Can someone help me pls. None of the spyware,malware virus removers had found something.
The problem is that when I'm working @ homr, my Internet connection hardly works.
When I look to my netstat I see that my services.exe takes all tcp connections.
When removing these connections, new ones are popping up......!!
When I work @ at my office, this phenomenon doesn't appear to happen. (probably the company blocks the used ports.
I'll send a hijack log file.
Can someone pls look at this..
Thnx.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:46, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\bmwebcfg.exe
C:\Program Files\AGFA\Agfa VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINNT\system32\nvsvc32.exe
D:\oracle\product\9.2.0\db_1\BIN\TNSLSNR.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\system32\mqtgsvc.exe
C:\Program Files\NetInst\NiAiServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\WLTRAY.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\stsystra.exe
C:\Program Files\AGFA\AgfaNiAgent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
D:\Profiles\awgcg\LOCALS~1\Temp\UnlockerAssistant.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\vVX3000.exe
C:\WINNT\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AWGCG.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.agfanet/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ICS 071120 (proxy.ict)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy-pac.ict...2/ie-config.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ict:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Smartpipes.Net;*.esm.uu.Net;*.Xapps.ops.us.uu.net;*.Worldcom.Net;*.mci.Net;pbk
.mci.com;esmws1.mci.Com;192.168.*.*;10.*.*.*;<local>
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: (no name) - {85A611CA-CA0F-469B-8220-B70221A545BB} - (no file)
O2 - BHO: Swodum Proxy Toolbar Helper - {D85A260B-4A52-4498-85F4-682BACB5EEBB} - C:\PROGRA~1\Swodum\PROXYT~1\swprxie.dll
O2 - BHO: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - d:\Program Files\HttpWatch\httpwatchsc.dll
O3 - Toolbar: Swodum Proxy Toolbar - {A86B2D27-3653-46B1-8FB5-644FCEF56D14} - C:\PROGRA~1\Swodum\PROXYT~1\swprxie.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AgfaNiAgnt] "C:\Program Files\AGFA\AgfaNiAgent.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Profiles\awgcg\LOCALS~1\Temp\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINNT\vVX3000.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ReleaseManager] \\10.233.84.54\Orbis_Sync\releasemanager\ReleaseManager.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINNT\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Bginfo.lnk = C:\Program Files\AGFA\Bginfo.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - d:\Program Files\HttpWatch\httpwatch.dll
O9 - Extra 'Tools' menuitem: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - d:\Program Files\HttpWatch\httpwatch.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intra.agfanet
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210921813125
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink Edit Control) - https://livelink.mit...edit/lledit.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.local
O17 - HKLM\Software\..\Telephony: DomainName = emea.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = emea.local,local,imz.local,be.local,imz.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = emea.local,local,be.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = emea.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = emea.local,local,be.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = emea.local,local,be.local
O18 - Protocol: qpic - {F20816C2-B39E-47C5-95A4-94A5E6D172C7} - d:\PROGRA~1\QUESTS~1\PERFOR~1\Oracle\QUESTA~1\qpic.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll
O22 - SharedTaskScheduler: hyperproduction - {9d19a1a9-3cdf-4f15-a5ca-ea3905febded} - (no file)
O23 - Service: AGFARISWinSockLayer_HL7ORU - AGFA Healthcare Connectivity Gent - d:\agfa\interfaces\bin\agfawinsocklayer.exe
O23 - Service: AGFARISWinSockLayer_XMLORD - AGFA Healthcare Connectivity Gent - d:\agfa\interfaces\bin\agfawinsocklayer.exe
O23 - Service: AGFARISWinSockLayer_XMLORU - AGFA Healthcare Connectivity Gent - d:\agfa\interfaces\bin\agfawinsocklayer.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINNT\system32\bmwebcfg.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\AGFA\Agfa VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NetInstall Service (NIAIServ) - enteo Software GmbH - C:\Program Files\NetInst\NiAiServ.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NetInstall Executive (NiExServ) - enteo Software GmbH - C:\Program Files\NetInst\NiExServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleOracle_Home920Agent - Oracle Corporation - D:\oracle\product\9.2.0\db_1\bin\agntsrvc.exe
O23 - Service: OracleOracle_Home920ClientCache - Unknown owner - D:\oracle\product\9.2.0\db_1\BIN\ONRSD.EXE
O23 - Service: OracleOracle_Home920SNMPPeerEncapsulator - Unknown owner - D:\oracle\product\9.2.0\db_1\BIN\ENCSVC.EXE
O23 - Service: OracleOracle_Home920SNMPPeerMasterAgent - Unknown owner - D:\oracle\product\9.2.0\db_1\BIN\AGNTSVC.EXE
O23 - Service: OracleOracle_Home920TNSListener - Unknown owner - D:\oracle\product\9.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceHIS - Oracle Corporation - d:\oracle\product\9.2.0\db_1\bin\ORACLE.EXE
O23 - Service: QAM Launcher 3566 (QuestLauncher3566) - Quest Software, Inc. - D:\Program Files\Quest Software\Performance Analysis Server\agents\bin\quest_launcher.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
--
End of file - 14368 bytes