Vraag & Antwoord

Beveiliging & privacy

help virus wat spam verstuurt

5 antwoorden
  • Hallo volgens KPN hebben wij deze spam verstuurt. Wij vermoeden dat dit door een virus/trojan komt. [quote:76d8042445] Return-path: <Scott@jcdsarl.com> Envelope-to: s01520@atlantictrader.net Delivery-date: Mon, 05 Feb 2007 13:50:47 -0500 Received: from [xx.xx.x.xxx] (helo=ip565a0880.direct-adsl.nl) by server.webcs.biz with smtp (Exim 4.63) (envelope-from <Scott@jcdsarl.com>) id 1HE8vO-0007Vj-QS for s01520@atlantictrader.net; Mon, 05 Feb 2007 13:50:47 -0500 Message-ID: <335d01c74956$2bc79220$80085a56@ip565a0880.direct-adsl.nl> From: "Gabor Biro" <Scott@jcdsarl.com> To: "Peter Sipka" <s01520@atlantictrader.net> Subject: WWII Vet, 84, Claims $254M Lottery Prize Date: Mon, 05 Feb 2007 18:47:38 +0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1437 Hello, Now you can order Original Viagra directly from Pfizer. Here: http://www.msmappraisalandrealty.info All prices are tax/vat free and free same-day worldwide shipping also included. -- nirmnknmnhnpnoupsprnsgsusgqjpnpgqmqlpjphphqptmpjptqn [/quote:76d8042445] IP-Adres heb ik uit voorzorg eruit gehaald. Pleas help ons.
  • Mag ik een HijackThis logje aub. Download [url=http://www.isecurity.org.uk/downloads/hijackthissetup.exe][b:f1a2b9c075]hijackthissetup[/b:f1a2b9c075][/url] naar je Bureaublad.[list:f1a2b9c075]Dubbelklikken op [b:f1a2b9c075]hijackthissetup.exe[/b:f1a2b9c075] Volg de instructies en klik op [b:f1a2b9c075]Install[/b:f1a2b9c075] Er zal een snelkoppeling verschijnen op je Bureaublad met de naam [i:f1a2b9c075]Hijack This[/i:f1a2b9c075] Dubbelklikken op de snelkoppeling om Hijackthis te starten.[/list:u:f1a2b9c075]
  • HijackThis log van mijn com ik weet niet of hier het betreffende virus/trojan op zit. [quote:daf252812d] Logfile of HijackThis v1.99.1 Scan saved at 23:35:24, on 9-2-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\SiteAdvisor\6021\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SiteAdvisor\6021\SiteAdv.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe C:\Program Files\Azureus\Azureus.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ping.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\hijackthis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) [/quote:daf252812d]
  • Download en installeer [url=http://www.ccleaner.com/ccdownload.asp]CCleaner[/url] (De CCLeaner Yahoo Toolbar is niet nodig) Nog niet gebruiken. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:f9b099455e] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [/b:f9b099455e] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Start Ccleaner. Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden. Selecteer nu alleen de volgende items: Internet Explorer: - Tijdelijke Internet bestanden Systeem: - Prullenbak leegmaken - Tijdelijke bestanden klik nu in Ccleaner op [b:f9b099455e]opschonen[/b:f9b099455e] (rechts onderaan). start opnieuw op en probeer onderstaande eens uit te voeren. Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe][b:f9b099455e][color=blue:f9b099455e]Dr.Web CureIt[/color:f9b099455e][/b:f9b099455e][/url] naar je Bureaublad:[list:f9b099455e][*:f9b099455e]Dubbelklik [b:f9b099455e]drweb-cureit.exe[/b:f9b099455e] Klik op udate [*:f9b099455e]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten. [*:f9b099455e]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:f9b099455e]Yes to all[/b:f9b099455e] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. [*:f9b099455e]Eenmaal de korte scan is beëindigd, kan je de drives selecteren die je wilt laten scannen. [*:f9b099455e]Selecteer hier [b:f9b099455e]alle drives[/b:f9b099455e]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. [*:f9b099455e]Klik daarna de [b:f9b099455e]groene pijl[/b:f9b099455e] rechts om de scan te starten. [*:f9b099455e]Klik [b:f9b099455e]Yes to all[/b:f9b099455e] wanneer er gevraagd wordt om cure of move uit te voeren. [*:f9b099455e]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:f9b099455e]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:f9b099455e] [*:f9b099455e]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:f9b099455e]Move incurable[/b:f9b099455e] zoals je hier ziet: [img:f9b099455e]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:f9b099455e] Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is. [*:f9b099455e]Nadat de scan gedaan is, in het menu bovenaan, klik [b:f9b099455e]File[/b:f9b099455e] en kies [b:f9b099455e]Save report List[/b:f9b099455e]. Bewaar het op je Bureaublad. [*:f9b099455e]Sluit daarna Dr.Web Cureit. [*:f9b099455e][b:f9b099455e]Herstart[/b:f9b099455e] je computer!! [i:f9b099455e]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:f9b099455e]. [*:f9b099455e]Na het herstarten, [b:f9b099455e]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:f9b099455e]. [/list:u:f9b099455e] Negeer popups over Buy of 50% korting Plaats ook een nieuw HJT logje. J
  • mps.exe c:\program files\mcafee\mps Probably BACKDOOR.Trojan Incurable.Will be moved after reboot. mcupdmgr.exe c:\program files\mcafee\msc Probably DLOADER.Trojan Incurable.Moved. 0292491171099120mcinst.exe c:\windows\temp Probably BACKDOOR.Trojan Incurable.Moved. Patch.EXE C:\Downloads\Software_DVD_2007\Software DVD 2007\Software\ImageExtract\UltimateZip 2007 v3.1\Patch Tool.DVTPatch Incurable.Moved. Patch.EXE C:\Downloads\Software_DVD_2007\Software DVD 2007\Software\PC Cleaners\Advanced Tracks Cleaner v1.9\Patch Tool.DVTPatch Incurable.Moved. mcinst.exe C:\Program Files\Common Files\McAfee\Installer Probably BACKDOOR.Trojan Incurable.Moved. mps.exe C:\Program Files\McAfee\MPS Probably BACKDOOR.Trojan Incurable.Will be moved after reboot. mcupdmgr.exe C:\Program Files\McAfee\MSC Probably DLOADER.Trojan A0023728.exe C:\System Volume Information\_restore{6A43522F-758F-44F0-8531-EB79069D36A2}\RP102 Probably BACKDOOR.Trojan Incurable.Moved. A0023979.exe C:\System Volume Information\_restore{6A43522F-758F-44F0-8531-EB79069D36A2}\RP103 Probably BACKDOOR.Trojan Incurable.Moved. A0024076.exe C:\System Volume Information\_restore{6A43522F-758F-44F0-8531-EB79069D36A2}\RP103 Probably BACKDOOR.Trojan Incurable.Moved. A0024768.exe C:\System Volume Information\_restore{6A43522F-758F-44F0-8531-EB79069D36A2}\RP104 Probably BACKDOOR.Trojan Incurable.Moved. A0024815.exe C:\System Volume Information\_restore{6A43522F-758F-44F0-8531-EB79069D36A2}\RP105 Probably BACKDOOR.Trojan Incurable.Moved. 0292491171099120mcinst.exe C:\WINDOWS\Temp Probably BACKDOOR.Trojan 0301041170999038mcinst.exe C:\WINDOWS\Temp Probably BACKDOOR.Trojan Incurable.Moved.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.