Check alle échte Black Friday-deals Ook zo moe van nepaanbiedingen? Wij laten alleen échte deals zien
Toon posts:

Trojan Q.hosts

Pagina: 1
Acties:

donderdag 3 februari 2005 12:44

Acties:

Verwijderd

Topicstarter
Elke dag als ik mijn computer opstart moet ik opnieuw Norton autoprotect activeren.
na de activatie vindt hij altijd Trojan Q.hosts en deze wist hij dan.

Ik heb ingesteld dat autoprotect meteen moet opstarten, dit probleem heb ik nooit eerder gehad en ik draai Norton al jaren.

Het is pas sinds de laatste installatie van mijn computer.

Wat denken jullie?

Norton opnieuw installeren?

donderdag 3 februari 2005 13:46

Acties:
  • pasta
  • Registratie: September 2002
  • Laatst online: 12-01 14:16

pasta

Ondertitel

Mwah, misschien is het toch makkelijker om te kijken of er een verdacht proces ronddraait wat Norton niet herkent maar er voor zorgt dat de trojan telkens weer terugkomt. :) Kijk eens met hijackthis of je nog enige verdachte processen tegenkomt. Mocht je er zelf niet uitkomen, plaats dan de log hier (tussen [code] tags) en geef eventueel aan wat je zelf al verdachte entries vond. :)

Signature

dinsdag 8 februari 2005 15:53

Acties:

Verwijderd

Topicstarter
http://www.weballey.nl/spyware/hijackthis.html

Ik ken Hijack This en heb hem vaker gedraaid maar nu sluit hij direct af na/tijdens de scan, dus ik kan niks. Ik heb alle tips op de bovenstaande site al uitgeprobeerd.

dinsdag 8 februari 2005 17:14

Acties:
  • magnifor
  • Registratie: Februari 2004
  • Niet online

magnifor

Na een sessie google heb ik dit kunnen vinden:
Hi

You have the Q-HOSTS trojan ....

Look at the O1 entries ... each url you see there is being blocked...

http://securityresponse.s...c/data/trojan.qhosts.html

Install the Patch....
http://www.microsoft.com/...ity/bulletin/MS03-040.asp

Run this Removal tool....
http://securityresponse.s....qhosts.removal.tool.html
Misschien is het handig als je het hele draadje eens doorleest:

http://www.help2go.com/po...removal&hl=nl%20target=nw

dinsdag 8 februari 2005 17:19

Acties:

Verwijderd

Er zijn 1000en malware die een aangepaste hostsfile droppen.
Varierend van open source bots, tot Trojan-Downloaders en AdWare.

Er is dus met de huidige informatie niet veel zinnigs te zeggen over de point of entry en hoe deze al dan niet te patchen.

Het is duidelijk dat er malware actief is die NAV uitschakelt en elke keer qhost terugplaatst, dus een bot is waarschijnlijk.

Scan eens met een AV die beter is qua backdoordetectie. :)

donderdag 10 februari 2005 23:25

Acties:

Verwijderd

Topicstarter
Het is inderdaad iets van spyware.

Hijackthis wil op een of andere manier niet, ook niet na het installeren van verschillende patches.

Met spyware doctor vindt hij 285 infecties, alleen moet je het serienummer hebben om ze te kunnen wissen. Ik heb deze nog niet kunnen vinden, dus koop ik het programma maar :)

Ik plak hier even de log van de scan (en ga weer even verder neuzen naar een oplossing).

Scan Results:
scan start: 10-2-2005 22:57:33
scan stop: 10-2-2005 23:13:21
scanned items: 157905
found items: 286
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner


Infection Name Location Risk
Cydoor multiple Medium
eUniverse/IncrediFind multiple High
Grokster multiple Medium
Webhancer multiple High
Wintools multiple Medium
Wintools explorer.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools ccApp.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools InCD.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools CmWatch.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools WToolsA.exe (C:\Program Files\Common Files\WinTools\WToolsA.exe) Medium
Wintools WToolsA.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools DitExp.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools msmsgs.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools iTunesHelper.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools ctfmon.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools WinCinemaMgr.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools WZQKPICK.EXE (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools sgmain.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools sgbhp.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools WToolsS.exe (C:\Program Files\Common Files\WinTools\WToolsS.exe) Medium
Wintools WSup.exe (C:\Program Files\Common Files\WinTools\WSup.exe) Medium
Wintools WSup.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools msimn.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools IEXPLORE.EXE (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Wintools Photoshop.exe (C:\Program Files\Common Files\WinTools\WToolsB.dll) Medium
Altnet Software HKCR\ADM25.ADM25 Elevated
Altnet Software HKCR\ADM25.ADM25\CurVer Elevated
Altnet Software HKCR\ADM25.ADM25.1 Elevated
Altnet Software HKCR\ADM25.ADM25.1\CLSID Elevated
Altnet Software HKCR\ADM4.ADM4 Elevated
Altnet Software HKCR\ADM4.ADM4\CurVer Elevated
Altnet Software HKCR\ADM4.ADM4.1 Elevated
Altnet Software HKCR\ADM4.ADM4.1\CLSID Elevated
Altnet Software HKCR\AppID\adm.EXE Elevated
Altnet Software HKCR\AppID\Altnet Signing Module.EXE Elevated
Cydoor HKCU\Software\Cydoor Medium
Cydoor HKLM\Software\Cydoor Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com\AppInfo Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com\CMEII Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com\Gator Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com\Gator\dyn Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH Medium
GAIN-eWallet HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs Medium
GAIN HKLM\SOFTWARE\Gator.com Medium
GAIN HKLM\SOFTWARE\Gator.com\AppInfo Medium
GAIN HKLM\SOFTWARE\Gator.com\CMEII Medium
GAIN HKLM\SOFTWARE\Gator.com\Gator Medium
GAIN HKLM\SOFTWARE\Gator.com\Gator\dyn Medium
GAIN HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH Medium
GAIN HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs Medium
Huntbar HKCR\PROTOCOLS\Name-Space Handler\res Elevated
Huntbar HKCR\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol Elevated
IBIS Toolbar HKLM\software\microsoft\windows\currentversion\installer\userdata\sto Medium
Webhancer HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} High
Webhancer HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ProxyStubClsid High
Webhancer HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ProxyStubClsid32 High
Webhancer HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\TypeLib High
Webhancer HKLM\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} High
Webhancer HKLM\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ProxyStubClsid High
Webhancer HKLM\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ProxyStubClsid32 High
Webhancer HKLM\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\TypeLib High
Webhancer HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} High
Webhancer HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0 High
Webhancer HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\0 High
Webhancer HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\0\win32 High
Webhancer HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\FLAGS High
Webhancer HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\HELPDIR High
Webhancer HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} High
Webhancer HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0 High
Webhancer HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\0 High
Webhancer HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\0\win32 High
Webhancer HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\FLAGS High
Webhancer HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\HELPDIR High
Webhancer HKLM\software\webhancer High
Webhancer HKLM\software\webhancer\CC High
Webhancer HKLM\software\webhancer\ESO High
WebSearch HKCR\PROTOCOLS\Name-Space Handler\res Elevated
WebSearch HKCR\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol Elevated
WebSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO Elevated
Wintools HKCR\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol Medium
Wintools HKCR\WToolsB.ResProtocol Medium
Wintools HKCR\WToolsB.ResProtocol\Clsid Medium
Wintools HKLM\SYSTEM\ControlSet001\Services\WinToolsSvc Medium
Wintools HKLM\SYSTEM\ControlSet001\Services\WinToolsSvc\Security Medium
Wintools HKLM\SYSTEM\ControlSet001\Services\WinToolsSvc\Enum Medium
Wintools HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc Medium
Wintools HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security Medium
Wintools HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum Medium
Wintools HKLM\SOFTWARE\WinTools Medium
