Vraag & Antwoord

Beveiliging & privacy

Virus?

11 antwoorden
  • Mijn ouders hebben een probleem: Internet explorer wordt zeer regelmatig automatisch doorgelinkt naar een wazige pagina, het is onmogelijk om de gevraagde pagina in beeld te krijgen. Ik heb de computer al diverse malen laten doorzoeken op virussen, adware, spyware, enz....maar er wordt niks gevonden. Raar is het bovendien dat startpagina.nl (welke ze ook als startpagina hadden ingesteld) geheel geblokkeerd wordt. Kan de server niet vinden....andere pagina's doen het echter weer zonder deze problemen.... Ik heb Mcafee suite 8.0 draaien, deze vindt niets. Ook c-cleaner, regclean e.d. lossen niets op..... Ze hebben winMCE, volledig uptodate...... Wie helpt, wie heeft een hint, ik loop vast.
  • Plaats even een hijackthis log (zie spyware faq).
  • Bij deze de logfile. Ik heb trouwens net ook IE7.0 incl. defender geinstalleerd, helaas blijft hetzelfde manco...... Ook start nu IE regelmatig op zonder adresbalk en alle andere menu's en icoontjes???? Logfile of HijackThis v1.99.1 Scan saved at 16:13:27, on 20-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\DOCUME~1\Marian\LOCALS~1\Temp\clclean.0001 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Marian\Mijn documenten\Internet Downloads\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NI.UERSM_9999_N91S2009] "c:\documents and settings\john\application data\errorsafedutchnewreleaseinstall[1].exe" -nag O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\..\{1E114BF3-4349-4E85-8939-66875112B33D}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\..\{D48419A9-CD8D-4C37-B50F-296D8489AB85}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158 O17 - HKLM\System\CS1\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158 O18 - Protocol: bw+0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {0580DDE7-959F-47E2-8349-47526658A7E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • ik kijk even
  • Hallo, Ze noemen dit een wareoutinfectie. (information related to '85.255.112.0 - 85.255.127.255' inetnum: 85.255.112.0 - 85.255.127.255 netname: inhoster descr: Inhoster hosting company descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine) Ok de fix, Ga naar configuratiescherm >> software en verwijder daar [b:9e2b9ab78b] Logitech\Desktop Messenger[/b:9e2b9ab78b] (die heeft de hik) Als je HITMANPRO gebruikt wil je die dan uninstallen aub, zet IIG de NOD32 even uit. Download de [color=blue:9e2b9ab78b][b:9e2b9ab78b]WareOutfix[/b:9e2b9ab78b][/color:9e2b9ab78b] van één van deze twee site's:[list:9e2b9ab78b][url=http://downloads.subratam.org/Fixwareout.exe][b:9e2b9ab78b]http://downloads.subratam.org/Fixwareout.exe[/b:9e2b9ab78b][/url] [url=http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe][b:9e2b9ab78b]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/b:9e2b9ab78b][/url][/list:u:9e2b9ab78b]Sla het op op je Bureaublad en laat het runnen. Klik dan op [b:9e2b9ab78b]Next[/b:9e2b9ab78b], dan op [b:9e2b9ab78b]Install[/b:9e2b9ab78b], wees zeker dat [color=blue:9e2b9ab78b][b:9e2b9ab78b]Run fixit[/b:9e2b9ab78b][/color:9e2b9ab78b] is aangevinkt en klik op [b:9e2b9ab78b]Finish[/b:9e2b9ab78b]. De fix zal beginnen; volg de instructies die je krijgt. Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook. Je computer zal nu wat trager opstarten, [i:9e2b9ab78b]dit is normaal[/i:9e2b9ab78b]. Zodra je Bureaublad geladen is, zal een tekstbestand openen ([b:9e2b9ab78b]report.txt[/b:9e2b9ab78b]). Post dit samen met een nieuw HijackThis log. Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked. [b:9e2b9ab78b]O4 - HKLM\..\Run: [NI.UERSM_9999_N91S2009] "c:\documents and settings\john\application data\errorsafedutchnewreleaseinstall[1].exe" –nag O17 - HKLM\System\CCS\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.115 85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158 O17 - HKLM\System\CCS\Services\Tcpip\..\{04673A60-4C18-4F00-82E7-3922DBE85EF9}: NameServer = 85.255.116.115,85.255.112.158[/b:9e2b9ab78b] Maak een nieuw HJT logje aub. J
  • Fixwareout Last edited 12/06/2006 Post this report in the forums please ... Prerun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="csova.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dmuhg.exe"="C:\\WINDOWS\\system32\\dmuhg.exe" ... ... Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAEDABE767B3-417A-F5E4-4451-617BECF3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ghumd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm ... Random Runs removed from HKLM "dmuhg.exe"=- ... ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSFOV.EXE 51.772 2006-09-26 C:\WINDOWS\SYSTEM32\CSOVA.EXE 51.772 2006-09-26 C:\WINDOWS\SYSTEM32\DMFHD.EXE 60.503 2004-09-02 C:\WINDOWS\SYSTEM32\DMUHG.EXE 60.503 2004-09-02 Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. ... Postrun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" ... Logfile of HijackThis v1.99.1 Scan saved at 22:46:21, on 20-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Creative\VoiceCenter\AndreaVC.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\DOCUME~1\Marian\LOCALS~1\Temp\clclean.0001 C:\WINDOWS\vsnpstd2.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marian\Mijn documenten\Internet Downloads\Hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NI.UERSM_9999_N91S2009] "c:\documents and settings\john\application data\errorsafedutchnewreleaseinstall[1].exe" -nag O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  • Fixwareout Last edited 12/06/2006 Post this report in the forums please ... Prerun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="csova.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dmuhg.exe"="C:\\WINDOWS\\system32\\dmuhg.exe" ... ... Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AAEDABE767B3-417A-F5E4-4451-617BECF3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ghumd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm ... Random Runs removed from HKLM "dmuhg.exe"=- ... ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSFOV.EXE 51.772 2006-09-26 C:\WINDOWS\SYSTEM32\CSOVA.EXE 51.772 2006-09-26 C:\WINDOWS\SYSTEM32\DMFHD.EXE 60.503 2004-09-02 C:\WINDOWS\SYSTEM32\DMUHG.EXE 60.503 2004-09-02 Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. ... Postrun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" ...
  • Zie hierboven de logfiles...... En het werkt! Alles doet het weer zoals het hoort..... Ook namens mijn ouders bedankt! Hoe krijg je trouwens zoiets binnen? Hun PC heb ik precies eender geconfigureerd als de mijne en ze doen er weinig bijzonders mee......raar dat zij vaak geinfecteerd worden en ik nagenoeg nooit.....
  • jij kijkt beter uit waar je op klikt dan je ouders jij weet meer van de gevaren op internet dan je ouders en dit is eigenlijk de zwakste schakel en ook de gevaarlijkste ze zullen ook wel het voorbeeldscherm in outlook (express) aan hebben, lekker makkelijk kan ik het bericht direct lezen. en de spammers weten gelijk dat dit email adres wordt gelezen
  • Start HJT opnieuw en doe een systemscan only vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked. [code:1:461cafacc0] O4 - HKLM\..\Run: [NI.UERSM_9999_N91S2009] "c:\documents and settings\john\application data\errorsafedutchnewreleaseinstall[1].exe" -nag [/code:1:461cafacc0] Verwijder via verkenner het dikgedrukte deel aub. c:\documents and settings\john\application data\[b:461cafacc0]errorsafedutchnewreleaseinstall[1].exe" –nag[/b:461cafacc0] Java nog updaten. Download [url=http://java.sun.com/javase/downloads/index.jsp][b:461cafacc0][color=blue:461cafacc0]Java Runtime Environment (JRE) 6.0[/color:461cafacc0][/b:461cafacc0][/url]. [list:461cafacc0][*:461cafacc0]Scroll omlaag naar : "[i:461cafacc0]The J2SE Runtime Environment (JRE) allows end-users to run Java applications[/i:461cafacc0]". [*:461cafacc0]Klik op de "[b:461cafacc0]Download[/b:461cafacc0]" knop aan de rechterkant. [*:461cafacc0]Vink aan: "[b:461cafacc0][i:461cafacc0]Accept[/b:461cafacc0] License Agreement[/i:461cafacc0]". [*:461cafacc0]De pagina zal herladen. [*:461cafacc0]Klik op de link om [i:461cafacc0]Windows [b:461cafacc0]Offline[/b:461cafacc0] Installation[/i:461cafacc0] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad. [*:461cafacc0]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:461cafacc0]Ga dan naar [b:461cafacc0]Start[/b:461cafacc0] > [b:461cafacc0]Configuratiescherm[/b:461cafacc0] > [b:461cafacc0]Software[/b:461cafacc0] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:461cafacc0]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:461cafacc0]Klik dan op [b:461cafacc0]Verwijderen[/b:461cafacc0] of op de [b:461cafacc0]Wijzig/Verwijder[/b:461cafacc0] knop. [*:461cafacc0]Herhaal dit tot alle oudere versies verdwenen zijn. [*:461cafacc0]Na het verwijderen van alle oudere versies, [b:461cafacc0]herstart[/b:461cafacc0] je pc. [*:461cafacc0]Dubbelklik vervolgens op [b:461cafacc0]jre-6-windows-i586.exe[/b:461cafacc0] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:461cafacc0] Probleem moet haast wel over zijn . Juisterr
  • Ok, net de computer teruggebracht want zelfs 50+sers raken in de stress als ze een paar dagen zonder internet zitten..... Zal binnenkort nog even java updaten en dat andere programmatje weghalen. Nog twee kleine vragen: Hun email opent al geruime tijd geen HTML meer en ik kan niet vinden waar het aan ligt; de opties die ik heb kunnen vinden staan wel degelijk ingetstelt op HTML..... Hoe voorkom ik dat spam direct een voorbeeld opent onderin outlook express? Kan de optie om dat uit te schakelen niet vinden..... Alvast bedankt....

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.