ComboFix 10-04-19.05 - Marjolijn 20-04-2010 12:05:32.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.535
Gestart vanuit: c:\documents and settings\Marjolijn\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Marjolijn\Bureaublad\CFScript.txt
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MARJOL~1\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Marjolijn\Local Settings\temp\IadHide4.dll
c:\documents and settings\Marjolijn\mdsys.s
c:\documents and settings\Marjolijn\mdusys.s
c:\documents and settings\Marjolijn\winbrd.jpg
c:\documents and settings\Nijenhuis\Local Settings\Application Data\AskToolbar
c:\documents and settings\Nijenhuis\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\Nijenhuis\Local Settings\Application Data\AskToolbar\config.xml
c:\documents and settings\Silke\Local Settings\Application Data\AskToolbar
c:\documents and settings\Silke\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\Silke\Local Settings\Application Data\AskToolbar\config.xml
c:\documents and settings\Silke\Local Settings\Application Data\AskToolbar\Downloaded Program Files\LimeWire.dll
c:\documents and settings\Silke\Local Settings\Application Data\AskToolbar\Downloaded Program Files\LimeWire.inf
c:\documents and settings\Silke\Local Settings\Application Data\AskToolbar\limewire.cab
c:\documents and settings\Silke\mdsys.s
c:\documents and settings\Silke\mdusys.s
c:\documents and settings\Silke\winbrd.jpg
c:\program files\Ask.com
c:\program files\Ask.com\btn_search.png
c:\program files\Ask.com\limewire_logo.png
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))))
.
2010-04-16 17:05 . 2010-04-16 17:05 ——– d—–w- c:\program files\Trend Micro
2010-04-13 12:45 . 2010-04-13 12:45 503808 —-a-w- c:\documents and settings\Silke\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e492f2b-n\msvcp71.dll
2010-04-13 12:45 . 2010-04-13 12:45 499712 —-a-w- c:\documents and settings\Silke\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e492f2b-n\jmc.dll
2010-04-13 12:45 . 2010-04-13 12:45 348160 —-a-w- c:\documents and settings\Silke\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e492f2b-n\msvcr71.dll
2010-04-13 12:45 . 2010-04-13 12:45 61440 —-a-w- c:\documents and settings\Silke\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76c60fd4-n\decora-sse.dll
2010-04-13 12:45 . 2010-04-13 12:45 12800 —-a-w- c:\documents and settings\Silke\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76c60fd4-n\decora-d3d.dll
2010-04-06 16:13 . 2010-04-06 16:13 664 —-a-w- c:\windows\system32\d3d9caps.dat
2010-04-05 13:10 . 2010-04-12 17:51 ——– d—–w- c:\documents and settings\Silke\Application Data\LimeWire
2010-04-05 12:45 . 2010-04-05 12:45 ——– d—–w- c:\documents and settings\Silke\Local Settings\Application Data\Apple
2010-04-05 12:43 . 2010-04-05 12:43 ——– d—–w- c:\documents and settings\Silke\Application Data\Apple Computer
2010-03-31 10:12 . 2010-03-31 10:12 503808 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ef0537f-n\msvcp71.dll
2010-03-31 10:12 . 2010-03-31 10:12 499712 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ef0537f-n\jmc.dll
2010-03-31 10:12 . 2010-03-31 10:12 348160 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ef0537f-n\msvcr71.dll
2010-03-31 10:12 . 2010-03-31 10:12 61440 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c465be1-n\decora-sse.dll
2010-03-31 10:12 . 2010-03-31 10:12 12800 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c465be1-n\decora-d3d.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 10:12 . 2008-08-05 12:47 ——– d—–w- c:\program files\Norman
2010-04-13 13:55 . 2009-05-05 17:50 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 13:05 . 2008-10-11 13:25 ——– d—–w- c:\program files\LimeWire
2010-04-05 10:58 . 2010-01-18 19:40 ——– d—–w- c:\documents and settings\Silke\Application Data\Skype
2010-04-05 10:55 . 2009-01-21 12:07 ——– d—–w- c:\documents and settings\Marjolijn\Application Data\Skype
2010-04-05 10:15 . 2009-01-21 12:10 ——– d—–w- c:\documents and settings\Marjolijn\Application Data\skypePM
2010-04-05 08:59 . 2010-01-18 19:48 ——– d—–w- c:\documents and settings\Silke\Application Data\skypePM
2010-03-31 16:16 . 2009-05-05 17:51 5918775 —-a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 10:12 . 2008-09-19 18:41 ——– d—–w- c:\program files\Common Files\Java
2010-03-31 10:11 . 2008-09-19 18:42 ——– d—–w- c:\program files\Java
2010-03-30 14:32 . 2008-09-24 13:06 ——– d—–w- c:\documents and settings\Marjolijn\Application Data\Canon
2010-03-29 22:46 . 2009-05-05 17:50 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-05-05 17:50 20824 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 11:43 . 2004-08-04 12:00 533928 —-a-w- c:\windows\system32\perfh013.dat
2010-03-28 11:43 . 2004-08-04 12:00 100060 —-a-w- c:\windows\system32\perfc013.dat
2010-03-27 09:25 . 2008-10-11 13:25 ——– d—–w- c:\documents and settings\Marjolijn\Application Data\LimeWire
2010-03-24 20:16 . 2009-02-19 20:30 ——– d—–w- c:\documents and settings\Nijenhuis\Application Data\Belastingdienst
2010-03-16 16:05 . 2010-03-16 16:05 323584 —-a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\7FF925F91B164F79B5B60CF131390434\swt-win32-3232.dll
2010-03-10 06:17 . 2008-04-14 20:32 420352 —-a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-10-26 11:39 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:20 . 2008-04-14 20:32 916480 —-a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 22:47 455680 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:09 . 2008-04-14 20:11 2150912 —-a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2008-04-14 22:11 2029056 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-17 18:38 293376 ——w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2008-04-14 20:32 100864 —-a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 22:30 226880 —-a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-03 17:38 . 2010-02-03 17:38 152576 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-03 17:38 . 2010-02-03 17:38 79488 —-a-w- c:\documents and settings\Marjolijn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
——- Sigcheck ——-
2008-07-01 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe”
“LDM”=“c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe”
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe”
“Omnipage”=“c:\program files\ScanSoft\OmniPageSE\opware32.exe”
“Norman ZANDA”=“c:\program files\Norman\Npm\Bin\ZLH.EXE”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
“mmtask”=“c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe”
“MMTray”=“c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe”
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Image Monitor.lnk - c:\program files\Digital Image\Monitor.exe
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
“EnableFirewall”= 0 (0x0)
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\LimeWire\\LimeWire.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe”=
“c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
P2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\NPF\bin\npfsvc32.exe
R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe
S3 NVCScheduler;Norman Virus Control Scheduler;“c:\program files\Norman\Npm\Bin\Nvcsched.exe” –> c:\program files\Norman\Npm\Bin\Nvcsched.exe
— Andere Services/Drivers In Geheugen —
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
domcootw
.
Inhoud van de ‘Gedeelde Taken’ map
2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
2010-04-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-04-20 c:\windows\Tasks\User_Feed_Synchronization-{E97E2088-9CB6-4D58-A6C6-4B1314348F0F}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.kpnvandaag.nl/#home
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: pcreview.co.uk\www
Trusted Zone: windowsupdate.com\download
.
**************************************************************************
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘explorer.exe’(3156)
c:\program files\Norman\nvc\bin\Niphk.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Norman\Npm\Bin\Elogsvc.exe
c:\program files\Norman\Npm\Bin\zanda.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Norman\npf\bin\npfuser.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Norman\Nvc\Bin\Nip.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-20 12:16:25 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-20 10:16
ComboFix2.txt 2010-04-19 18:16
Pre-Run: 12.534.521.856 bytes beschikbaar
Post-Run: 12.505.182.208 bytes beschikbaar
- - End Of File - - 13323BAC28DA00F872C4C0A507E4DBD1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:00, on 20-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: KHALMNPR.EXE
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” -“http://www.spele.nl/game/rollende_knikker/harvey_wallbanger.html”
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://www.pcreview.co.uk
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
–
End of file - 11348 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:00, on 20-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: KHALMNPR.EXE
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” -“http://www.spele.nl/game/rollende_knikker/harvey_wallbanger.html”
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://www.pcreview.co.uk
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
–
End of file - 11348 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:00, on 20-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: KHALMNPR.EXE
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” -“http://www.spele.nl/game/rollende_knikker/harvey_wallbanger.html”
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://www.pcreview.co.uk
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
–
End of file - 11348 bytes
Hallo, 1x combolog en 3x hijack this.
Hopelijk wordt jij er nog wijs uit,
groeten Marjolijn
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
