnmes~1\msgrapp.dll" (file missing)
(o23) - Service: avast! iavs4 control service (aswupdsv) - unknown owner - c:\program files\alwil software\avast4\aswupdsv.exe (file missing)
(o23) - Service: avast! antivirus - unknown owner - c:\program files\alwil software\avast4\ashserv.exe (file missing)
(o23) - Service: avast! mail scanner - unknown owner - c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
(o23) - Service: avast! web scanner - unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)
(o23) - Service: avg7 alert manager server (avg7alrt) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
(o23) - Service: avg7 update service (avg7updsvc) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
(o23) - Service: avg e-mail scanner (avgems) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgemc.exe
(o23) - Service: nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
(o23) - Service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
(o23) - Service: pdagent - vso software - (no file)
(o23) - Service: pdengine - vso software - (no file)
(o23) - Service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
scan saved at 12:00:38, on 21/12/2006
platform: windows xp sp2 (winnt 5.01.2600)
msie: internet explorer v7.00 (7.00.5730.0011)
browser: Internet Explorer 7.0
ColorCoder Build: 4021a
Running Processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\program files\messengerplus! 3\msgplus.exe
c:\program files\telemeter 3.0\telemeter3.exe
c:\program files\java\jre1.5.0_09\bin\jusched.exe
c:\progra~1\grisoft\avgfre~1\avgcc.exe
c:\program files\messenger\msmsgs.exe
c:\windows\system32\rundll32.exe
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
c:\progra~1\grisoft\avgfre~1\avgemc.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\program files\hijackthis\hijackthis.exe
(r0) - hkcu\software\microsoft\internet explorer\main,start page = h**p://www.google.be/
(r1) - hklm\software\microsoft\internet explorer\main,default_page_url = h**p://go.microsoft.com/fwlink/?linkid=69157
(r1) - hklm\software\microsoft\internet explorer\main,default_search_url = h**p://go.microsoft.com/fwlink/?linkid=54896
(r1) - hklm\software\microsoft\internet explorer\main,search page = h**p://go.microsoft.com/fwlink/?linkid=54896
(r0) - hklm\software\microsoft\internet explorer\main,start page = h**p://go.microsoft.com/fwlink/?linkid=69157
(r0) - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
(o2) - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
(o2) - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\sdhelper.dll
(o2) - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
(o4) - HKLM\..\Run: [cmaudio] rundll32 cmicnfg.cpl,cmictrlwnd
(o4) - HKLM\..\Run: [chotkey] mhotkey.exe
(o4) - HKLM\..\Run: [messengerplus3] "c:\program files\messengerplus! 3\msgplus.exe"
(o4) - HKLM\..\Run: [telemeter 3.0] "c:\program files\telemeter 3.0\telemeter3.exe"
(o4) - HKLM\..\Run: [sunjavaupdatesched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
(o4) - HKLM\..\Run: [avg7_cc] c:\progra~1\grisoft\avgfre~1\avgcc.exe /startup
(o4) - HKLM\..\Run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
(o4) - HKCU\..\Run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
(o4) - HKCU\..\Run: [messengerplus3] "c:\program files\messengerplus! 3\msgplus.exe" /winstart
(o4) - HKCU\..\Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
(o4) - HKCU\..\Run: [nview] rundll32.exe nview.dll,nviewloadhook
(o8) - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
(o9) - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
(o9) - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
(o9) - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
(o9) - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
(o9) - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
(o9) - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
(o9) - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
(o11) - options group: [international] international*
(o16) - dpf: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} (symantec antivirus scanner) - h**p://security.symantec.com/sscv6/sharedcontent/vc/bin/avsniff.cab
(o16) - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - h**p://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1163106783798
(o16) - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) - h**p://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab
(o16) - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - h**p://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1163110560484
(o16) - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} (java runtime environment 1.5.0) - h**p://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
(o16) - dpf: {a18962f6-e6ed-40b1-97c9-1fb36f38bfa8} (aurigma image uploader 3.5 control) - h**p://www.extrafilm.be/net/import/imageuploader3.cab
(o18) - protocol: msnim - {828030a1-22c1-4009-854f-8e305202313f} - "c:\progra~1\msnmes~1\msgrapp.dll" (file missing)
(o23) - Service: avast! iavs4 control service (aswupdsv) - unknown owner - c:\program files\alwil software\avast4\aswupdsv.exe (file missing)
(o23) - Service: avast! antivirus - unknown owner - c:\program files\alwil software\avast4\ashserv.exe (file missing)
(o23) - Service: avast! mail scanner - unknown owner - c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
(o23) - Service: avast! web scanner - unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)
(o23) - Service: avg7 alert manager server (avg7alrt) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
(o23) - Service: avg7 update service (avg7updsvc) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
(o23) - Service: avg e-mail scanner (avgems) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgemc.exe
(o23) - Service: nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
(o23) - Service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
(o23) - Service: pdagent - vso software - (no file)
(o23) - Service: pdengine - vso software - (no file)
(o23) - Service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe