Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijacklogje

Anoniem
trikkie200
8 antwoorden
  • Hoi ,

    Kan iemand mij aub helpen.
    Krijg constant het bericht : you have a security problem en krijg veel pop ups.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:34:29, on 21/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    L:\WINDOWS\System32\smss.exe
    L:\WINDOWS\system32\winlogon.exe
    L:\WINDOWS\system32\services.exe
    L:\WINDOWS\system32\lsass.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\system32\svchost.exe
    L:\WINDOWS\System32\svchost.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\system32\spoolsv.exe
    L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    L:\WINDOWS\system32\CTsvcCDA.EXE
    L:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    L:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    L:\WINDOWS\Explorer.EXE
    l:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    l:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    L:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    L:\Program Files\McAfee\MPF\MPFSrv.exe
    L:\Program Files\McAfee\MSK\MskSrver.exe
    L:\WINDOWS\system32\PnkBstrA.exe
    L:\WINDOWS\system32\svchost.exe
    L:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    L:\WINDOWS\system32\gsicon.exe
    L:\WINDOWS\system32\dslagent.exe
    L:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    L:\WINDOWS\system32\RunDll32.exe
    L:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    L:\Program Files\Real\RealPlayer\RealPlay.exe
    L:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    L:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    L:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    L:\WINDOWS\system32\hphmon05.exe
    L:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    L:\PROGRA~1\McAfee\MHN\McENUI.exe
    L:\Program Files\iTunes\iTunesHelper.exe
    L:\WINDOWS\system32\ctfmon.exe
    L:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    L:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    L:\Program Files\Steam\Steam.exe
    L:\Program Files\GameSpy\Comrade\Comrade.exe
    L:\Program Files\TomTom HOME 2\HOMERunner.exe
    L:\Program Files\Logitech\SetPoint\SetPoint.exe
    L:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
    L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    L:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    L:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    L:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    L:\Program Files\iPod\bin\iPodService.exe
    L:\WINDOWS\system32\HPZipm12.exe
    L:\WINDOWS\System32\svchost.exe
    L:\WINDOWS\system32\wuauclt.exe
    L:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    L:\Program Files\Outlook Express\msimn.exe
    L:\Program Files\Messenger\msmsgs.exe
    L:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\DOCUME~1\Trikkie\LOCALS~1\Temp\video232.cfg
    L:\DOCUME~1\Trikkie\LOCALS~1\Temp\b.exe
    l:\PROGRA~1\mcafee\msc\mcshell.exe
    L:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    l:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    L:\WINDOWS\system32\taskmgr.exe
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Tools1_gekocht_gedownload\security\HiJackThis.exe
    L:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - L:\Program Files\isoHunt\tbiso1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - l:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - L:\WINDOWS\system32\msxml71.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - L:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - L:\Program Files\isoHunt\tbiso1.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - l:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - L:\Program Files\isoHunt\tbiso1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - l:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "L:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [HP Software Update] "L:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] L:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] L:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [PCMService] "L:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] L:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] L:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "L:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] L:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] L:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE L:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE L:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [StartCCC] "L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [mcagent_exe] L:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [McENUI] L:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "L:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Antivirus] L:\Program Files\SAV\sav.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] L:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [Creative Detector] L:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Steam] "L:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Comrade.exe] L:\Program Files\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "L:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [Antivirus] L:\Program Files\SAV\sav.exe
    O4 - HKCU\..\Run: [Somefox] L:\DOCUME~1\Trikkie\LOCALS~1\Temp\video232.cfg.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Event Reminder.lnk = L:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: Logitech SetPoint.lnk = L:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = L:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://L:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - L:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163863897156
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - l:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - L:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - L:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - L:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - L:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - L:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - L:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - l:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - L:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - l:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - L:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - L:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - L:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - L:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - L:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - L:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - L:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - L:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 11797 bytes

  • Hoi,

    Wil je de volgende stappen nemen om dit probleempje op te lossen.

    Download [b:94f9a55ed8] en sla het op je bureaublad op.
    Dubbelklik op [b:94f9a55ed8]mbam-setup.exe[/b:94f9a55ed8] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:94f9a55ed8][*:94f9a55ed8]Update MalwareBytes' Anti-Malware
    [*:94f9a55ed8]Start MalwareBytes' Anti-Malware
    [/list:u:94f9a55ed8]Klik daarna op "[b:94f9a55ed8]Voltooien[/b:94f9a55ed8]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:94f9a55ed8][*:94f9a55ed8]Zodra het programma gestart is, ga dan naar het tabblad "[b:94f9a55ed8]Instellingen[/b:94f9a55ed8]".
    [*:94f9a55ed8]Vink hier aan: "[b:94f9a55ed8]Sluit Internet Explorer tijdens verwijdering van malware[/b:94f9a55ed8]".
    [*:94f9a55ed8]Ga daarna naar het tabblad "[b:94f9a55ed8]Scanner[/b:94f9a55ed8]", kies hier voor "[b:94f9a55ed8]Snelle Scan[/b:94f9a55ed8]".
    [*:94f9a55ed8]Druk vervolgens op "[b:94f9a55ed8]Scannen[/b:94f9a55ed8]" om de scan te starten.
    [*:94f9a55ed8]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:94f9a55ed8]Wanneer de scan voltooid is, klik op [b:94f9a55ed8]OK[/b:94f9a55ed8], daarna "[b:94f9a55ed8]Bekijk Resultaten[/b:94f9a55ed8]" om de resultaten te zien.
    [*:94f9a55ed8]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:94f9a55ed8]Verwijder geselecteerde[/b:94f9a55ed8]".
    [*:94f9a55ed8]Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
    Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
    [/list:u:94f9a55ed8]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:94f9a55ed8]Logs[/b:94f9a55ed8]" tab te klikken in het programma. Post dit logje in je volgende reactie te samen met een nieuw Hiajckthis logje.

    Groetjes,

    Roelof
  • Heb gedaan wat je gezegd hebt.
    Dit is het gevolg.

    Malwarebytes' Anti-Malware 1.28
    Database versie: 1184
    Windows 5.1.2600 Service Pack 2

    21/09/2008 16:09:58
    mbam-log-2008-09-21 (16-09-58).txt

    Scan type: Snelle Scan
    Objecten gescand: 80671
    Verstreken tijd: 37 minute(s), 3 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 1
    Registersleutels geïnfecteerd: 6
    Registerwaarden geïnfecteerd: 3
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 2
    Bestanden geïnfecteerd: 8

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    L:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    L:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
    L:\Documents and Settings\All Users\Application Data\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    L:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
    L:\Documents and Settings\Trikkie\Local Settings\Temp\GLK41.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
    L:\Program Files\SAV\sav.exe (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
    L:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
    L:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
    L:\Documents and Settings\Trikkie\Local Settings\Temp\video232.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    L:\Documents and Settings\Trikkie\Bureaublad\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
    L:\Documents and Settings\Trikkie\Local Settings\Temp\video232.cfg (Trojan.FakeAlert) -> Delete on reboot.

    en dit is de nieuwe Hijackthis logfile

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:22:02, on 21/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    L:\WINDOWS\System32\smss.exe
    L:\WINDOWS\system32\winlogon.exe
    L:\WINDOWS\system32\services.exe
    L:\WINDOWS\system32\lsass.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\system32\svchost.exe
    L:\WINDOWS\System32\svchost.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\system32\spoolsv.exe
    L:\WINDOWS\Explorer.EXE
    L:\WINDOWS\system32\gsicon.exe
    L:\WINDOWS\system32\dslagent.exe
    L:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    L:\WINDOWS\system32\RunDll32.exe
    L:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    L:\Program Files\Real\RealPlayer\RealPlay.exe
    L:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    L:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    L:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    L:\WINDOWS\system32\hphmon05.exe
    L:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    L:\Program Files\McAfee.com\Agent\mcagent.exe
    L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    L:\PROGRA~1\McAfee\MHN\McENUI.exe
    L:\Program Files\iTunes\iTunesHelper.exe
    L:\WINDOWS\system32\ctfmon.exe
    L:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    L:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    L:\Program Files\Steam\Steam.exe
    L:\Program Files\GameSpy\Comrade\Comrade.exe
    L:\Program Files\TomTom HOME 2\HOMERunner.exe
    L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    L:\Program Files\Logitech\SetPoint\SetPoint.exe
    L:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
    L:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    L:\WINDOWS\system32\CTsvcCDA.EXE
    L:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    L:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    l:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    l:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    L:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    L:\Program Files\McAfee\MPF\MPFSrv.exe
    L:\Program Files\McAfee\MSK\MskSrver.exe
    L:\WINDOWS\system32\PnkBstrA.exe
    L:\WINDOWS\system32\svchost.exe
    L:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    L:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    L:\Program Files\iPod\bin\iPodService.exe
    L:\WINDOWS\system32\HPZipm12.exe
    L:\WINDOWS\System32\svchost.exe
    L:\WINDOWS\system32\wuauclt.exe
    L:\Program Files\Outlook Express\msimn.exe
    L:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    L:\Program Files\Messenger\msmsgs.exe
    L:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    L:\Program Files\MSN Messenger\msnmsgr.exe
    L:\Program Files\MSN Messenger\usnsvc.exe
    L:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Tools1_gekocht_gedownload\security\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - L:\Program Files\isoHunt\tbiso1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - l:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - L:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - L:\Program Files\isoHunt\tbiso1.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - l:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - L:\Program Files\isoHunt\tbiso1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - l:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "L:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [HP Software Update] "L:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] L:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] L:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [PCMService] "L:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] L:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] L:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "L:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] L:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] L:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE L:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE L:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [StartCCC] "L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [mcagent_exe] L:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [McENUI] L:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "L:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] L:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [Creative Detector] L:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Steam] "L:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Comrade.exe] L:\Program Files\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "L:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Event Reminder.lnk = L:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: Logitech SetPoint.lnk = L:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = L:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://L:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - L:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163863897156
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - l:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - L:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - L:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - L:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - L:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - L:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - L:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - l:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - L:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - l:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - L:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - L:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - L:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - L:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - L:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - L:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - L:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - L:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 10984 bytes

  • Moest natuurlijk na het rebooten een nieuwe scan maken.
    Dit ziet er waarschijnlijk al veel beter uit.

    Malwarebytes' Anti-Malware 1.28
    Database versie: 1186
    Windows 5.1.2600 Service Pack 2

    21/09/2008 18:42:00
    mbam-log-2008-09-21 (18-42-00).txt

    Scan type: Snelle Scan
    Objecten gescand: 65646
    Verstreken tijd: 14 minute(s), 8 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
  • Roelof, zeker ook al bedankt voor je uitleg.
    was dit effe vergeten te vermelden. :-)
  • hoi Trikkie,

    Het ziet er weer goed uit.
    Hoe is het nu met je problemen ?

    Roelof
  • Alvast geen pop ups meer.

    Heb ook nog doctor Spyware geinstalleerd en deze heeft ook nog wat lagere bedreigingen gevonden.
    Ik heb McAfee, dus versta niet goed waarom deze niets heeft gedetecteert.

    Heb nu wel de indruk dat alles terug werkt.
    Ik hou het in de gaten.

    Nog eens bedankt voor de uitleg want dacht dat ik gans de PC mocht herinstalleren. oef.

    Is geen overbodige luxe om de software te gebruiken die hier in de antwoorden wordt vermeld?

    Thanks!!!
  • hoi Trikkie,

    Als je MBAM een keer per week update , kun je deze ook gebruiken als scanner.

    Roelof

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.