Anoniem2 Geplaatst: 13 december 2009 Delen Geplaatst: 13 december 2009 Ook mij is het overkomen. Dezelfde trojan.\r\nMoet ik een nieuw topic openen of wordt het hier ook gezien.\r\n\r\nDeze logfile verschijnt in het Hijack:\r\n\r\nLogfile of Trend Micro HijackThis v2.0.3 (BETA)\r\nScan saved at 14:36:25, on 13-12-2009\r\nPlatform: Unknown Windows (WinNT 6.01.3504)\r\nMSIE: Internet Explorer v8.00 (8.00.7600.16385)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\Windows\\SYSTEM32\\WISPTIS.EXE\r\nC:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe\r\nC:\\Windows\\system32\\taskhost.exe\r\nC:\\Windows\\system32\\Dwm.exe\r\nC:\\Windows\\Explorer.EXE\r\nC:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe\r\nC:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe\r\nC:\\Program Files\\CyberLink\\YouCam\\YouCamTray.exe\r\nC:\\Program Files\\AVG\\AVG9\\avgtray.exe\r\nC:\\Program Files\\Canon\\MyPrinter\\BJMYPRT.EXE\r\nC:\\Program Files\\Gigaset DECT\\gigaset-m34-usb\\dlrblckr.exe\r\nC:\\Program Files\\Gigaset DECT\\gigaset-m34-software\\messengerservice.exe\r\nC:\\Program Files\\Gigaset DECT\\gigaset-m34-software\\keymap.exe\r\nC:\\Program Files\\Unlocker\\UnlockerAssistant.exe\r\nC:\\Program Files\\Windows Sidebar\\sidebar.exe\r\nC:\\Program Files\\Desktop Calendar\\Desktop Calendar.exe\r\nC:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\r\nC:\\Program Files\\FireTrust\\MailWasher Pro\\MailWasher.exe\r\nC:\\Program Files\\Gigaset DECT\\gigaset-m34-software\\appsvr.exe\r\nC:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe\r\nC:\\Windows\\system32\\wuauclt.exe\r\nC:\\Program Files\\Internet Explorer\\iexplore.exe\r\nC:\\Program Files\\Internet Explorer\\iexplore.exe\r\nC:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe\r\nC:\\Program Files\\Internet Explorer\\iexplore.exe\r\nC:\\Program Files\\Internet Explorer\\iexplore.exe\r\nC:\\Windows\\system32\\taskeng.exe\r\nC:\\Program Files\\AVG\\AVG9\\avgui.exe\r\nC:\\Program Files\\TrendMicro\\HiJackThis\\HiJackThis.exe\r\nC:\\Windows\\system32\\SearchFilterHost.exe\r\n\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://www.aldi.com[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://www.nu.nl/[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = \r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = \r\nR1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Koppelingen\r\nR3 - URLSearchHook: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\\Program Files\\ONLINE-TV\\tbONL1.dll\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG9\\avgssie.dll\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\nO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\\Program Files\\Microsoft\\Search Enhancement Pack\\Search Helper\\SEPsearchhelperie.dll\r\nO2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\\Program Files\\ONLINE-TV\\tbONL1.dll\r\nO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\r\nO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll\r\nO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\\Program Files\\Windows Live\\Toolbar\\wltcore.dll\r\nO3 - Toolbar: ONLINE-TV Toolbar - {a8baaddd-ab98-4cdb-84cc-3c9ed9f38d1e} - C:\\Program Files\\ONLINE-TV\\tbONL1.dll\r\nO4 - HKLM\\..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe\r\nO4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup\r\nO4 - HKLM\\..\\Run: [CLMLServer] \"C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe\"\r\nO4 - HKLM\\..\\Run: [UCam_Menu] \"C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\YouCam\" UpdateWithCreateOnce \"Software\\CyberLink\\YouCam\\3.0\"\r\nO4 - HKLM\\..\\Run: [YouCam Mirror Tray icon] \"C:\\Program Files\\CyberLink\\YouCam\\YouCamTray.exe\" /s\r\nO4 - HKLM\\..\\Run: [AVG9_TRAY] C:\\PROGRA~1\\AVG\\AVG9\\avgtray.exe\r\nO4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"\r\nO4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"\r\nO4 - HKLM\\..\\Run: [CanonMyPrinter] C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon\r\nO4 - HKLM\\..\\Run: [dlrblckr.exe] \"C:\\Program Files\\Gigaset DECT\\gigaset-m34-usb\\dlrblckr.exe\"\r\nO4 - HKLM\\..\\Run: [skypeclient.exe] \"C:\\Program Files\\Gigaset DECT\\gigaset-m34-software\\skypeclient.exe\"\r\nO4 - HKLM\\..\\Run: [messengerservice.exe] \"C:\\Program Files\\Gigaset DECT\\gigaset-m34-software\\messengerservice.exe\"\r\nO4 - HKLM\\..\\Run: [keymap.exe] \"C:\\Program Files\\Gigaset DECT\\gigaset-m34-software\\keymap.exe\"\r\nO4 - HKLM\\..\\Run: [AdobeCS4ServiceManager] \"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin\r\nO4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\r\nO4 - HKLM\\..\\Run: [UnlockerAssistant] \"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"\r\nO4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun\r\nO4 - HKCU\\..\\Run: [Desktop Calendar] C:\\Program Files\\Desktop Calendar\\Desktop Calendar.exe\r\nO4 - HKCU\\..\\Run: [VoipBuster] \"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized\r\nO4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')\r\nO4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')\r\nO4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')\r\nO4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')\r\nO4 - Startup: MailWasherPro.lnk = C:\\Program Files\\FireTrust\\MailWasher Pro\\MailWasher.exe\r\nO8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MI1933~1\\Office12\\EXCEL.EXE/3000\r\nO9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [url]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/url] (file missing)\r\nO9 - Extra \'Tools\' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [url]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/url] (file missing)\r\nO9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll\r\nO9 - Extra \'Tools\' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll\r\nO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MIF5BA~1\\Office12\\REFIEBAR.DLL\r\nO9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [url]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/url] (file missing) (HKCU)\r\nO9 - Extra \'Tools\' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [url]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/url] (file missing) (HKCU)\r\nO10 - Unknown file in Winsock LSP: c:\\program files\\common files\\microsoft shared\\windows live\\wlidnsp.dll\r\nO10 - Unknown file in Winsock LSP: c:\\program files\\common files\\microsoft shared\\windows live\\wlidnsp.dll\r\nO13 - Gopher Prefix: \r\nO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]\r\nO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG9\\avgpp.dll\r\nO23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG9\\avgemc.exe\r\nO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG9\\avgwdsvc.exe\r\nO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe\r\nO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\r\nO23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\\Program Files\\Canon\\IJPLM\\IJPLMSVC.EXE\r\nO23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe\r\nO23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe\r\nO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\\nvvsvc.exe\r\nO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe\r\nO23 - Service: WMI_Hook_Service - MICRO-STAR INT\'L,.LTD. - C:\\Program Files\\msi\\OSD hot keys\\WMI_Hook_Service.exe\r\n\r\n--\r\nEnd of file - 9456 bytes\r\n\r\nWie kan me helpen.......?\r\nGroetjes, Jacco. Quote Link naar reactie
0 Anoniem2 Geplaatst: 16 december 2009 Auteur Delen Geplaatst: 16 december 2009 Bij gebrek aan reacties toch maar gekozen voor de ultieme oplossing: format c:\r\n\r\nVeel succes verder in dit forum. Hoewel ik niet geholpen ben (waarom niet?), gebeuren er genoeg goede dingen heb ik gezien. Adieu! Quote Link naar reactie
Vraag
Anoniem2
Link naar reactie
1 antwoord op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen