Mededeling

Collapse
No announcement yet.

trojan vundo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan vundo

    beste mensen ik heb sinds gister last van trojan vundo
    en sinds vandaag kan ik nix meer downloaden via site,s zoals cc cleaner enz...
    en ook in hotmail zodra ik hotmail open dan krijg ik een fout melding van internet explorer

    ik hoop dat iemand mij kan helpen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:29:21, on 30-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\RTHDCPL.EXE
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7752 bytes


    hoop dat jullie dr iets mee kunnen . alvast bedankt
    Last edited by donarfan1987; 30-03-08, 14:53.

  • #2
    sorry

    sorry dat ik het ff zo doe zag namelijk nergens de knop staan om je bericht te veranderen dus vandaar dat ik het zo doe .

    maar om terug te komen op mn bericht doet mn pc het downloaden nu wel weer maar hotmail nog steeds de fout enz....

    Comment


    • #3
      Ik zie eigenlijk geen sporen van infecties.

      Doe eerst dit maar eens:
      Download Malwarebytes' Anti-Malware op je bureaublad.
      Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
      Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
      Druk daarna op "Finish".
      Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
      Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
      Druk dan op de knop "Start Scan".
      Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
      Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
      Als het programma je computer wil laten herstarten, sta je dit toe.
      Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
      Post deze log in je volgende bericht

      Comment


      • #4
        heb precies gedaan wat je zei hier is mn logfile



        Malwarebytes' Anti-Malware 1.09
        Database versie: 569

        Scan type: Volledige Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|)
        Objecten gescand: 135174
        Verstreken tijd: 46 minute(s), 50 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 0
        Registersleutels geïnfecteerd: 3
        Registerwaarden geïnfecteerd: 0
        Registerdata bestanden geïnfecteerd: 0
        Mappen geïnfecteerd: 0
        Bestanden geïnfecteerd: 5

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registersleutels geïnfecteerd:
        HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550o (Rootkit.Agent) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

        Registerwaarden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registerdata bestanden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Mappen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Bestanden geïnfecteerd:
        C:\System Volume Information\_restore{9D212A23-FD97-4094-A6D2-566980BC5C21}\RP55\A0013491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{9D212A23-FD97-4094-A6D2-566980BC5C21}\RP55\A0013493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{9D212A23-FD97-4094-A6D2-566980BC5C21}\RP58\A0014316.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{9D212A23-FD97-4094-A6D2-566980BC5C21}\RP58\A0014318.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{9D212A23-FD97-4094-A6D2-566980BC5C21}\RP61\A0015482.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

        Comment


        • #5
          Het zat in je systeemherstel, doe dit:

          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
          Kijk hier hoe je je systeemherstel moet uitschakelen.
          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

          Doe dit ook eens:


          Vertel of er dan nog problemen zijn

          Comment


          • #6
            ik heb systeem herstel uitgezet
            en opnieuw opgestart en systeemherstel weer aangezet maar nog steeds zodra ik in hotmail kom dan geeft hij een fout aan.
            maar ook voordat ik internet explorer 7 had die heb ik vandaag gedownload had ik de andere versie en daar had ik het namelijk ook bij dezelfde fout .

            ik zal nog ff die scan laten lopen van malware en kijken of ik weer die fouten krijg van trojan vundo enz...

            hoop dat dit snel is opgelost want t is wel erg iritand werken zeg

            maar in elk geval bedankt voor je hulp
            Last edited by donarfan1987; 31-03-08, 00:49.

            Comment


            • #7
              Probeer deze IEfix eens:

              Downloaden en dubbelklikken om uit te voeren. Klik bij de vraag over de internetprotocols op nee.

              Comment


              • #8
                neei helaas ook dat werkt niet, ik krijg nog steeds dezelfde internet fout

                Comment


                • #9
                  Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
                  • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                    In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                    Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                    Sluit dit venster na afloop door onderaan op "Exit" te klikken.

                  Comment


                  • #10
                    heb dat progje laten lopen maar werkt denk ik ook niet want ik heb nog steeds dezelfde fout.


                    dit is de fout die hij aangeeft bij hotmail en bij sommige site,s zoals hyves
                    Click image for larger version

Name:	fout.jpg
Views:	1
Size:	44,7 KB
ID:	1059575 en daarvoor staat natuurlijk, in internet explorer is een fout opgetreden en moet worden afgesloten. onze excuses voor dit ongemak.
                    en daaronder dat bericht staat rapport verzenden en niet verzenden

                    maar er staat ook als u de inhoud van dit foutenrapport wil weergeven.
                    klik hier. en als ik dat doe dan komt dat in beeld (zie plaatje)
                    Last edited by donarfan1987; 31-03-08, 22:14.

                    Comment


                    • #11
                      Internet Explorer deïnstalleren en opnieuw installeren helpt ook niet?

                      Doe dit eens: Steek je Windows installatieCD in je CD-rom, ga naar start - uitvoeren,typ hier cmd druk op ENTER en typ vervolgens sfc /scannow in het CMD-venster en druk op enter. Nu wordt er naar ontbrekende of corrupte bestanden gezocht en worden deze vervangen.

                      Comment


                      • #12
                        neei ook dat werkte niet helaas .

                        ook heb ik het idee dat mn pc met spellen een stuk trager is geworden
                        want speelde net the sims 2 en hij was niet zoals het hoort

                        Comment


                        • #13
                          Download FixWareout van:
                          (http://downloads.subratam.org/Fixwareout.exe)

                          Sla het op je bureaublad op en dubbelklik Fixwareout.exe. Klik eerst op Next en daarna op Install. Controleer daarna of Run fixit aangevinkt is en klik op Finish. Laat dan de fix zijn werk doen.
                          Je zal gevraagd worden om de computer opnieuw op te starten, doe dat. Het kan zijn dat je computer langer doet over het opstarten dan gewoonlijk; dit is normaal.

                          Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.

                          Plaats, na het herstarten, de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.

                          Comment


                          • #14
                            oke heb gedaan wat je zei

                            dit is van het progje die je zei

                            Username "martien hemel" - 03-04-2008 13:21:43 [Fixwareout edited 9/01/2007]

                            ~~~~~ Prerun check

                            De DNS-omzettingscache is leeggemaakt.


                            System was rebooted successfully.

                            ~~~~~ Postrun check
                            HKLM\SOFTWARE\~\Winlogon\ "System"=""
                            ....
                            ....
                            ~~~~~ Misc files.
                            ....
                            ~~~~~ Checking for older varients.
                            ....

                            ~~~~~ Current runs (hklm hkcu "run" Keys Only)
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
                            "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
                            "nwiz"="nwiz.exe /install"
                            "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
                            "RTHDCPL"="RTHDCPL.EXE"
                            "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
                            "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
                            "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
                            "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
                            "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
                            "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
                            "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
                            "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
                            "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
                            "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
                            "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
                            "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
                            "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
                            "DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
                            "DAEMON Tools Pro Agent"="\"C:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe\" -autorun"
                            ....
                            Hosts file was reset, If you use a custom hosts file please replace it...
                            ~~~~~ End report ~~~~~


                            en dit is van hijack this


                            Logfile of HijackThis v1.99.1
                            Scan saved at 13:26:42, on 3-4-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16608)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\spoolsv.exe
                            c:\program files\mcafee.com\agent\mcdetect.exe
                            c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                            c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                            c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
                            C:\WINDOWS\system32\nvsvc32.exe
                            C:\WINDOWS\system32\svchost.exe
                            c:\program files\mcafee.com\vso\mcvsshld.exe
                            c:\progra~1\mcafee.com\vso\mcvsescn.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\WINDOWS\system32\RunDLL32.exe
                            C:\WINDOWS\RTHDCPL.EXE
                            C:\PROGRA~1\mcafee.com\agent\mcagent.exe
                            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                            C:\WINDOWS\system32\LVCOMSX.EXE
                            C:\Program Files\Logitech\Video\LogiTray.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Logitech\Video\FxSvr2.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                            C:\Documents and Settings\martien hemel\Bureaublad\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                            R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
                            O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                            O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                            O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                            O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                            O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                            O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                            O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
                            O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                            O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                            O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                            O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                            O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                            O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O11 - Options group: [INTERNATIONAL] International*
                            O11 - Options group: [TABS] Tabbed Browsing
                            O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
                            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
                            O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                            O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
                            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
                            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                            O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                            O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                            O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                            O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

                            Comment


                            • #15
                              sorry dat van hijack was de oude versie van hijack dit is versie 2


                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 13:28:03, on 3-4-2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\WINDOWS\system32\spoolsv.exe
                              c:\program files\mcafee.com\agent\mcdetect.exe
                              c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                              c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                              c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
                              C:\WINDOWS\system32\nvsvc32.exe
                              C:\WINDOWS\system32\svchost.exe
                              c:\program files\mcafee.com\vso\mcvsshld.exe
                              c:\progra~1\mcafee.com\vso\mcvsescn.exe
                              C:\WINDOWS\system32\wuauclt.exe
                              C:\WINDOWS\system32\RunDLL32.exe
                              C:\WINDOWS\RTHDCPL.EXE
                              C:\PROGRA~1\mcafee.com\agent\mcagent.exe
                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                              C:\WINDOWS\system32\LVCOMSX.EXE
                              C:\Program Files\Logitech\Video\LogiTray.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\Logitech\Video\FxSvr2.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                              R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
                              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                              O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                              O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                              O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                              O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                              O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                              O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                              O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
                              O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                              O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                              O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                              O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
                              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
                              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                              O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                              O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                              O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                              O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                              O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                              O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

                              --
                              End of file - 7108 bytes

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X