Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16:47, on 20-6-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\acer\epm\epm-dm.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/home/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.ubvu.vu.nl/ubvu.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\sdra64.exe, O1 - Hosts: 194.165.4.145 egggg.com O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk O1 - Hosts: 82.146.46.170 abbeyinternational.com O1 - Hosts: 82.146.46.170 www.abbeyinternational.com O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im O1 - Hosts: 82.146.46.170 ibank.internationalbanking.barclays.com O1 - Hosts: 82.146.46.170 www.ibank.internationalbanking.barclays.com O1 - Hosts: 82.146.46.170 cahoot.com O1 - Hosts: 82.146.46.170 www.cahoot.com O1 - Hosts: 82.146.46.170 home.ybonline.co.uk O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk O1 - Hosts: 82.146.46.170 home.cbonline.co.uk O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk O1 - Hosts: 82.146.46.170 myonlineaccounts3.abbeynational.co.uk O1 - Hosts: 82.146.46.170 www.myonlineaccounts3.abbeynational.co.uk O1 - Hosts: 82.146.46.170 bankcardservices.co.uk O1 - Hosts: 82.146.46.170 www.bankcardservices.co.uk O1 - Hosts: 82.146.46.170 bcol.barclaycard.co.uk O1 - Hosts: 82.146.46.170 www.bcol.barclaycard.co.uk O1 - Hosts: 82.146.46.170 businesscreditcardsonline.co.uk O1 - Hosts: 82.146.46.170 www.businesscreditcardsonline.co.uk O1 - Hosts: 82.146.46.170 capitaloneonline.co.uk O1 - Hosts: 82.146.46.170 www.capitaloneonline.co.uk O1 - Hosts: 82.146.46.170 service.citicards.co.uk O1 - Hosts: 82.146.46.170 www.service.citicards.co.uk O1 - Hosts: 82.146.46.170 mbna.co.uk O1 - Hosts: 82.146.46.170 www.mbna.co.uk O1 - Hosts: 82.146.46.170 cardsonline-consumer.com O1 - Hosts: 82.146.46.170 www.cardsonline-consumer.com O1 - Hosts: 82.146.46.170 partnerandaffinitycards.co.uk O1 - Hosts: 82.146.46.170 www.partnerandaffinitycards.co.uk O1 - Hosts: 82.146.46.170 esavingsaccount.co.uk O1 - Hosts: 82.146.46.170 www.esavingsaccount.co.uk O1 - Hosts: 82.146.46.170 citibank.co.uk O1 - Hosts: 82.146.46.170 www.citibank.co.uk O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk O1 - Hosts: 82.146.46.170 welcome26.co-operativebank.co.uk O1 - Hosts: 82.146.46.170 www.welcome26.co-operativebank.co.uk O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk O1 - Hosts: 82.146.46.170 www.welcome23.smile.co.uk O1 - Hosts: 82.146.46.170 welcome22.smile.co.uk O1 - Hosts: 82.146.46.170 www.welcome22.smile.co.uk O1 - Hosts: 82.146.46.170 egg.com O1 - Hosts: 82.146.46.170 www.egg.com O1 - Hosts: 82.146.46.170 new.egg.com O1 - Hosts: 82.146.46.170 www.new.egg.com O1 - Hosts: 82.146.46.170 firstdirect.com O1 - Hosts: 82.146.46.170 www.firstdirect.com O1 - Hosts: 82.146.46.170 halifax-online.co.uk O1 - Hosts: 82.146.46.170 www.halifax-online.co.uk O1 - Hosts: 82.146.46.170 icicibank.co.uk O1 - Hosts: 82.146.46.170 www.icicibank.co.uk O1 - Hosts: 82.146.46.170 online.lloydstsb.co.uk O1 - Hosts: 82.146.46.170 www.online.lloydstsb.co.uk O1 - Hosts: 82.146.46.170 online-business.lloydstsb.co.uk O1 - Hosts: 82.146.46.170 www.online-business.lloydstsb.co.uk O1 - Hosts: 82.146.46.170 online-offshore.lloydstsb.com O1 - Hosts: 82.146.46.170 www.online-offshore.lloydstsb.com O1 - Hosts: 82.146.46.170 moneybookers.com O1 - Hosts: 82.146.46.170 www.moneybookers.com O1 - Hosts: 82.146.46.170 olb2.nationet.com O1 - Hosts: 82.146.46.170 www.olb2.nationet.com O1 - Hosts: 82.146.46.170 online.sainsburysbank.co.uk O1 - Hosts: 82.146.46.170 www.online.sainsburysbank.co.uk O1 - Hosts: 82.146.46.170 scotwest.co.uk O1 - Hosts: 82.146.46.170 www.scotwest.co.uk O1 - Hosts: 82.146.46.170 ibank.cahoot.com O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com O1 - Hosts: 82.146.46.170 alliance-leicester.co.uk O1 - Hosts: 82.146.46.170 www.alliance-leicester.co.uk O1 - Hosts: 82.146.46.170 home.americanexpress.com O1 - Hosts: 82.146.46.170 www.home.americanexpress.com O1 - Hosts: 194.165.4.145 eggbank.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab O18 - Protocol: schmap-help - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 14787 bytes