Graag jullie visie op deze hijack.
Bijvoorbaat dank voor een snelle reactie.
Logfile of HijackThis v1.98.2
Scan saved at 22:29:18, on 4-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Anvshell.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program Files\Norman Access Control Privacy\nrmenctb.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jaap-Willem\Mijn documenten\Programma's\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxvbroekkqh.com/FYBwcst9tfyeCLHjtg66Nt_RURelcJZksbSf9bkurrj/dxnnvLazDhj66ViPIbIX.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.chkmpspjifoezlodlplwy.com/FYBwcst9tfxY9l7ybXqE0rdHBWxjKDwBROz0r0J63Ak.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2887A654-EA42-158A-427B-3DE6A68CB0D0} - C:\DOCUME~1\Joke\APPLIC~1\REMOTE~1\Ref cdrom.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MyIEMonitorObject Object - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~2.DLL
O2 - BHO: (no name) - {734453F2-779C-11D2-1442-26006259281C} - C:\DOCUME~1\JAAP-W~1\APPLIC~1\REMOTE~1\Ref cdrom.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Dupe axis test - {C66B848D-6532-2294-D983-462D96EE5B25} - C:\PROGRA~1\REMOTE~1\fastinfo.dll (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
O3 - Toolbar: (no name) - {CC857241-7626-699A-FE24-2E0F1FCA6721} - C:\PROGRA~1\REMOTE~1\fastinfo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [FLSVCIPV] C:\WINDOWS\FLSVCIPV.exe
O4 - HKLM\..\Run: [FMSZDJQW] C:\WINDOWS\FMSZDJQW.exe
O4 - HKLM\..\Run: [MTZGQWAG] C:\WINDOWS\MTZGQWAG.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [styledrvthissettings] C:\Documents and Settings\All Users\Application Data\bytebinstyledrv\wait4.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Norman ACP] "C:\Program Files\Norman Access Control Privacy\nrmenctb.exe"
O4 - HKLM\..\Run: [SetupFilmFaceBalm] C:\Documents and Settings\All Users\Application Data\roamwebsetupfilm\DEBUGPROXY.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [wipe mfcd] C:\DOCUME~1\JAAP-W~1\APPLIC~1\ABOUTI~1\Coal Dead.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ANWB - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
O9 - Extra 'Tools' menuitem: ANWB-toolbar - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://ftp.autodesk.com/pub/mapguide/viewer/mgaxctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C35772-1074-48B0-9F2F-4721204CC0D3}: NameServer = 212.45.33.3 212.45.32.3
Bijvoorbaat dank voor een snelle reactie.
Logfile of HijackThis v1.98.2
Scan saved at 22:29:18, on 4-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Anvshell.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program Files\Norman Access Control Privacy\nrmenctb.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jaap-Willem\Mijn documenten\Programma's\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cxvbroekkqh.com/FYBwcst9tfyeCLHjtg66Nt_RURelcJZksbSf9bkurrj/dxnnvLazDhj66ViPIbIX.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.chkmpspjifoezlodlplwy.com/FYBwcst9tfxY9l7ybXqE0rdHBWxjKDwBROz0r0J63Ak.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2887A654-EA42-158A-427B-3DE6A68CB0D0} - C:\DOCUME~1\Joke\APPLIC~1\REMOTE~1\Ref cdrom.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MyIEMonitorObject Object - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - C:\PROGRA~1\OPINIO~1\MYIEMO~2.DLL
O2 - BHO: (no name) - {734453F2-779C-11D2-1442-26006259281C} - C:\DOCUME~1\JAAP-W~1\APPLIC~1\REMOTE~1\Ref cdrom.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Dupe axis test - {C66B848D-6532-2294-D983-462D96EE5B25} - C:\PROGRA~1\REMOTE~1\fastinfo.dll (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: ANWB Toolbar - {EBB03E3E-020A-418D-B322-761B730CA860} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
O3 - Toolbar: (no name) - {CC857241-7626-699A-FE24-2E0F1FCA6721} - C:\PROGRA~1\REMOTE~1\fastinfo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [FLSVCIPV] C:\WINDOWS\FLSVCIPV.exe
O4 - HKLM\..\Run: [FMSZDJQW] C:\WINDOWS\FMSZDJQW.exe
O4 - HKLM\..\Run: [MTZGQWAG] C:\WINDOWS\MTZGQWAG.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [styledrvthissettings] C:\Documents and Settings\All Users\Application Data\bytebinstyledrv\wait4.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Norman ACP] "C:\Program Files\Norman Access Control Privacy\nrmenctb.exe"
O4 - HKLM\..\Run: [SetupFilmFaceBalm] C:\Documents and Settings\All Users\Application Data\roamwebsetupfilm\DEBUGPROXY.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [wipe mfcd] C:\DOCUME~1\JAAP-W~1\APPLIC~1\ABOUTI~1\Coal Dead.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ANWB - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
O9 - Extra 'Tools' menuitem: ANWB-toolbar - {C180B365-AAB4-49c3-8E52-C37832A8C758} - C:\Program Files\ANWBToolbar\ANWBToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://ftp.autodesk.com/pub/mapguide/viewer/mgaxctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C35772-1074-48B0-9F2F-4721204CC0D3}: NameServer = 212.45.33.3 212.45.32.3
