Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:33, on 2/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007
\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows
Defender\MSASCui.exe
C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDV
DDET.exe
C:\Program Files\Microsoft Office\Office12
\GrooveMonitor.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft
IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
C:\Program Files\ISP
Monitor\ISPMonitorSrv.exe
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Program
Files\VistaCodecPack\QT\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows
Live\Messenger\msnmsgr.exe
C:\Program Files\Netlog 24
\Notifier\Netlog24Notifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft
IntelliPoint\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
Live Search:
FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
Live Search:
FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
Google
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
MSN.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
Live Search:
FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\Program Files\Microsoft Office\Office12
\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-
B692-46c4-B683-905236F6F655} - c:\progra~1
\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %
ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDV
DDet.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R240
Series] C:\Windows\system32
\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F
"C:\Windows\TEMP\E_S95F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12
\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe" -
start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program
Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program
Files\Lavasoft\Ad-Aware 2007\Ad-
Watch2007.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program
Files\ESET\ESET NOD32 Antivirus\egui.exe"
/hide /waitservice
O4 - HKLM\..\Run: [ThreatFire] C:\Program
Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\VistaCodecPack\QT\QTTask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ISUSPM Startup]
"C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe"
-startup
O4 - HKCU\..\Run: [Netlog 24] "C:\Program
Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program
Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %
ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run:
[WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %
ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB]
C:\Windows\system32\READREG /SILENT
/FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run:
[DevconDefaultDB] C:\Windows\system32
\READREG /SILENT /FAIL=1 (User 'Default
user')
O8 - Extra context menu item: Add to Windows
&Live Favorites -
Add to Windows Live Favorites
O9 - Extra button: Verzenden naar OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar
OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1\MICROS~2
\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-
41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-
D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/2007050
1/qtinstall.info.apple.com/qtactivex/qtplugin.c
ab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-
7F76E0CE5F3F} (FavImport Class) -
https://favorites.live.com/cab/ImportAx.cab?
v=13,0,1609,00
O16 - DPF: {05D44720-58E3-49E6-BDF6-
D00330E511D3} (StagingUI Object) -
MSN Games - Free Online Games
ngUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-
83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrc
hkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-
B5388FFDD0D8} (MSN Games – Buddy Invite) -
MSN Games - Free Online Games
dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-
2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.mail.live.com/mail/w1/resources/V
istaMSNPUpldnl-be.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-
989993B5D08B} (OnlineScanner Control) -
Eset - Antivirus Software NOD32.
cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-
917ABDD035B3} (ZonePAChat Object) -
MSN Games - Free Online Games
hat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-
CC0F21721616} (DivXBrowserPlugin Object) -
DivX Video Player - DivX Codec - DivX Converter - DivX Web Player - Download DivX for Windows
Plugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-
220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/
ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-
3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe
ngerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-
444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc
kwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-
C771BB369937} (MSN Games – Game
Communicator) -
MSN Games - Free Online Games
xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-
4709194C2AD3} (CheckersZPA Object) -
MSN Games - Free Online Games
ckersZPA.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-
F0CA-4636-A375-3CB6248B04CD} - C:\Program
Files\Microsoft Office\Office12
\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc.
- C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM
Access - Unknown owner -
C:\Windows\System32\CTSVCCDA.EXE (file
missing)
O23 - Service: Eset HTTP Server (EhttpSrv) -
ESET - C:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET -
C:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
O23 - Service: iPod-service (iPod Service) -
Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) -
How2 Studios - C:\Program Files\ISP
Monitor\ISPMonitorSrv.exe
O23 - Service: McAfee WSC Integration
(McDetect.exe) - Unknown owner - c:\program
files\mcafee.com\agent\mcdetect.exe (file
missing)
O23 - Service: McAfee Task Scheduler
(McTskshd.exe) - Unknown owner -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
(file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero
AG - C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -
C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service -
Prolific Technology Inc. -
C:\Windows\system32\IoctlSvc.exe
O23 - Service: ThreatFire - PC Tools -
C:\Program Files\ThreatFire\TFService.exe
--
End of file - 11177 bytes
ik hoop dat het goe is zene