jeyjay

Heb alles gedaan wat daar stond kreeg nu dit kladblok. hopelijk kunnen jullie er iets mee. vr gr. Marcel Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:50:38, on 17-8-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: D:\Windows\System32\smss.exe D:\Windows\system32\csrss.exe D:\Windows\system32\wininit.exe D:\Windows\system32\csrss.exe D:\Windows\system32\services.exe D:\Windows\system32\lsass.exe D:\Windows\system32\lsm.exe D:\Windows\system32\winlogon.exe D:\Windows\system32\svchost.exe D:\Windows\system32\nvvsvc.exe D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe D:\Windows\system32\svchost.exe D:\Windows\System32\svchost.exe D:\Windows\System32\svchost.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Windows\System32\spoolsv.exe D:\Windows\system32\svchost.exe D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe D:\Windows\System32\svchost.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe D:\Windows\system32\nvvsvc.exe D:\Windows\system32\taskhost.exe D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe D:\Windows\system32\msiexec.exe D:\Windows\system32\svchost.exe D:\Windows\system32\taskhost.exe D:\Windows\system32\WUDFHost.exe D:\Program Files\NVIDIA Corporation\Display\nvtray.exe D:\Windows\System32\svchost.exe D:\Program Files\Google\Google Talk\googletalk.exe D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe D:\Program Files\uTorrent\uTorrent.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Windows\system32\SearchIndexer.exe D:\Program Files\LogMeIn Hamachi\hamachi-2.exe D:\Program Files\Windows Media Player\wmpnetwk.exe D:\Windows\System32\svchost.exe D:\Windows\system32\wbem\wmiprvse.exe D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe D:\Windows\System32\svchost.exe D:\Windows\system32\DllHost.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Windows\system32\SearchProtocolHost.exe D:\Windows\system32\SearchFilterHost.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Windows\system32\vssvc.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe D:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = brapster.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:6588 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {0C9E4455-5E8F-653A-21B6-7B016D096948} - D:\Windows\system32\mtxxoci.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - D:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - D:\Program Files\Softonic-Eng7\prxtbSof0.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - D:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: @D:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: FlvTube Toolbar - {851552F5-B878-4b03-904F-2AD6A4CC8994} - "D:\Program Files\FlvTube Toolbar\flvtubetb.DLL" (file missing) O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - D:\Program Files\Softonic-Eng7\prxtbSof0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\prxConduitEngine.dll O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uSBToolTip] D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Proxifier] "D:\Program Files\Proxifier\Proxifier.exe" aut O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Google Update] "D:\Users\Marcel\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1775380299-2571389633-3310154250-1009\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1775380299-2571389633-3310154250-1009\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @D:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - D:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @D:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @D:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - D:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - D:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\prxerdrv.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} (CDFusionActiveXCtl Object) - http://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://www.iamironman2.com/plugin/DFusionHomeWebPlugIn.Installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3047713A-B65F-470D-8B9E-35408AAF6CBA}: NameServer = 4.2.2.3,4.2.2.2 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: TeknoGods.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\System32\DreamScene.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 14306 bytes PC Helpforum moderator bericht: Deze vraag werd afgesplitst van http://www.pc-helpforum.be/f167/trojan-backdoor-win32-cybot-b-31264/