Wintools HKLM\SOFTWARE\WinTools\kydmzylki Medium
Wintools HKLM\SOFTWARE\WinTools\nlibjhin Medium
Wintools HKLM\SOFTWARE\WinTools\nlibx4m Medium
Wintools HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools Medium
Wintools HKLM\software\classes\wtoolsb.resprotocol Medium
Wintools HKLM\software\classes\wtoolsb.resprotocol\Clsid Medium
Wintools HKCU\Software\WinTools Medium
Wintools HKCU\Software\WinTools\URLSearchHooks Medium
Wintools HKLM\software\classes\protocols\name-space handler\res\wtoolsb.resprotocol Medium
Wintools HKLM\Software\Microsoft\Windows\CurrentVersion\Run##WinTools Medium
Tracking Cookie(s) famke backx@as-us.falkag[1].txt Medium
Tracking Cookie(s) famke backx@tribalfusion[1].txt Medium
Tracking Cookie(s) famke backx@ilead.itrack[1].txt Medium
Tracking Cookie(s) famke backx@bravenet[2].txt Medium
Tracking Cookie(s) famke backx@webads[1].txt Medium
Tracking Cookie(s) famke backx@cgi-bin[3].txt Medium
Tracking Cookie(s) famke backx@atdmt[2].txt Medium
Tracking Cookie(s) famke backx@casalemedia[2].txt Medium
Tracking Cookie(s) famke backx@tripod[1].txt Medium
Tracking Cookie(s) famke backx@stat.onestat[2].txt Medium
Tracking Cookie(s) famke backx@as1.falkag[1].txt Medium
Tracking Cookie(s) famke backx@counter8.sextracker[1].txt Medium
Tracking Cookie(s) famke backx@cgi-bin[1].txt Medium
Tracking Cookie(s) famke backx@z1.adserver[1].txt Medium
Tracking Cookie(s) famke backx@sextracker[1].txt Medium
Tracking Cookie(s) famke backx@targetnet[1].txt Medium
Tracking Cookie(s) famke backx@realmedia[2].txt Medium
Tracking Cookie(s) famke backx@overture[2].txt Medium
Tracking Cookie(s) famke backx@servedby.advertising[2].txt Medium
Specific911 Hijack famke backx@go2net[1].txt High
Tracking Cookie(s) famke backx@bfast[1].txt Medium
Tracking Cookie(s) famke backx@tradedoubler[1].txt Medium
Tracking Cookie(s) famke backx@revenue[2].txt Medium
Tracking Cookie(s) famke backx@fastclick[1].txt Medium
Tracking Cookie(s) famke backx@2o7[1].txt Medium
Tracking Cookie(s) famke backx@questionmarket[1].txt Medium
Tracking Cookie(s) famke backx@hitbox[1].txt Medium
Tracking Cookie(s) famke backx@advertising[1].txt Medium
Tracking Cookie(s) famke backx@cgi-bin[2].txt Medium
Tracking Cookie(s) famke backx@statcounter[1].txt Medium
Tracking Cookie(s) famke backx@www.help2go[2].txt Medium
Tracking Cookie(s) famke backx@mediaplex[1].txt Medium
Tracking Cookie(s) famke backx@ehg-adversitement.hitbox[2].txt Medium
Tracking Cookie(s) famke backx@trafficmp[2].txt Medium
Tracking Cookie(s) famke backx@ad-logics[1].txt Medium
Tracking Cookie(s) famke backx@gator[1].txt Medium
Tracking Cookie(s) famke backx@ehg-nti.hitbox[1].txt Medium
Tracking Cookie(s) famke backx@doubleclick[1].txt Medium
Tracking Cookie(s) famke backx@bluestreak[2].txt Medium
WebSearch HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Main | SearchAssistant Elevated
WebSearch HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search | SearchAssistant Elevated
GAIN HKCR\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} Medium
GAIN HKLM\Software\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} Medium
Huntbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} Elevated
Huntbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories Elevated
Huntbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} Elevated
Huntbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories Elevated
Huntbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Elevated
Huntbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Elevated
Huntbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Elevated
Huntbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Elevated
Huntbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Elevated
Huntbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
Huntbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Elevated
Huntbar HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} Elevated
Huntbar HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32 Elevated
Huntbar HKLM\Software\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} Elevated
Huntbar HKLM\Software\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32 Elevated
Huntbar HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks##{87766247-311C-43B4-8499-3D5FEC94A183} Elevated
Huntbar HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} Elevated
Huntbar HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Elevated
Huntbar HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Elevated
Huntbar HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Elevated
Huntbar HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Elevated
Huntbar HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Elevated
Huntbar HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Elevated
IBIS Toolbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} Medium
IBIS Toolbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories Medium
IBIS Toolbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKCR\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Medium
IBIS Toolbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Medium
IBIS Toolbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Medium
IBIS Toolbar HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Medium
IBIS Toolbar HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Medium
IBIS Toolbar HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Medium
IBIS Toolbar HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Medium
WebSearch HKCR\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} Elevated
WebSearch HKCR\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories Elevated
WebSearch HKCR\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKCR\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKLM\Software\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} Elevated
WebSearch HKLM\Software\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories Elevated
WebSearch HKLM\Software\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKLM\Software\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Elevated
WebSearch HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Elevated
WebSearch HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Elevated
WebSearch HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Elevated
WebSearch HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories Elevated
WebSearch HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKLM\Software\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32 Elevated
WebSearch HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Elevated
WebSearch HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Elevated
WebSearch HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Elevated
WebSearch HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} Elevated
WebSearch HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32 Elevated
WebSearch HKLM\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID Elevated
WebSearch HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} Elevated
WebSearch HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories Elevated
WebSearch HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} Elevated
WebSearch HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories Elevated
WebSearch HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
WebSearch HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
Wintools HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} Medium
Wintools HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32 Medium
Wintools HKLM\Software\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} Medium
Wintools HKLM\Software\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32 Medium
Wintools HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks##{87766247-311C-43B4-8499-3D5FEC94A183} Medium
Wintools HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} Medium
Wintools HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} Medium
Wintools HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories Medium
Wintools HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
Wintools HKCR\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
Wintools HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} Medium
Wintools HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories Medium
Wintools HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
Wintools HKLM\Software\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC} Medium
Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories Medium
Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Medium
Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32 Medium
Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance Medium
Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance\InitPropertyBag Medium
Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC} Medium
Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories Medium
Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Medium
Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32 Medium
Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance Medium
Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance\InitPropertyBag Medium
Wintools C:\Program Files\Common Files\WinTools\rmhgxlmu.wzg Medium
Wintools C:\Program Files\Common Files\WinTools\WSup.exe Medium
Wintools C:\Program Files\Common Files\WinTools\WToolsA.exe Medium
Wintools C:\Program Files\Common Files\WinTools\WToolsB.dll Medium
Wintools C:\Program Files\Common Files\WinTools\WToolsC.cfg Medium
Wintools C:\Program Files\Common Files\WinTools\WToolsD.cfg Medium
Wintools C:\Program Files\Common Files\WinTools\WToolsP.cfg Medium
Wintools C:\Program Files\Common Files\WinTools\WToolsS.exe Medium
eUniverse/IncrediFind C:\Program Files\kazaa\PerfectNavUninstall.exe High
Webhancer C:\Program Files\webhancer\programs\whAgent.ini High
Webhancer C:\Program Files\webHancer\Programs\whSurvey.exe High
Webhancer C:\Program Files\whInstall\license.txt High
Webhancer C:\Program Files\whInstall\readme.txt High
Webhancer C:\Program Files\whinstall\Sporder.dll High
Webhancer C:\Program Files\whinstall\Webhdll.dll High
Webhancer C:\Program Files\whInstall\WhAgent.exe High
Webhancer C:\Program Files\whInstall\whAgent.inf High
Webhancer C:\Program Files\whInstall\whAgent.ini High
Webhancer C:\Program Files\whinstall\whiehlpr.dll High
Webhancer C:\Program Files\whInstall\whInstaller.exe High
Webhancer C:\Program Files\whInstall\whInstaller.ini High
Webhancer C:\Program Files\whInstall\WhSurvey.exe High
GAIN C:\WINDOWS\GatorPdpSetup.log Medium
NewDotNet C:\WINDOWS\NDNuninstall6_38.exe High
Grokster C:\WINDOWS\smdat32a.sys Medium
Grokster C:\WINDOWS\smdat32m.sys Medium
Webhancer C:\WINDOWS\whAgent.inf High
Webhancer C:\WINDOWS\whInstaller.exe High
Webhancer C:\WINDOWS\whInstaller.ini High
Joltid P2P Networking C:\Documents and Settings\Famke Backx\Local Settings\Temp\p2psetup.exe Elevated
Zestyfind (Unknown Hijacker) C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Medium


Other Sections:

[ Voor 1% gewijzigd door pasta op 11-02-2005 01:55 ]

vrijdag 11 februari 2005 02:04

Acties:

Verwijderd

Topicstarter
Ik heb het programma inmiddels gekocht en een scan gedaan, hij heeft veel infecties gevonden, maar geholpen heeft het nog niet :( Ik krijg nog steeds elke keer als mijn compu opnieuw opgestart is weer dat virus en ik moet norton autoprotect handmatig activeren.

vrijdag 11 februari 2005 02:29

Acties:
  • pasta
  • Registratie: September 2002
  • Laatst online: 12-01 14:16

pasta

Ondertitel

Zoals Verwijderd in "Trojan Q.hosts" ook al zei, scan eens met een andere AV. Misschien dat deze dingen vindt die NAV niet vond. :)

Signature

maandag 14 februari 2005 16:22

Acties:

Verwijderd

Topicstarter
Goed idee, ga ik doen.

Ik ben wel met 1 ding vooruit gekomen, hijackthis kuurt niet meer.

Ik zal de log hier plakken,

Volgend mij is lsass.exe al en virus (sasser worm),


Logfile of HijackThis v1.99.0
Scan saved at 16:15:34, on 14-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\csmrs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
D:\downloads\software\applicaties\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amotion.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MsgApi] C:\WINDOWS\System32\csmrs.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.m...eb_site.cab?1101972278077
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/...sengersetupdownloader.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod-service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

maandag 14 februari 2005 16:26

Acties:
  • Strikie
  • Registratie: Januari 2001
  • Laatst online: 10-11 22:16

Strikie

Athletics

Gooi je log http://www.hijackthis.de/ hier eens in.

::: All Terrain Boys ::: Cube LTD race

maandag 14 februari 2005 16:56

Acties:
  • Sassie
  • Registratie: November 1999
  • Laatst online: 13:07

Sassie

Volgens mij zijn deze 2 entries de boosdoeners:
C:\WINDOWS\System32\csmrs.exe
O4 - HKLM\..\Run: [MsgApi] C:\WINDOWS\System32\csmrs.exe

Gooi die csmrs.exe eens door door Jotti's virusscan als je hem kunt vinden (evt verborgen bestanden weer laten geven).

Overigens lsass.exe is normaal gesproken een Windows process: http://www.liutilities.co...pro/processlibrary/lsass/
Als je toch denkt dat het bij jou een worm is, laat Jotti's virusscan hem dan testen.

maandag 14 februari 2005 17:02

Acties:
  • pasta
  • Registratie: September 2002
  • Laatst online: 12-01 14:16

pasta

Ondertitel

code:
1
2

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Deze lijken me ook niet echt 100% vertrouwbaar. Gooi die ook eens door Jotti's online malware scan :)
edit:
Volgens google is die csmrs.exe een variant van Dedler. :)

[ Voor 12% gewijzigd door pasta op 14-02-2005 17:06 ]

Signature

maandag 14 februari 2005 17:45

Acties:
  • magnifor
  • Registratie: Februari 2004
  • Niet online

magnifor

Verwijderd schreef op maandag 14 februari 2005 @ 16:22:

Volgend mij is lsass.exe al en virus (sasser worm),
Isass.exe is geen virus:

http://www.liutilities.co...pro/processlibrary/lsass/

Het kan wel gebruikt worden door virussen. :)

maandag 21 februari 2005 17:19

Acties:

Verwijderd

Topicstarter
Oh OK dus zo zit dat!
Het is indmiddels verholpen.
Ik heb andere antivirussoftware en een personal firewall aangeschaft van Mcafee, deze vindt meer.

maandag 21 februari 2005 17:22

Acties:

Verwijderd

Topicstarter
Btw Mcafee heeft csmrs.exe direct gevonden, dus die is ook pleite.
Pagina: 1
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq