Vraag & Antwoord

Beveiliging & privacy

hijack this

30 antwoorden
  • ik heb het met veel scanners geprobeerd adaware, spybot, microsoft spywarescanner, de spyware scanner van mccaffee. Lop komt echter steeds weer terug. (ik heb ook die newuninstall en die toolbar uninstall bestandjes). Niks werkt echter. Spyware blaster houd hem ook niet buiten. Ten einde raad plaats ik een hijack this log. Zou iemand van jullie zo aardig willen zijn om hem te controleren? Alvast bedankt. Logfile of HijackThis v1.99.0 Scan saved at 21:43:29, on 13-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • Download [url=http://users.telenet.be/marcvn/tools/vindjob.zip]dit[/url] bestandje. Unzip het. Klik op vindjob.bat. Er opent een kladblokbestand. Kopieer en plak de inhoud van dit bestand in je volgende post.
  • Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 09:04 <DIR> . 15-01-2005 09:04 <DIR> .. 15-01-2005 09:00 256 A1A1A0CC91965490.job 15-01-2005 09:00 256 A2990C5C91BA80A0.job 15-01-2005 09:00 256 A40218AD91559329.job 15-01-2005 09:00 256 A424739E91B7E6EA.job 15-01-2005 09:00 256 A426230A91A9DC96.job 15-01-2005 09:00 256 A44F1DF09184987C.job 15-01-2005 09:00 256 A51FF3E1900067F9.job 15-01-2005 09:00 260 A7A4D34791AF4CA3.job 15-01-2005 09:00 256 A8110BAE910E830A.job 15-01-2005 09:00 256 A87241C49185F88C.job 15-01-2005 09:00 256 A8884C97908BC377.job 15-01-2005 09:00 256 A892295591E1A4C9.job 15-01-2005 09:00 260 A8E15D0591E2CDC5.job 15-01-2005 09:00 250 A91A26489181DE24.job 15-01-2005 09:00 256 A9600EE691D78A8A.job 15-01-2005 09:00 260 A9C8C07991877761.job 15-01-2005 09:00 260 AA62B8F69089334A.job 15-01-2005 09:00 256 AA674ED490B0C0AC.job 15-01-2005 09:00 260 AABFCFF991AC4491.job 15-01-2005 09:00 260 AB6BCBA7915042F7.job 15-01-2005 09:00 260 AB964CAB91DDC2BB.job 15-01-2005 09:00 256 ABDBFFAC91B07DB4.job 15-01-2005 09:00 256 ABEBF87D90386D95.job 15-01-2005 09:00 256 AC92E44890C99604.job 15-01-2005 09:00 256 AC9DEA19919E9C95.job 15-01-2005 09:00 256 ACAE77AE91FDF43E.job 15-01-2005 09:00 260 AE1EDA0E91854AFA.job 15-01-2005 09:00 260 AE4EEE8491859F00.job 15-01-2005 09:00 256 AE62EBD791ED611B.job 15-01-2005 09:00 256 AE7CDB5E918B4C16.job 15-01-2005 09:00 260 AED2F17591856195.job 15-01-2005 09:00 260 AFC1E74E91269CAA.job 15-01-2005 09:00 260 B057CAC7903C7B93.job 15-01-2005 09:00 260 B1A5CF9690C246BA.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 09:04 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:03 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 09:05 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 09:04 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 45 bestand(en) 13.013 bytes Map van C:\WINDOWS\system32
  • Jacie, Kopieer onderstaande code in een kladblokbestand. Sla het op als deljob.bat. Zorg dat bij opslaan als type het volgende geselecteerd is: Alle bestanden (*.*). [code:1:de24a89963] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A2990C5C91BA80A0.job attrib -r -s -h A40218AD91559329.job attrib -r -s -h A424739E91B7E6EA.job attrib -r -s -h A426230A91A9DC96.job attrib -r -s -h A44F1DF09184987C.job attrib -r -s -h A51FF3E1900067F9.job attrib -r -s -h A7A4D34791AF4CA3.job attrib -r -s -h A8110BAE910E830A.job attrib -r -s -h A87241C49185F88C.job attrib -r -s -h A8884C97908BC377.job attrib -r -s -h A892295591E1A4C9.job attrib -r -s -h A8E15D0591E2CDC5.job attrib -r -s -h A91A26489181DE24.job attrib -r -s -h A9600EE691D78A8A.job attrib -r -s -h A9C8C07991877761.job attrib -r -s -h AA62B8F69089334A.job attrib -r -s -h AA674ED490B0C0AC.job attrib -r -s -h AABFCFF991AC4491.job attrib -r -s -h AB6BCBA7915042F7.job attrib -r -s -h AB964CAB91DDC2BB.job attrib -r -s -h ABDBFFAC91B07DB4.job attrib -r -s -h ABEBF87D90386D95.job attrib -r -s -h AC92E44890C99604.job attrib -r -s -h AC9DEA19919E9C95.job attrib -r -s -h ACAE77AE91FDF43E.job attrib -r -s -h AE1EDA0E91854AFA.job attrib -r -s -h AE4EEE8491859F00.job attrib -r -s -h AE62EBD791ED611B.job attrib -r -s -h AE7CDB5E918B4C16.job attrib -r -s -h AED2F17591856195.job attrib -r -s -h AFC1E74E91269CAA.job attrib -r -s -h B057CAC7903C7B93.job attrib -r -s -h B1A5CF9690C246BA.job del A1A1A0CC91965490.job del A2990C5C91BA80A0.job del A40218AD91559329.job del A424739E91B7E6EA.job del A426230A91A9DC96.job del A44F1DF09184987C.job del A51FF3E1900067F9.job del A7A4D34791AF4CA3.job del A8110BAE910E830A.job del A87241C49185F88C.job del A8884C97908BC377.job del A892295591E1A4C9.job del A8E15D0591E2CDC5.job del A91A26489181DE24.job del A9600EE691D78A8A.job del A9C8C07991877761.job del AA62B8F69089334A.job del AA674ED490B0C0AC.job del AABFCFF991AC4491.job del AB6BCBA7915042F7.job del AB964CAB91DDC2BB.job del ABDBFFAC91B07DB4.job del ABEBF87D90386D95.job del AC92E44890C99604.job del AC9DEA19919E9C95.job del ACAE77AE91FDF43E.job del AE1EDA0E91854AFA.job del AE4EEE8491859F00.job del AE62EBD791ED611B.job del AE7CDB5E918B4C16.job del AED2F17591856195.job del AFC1E74E91269CAA.job del B057CAC7903C7B93.job del B1A5CF9690C246BA.job [/code:1:de24a89963] Start de computer opnieuw. Maak een nieuwe hijackthislog en post deze. Maak ook een nieuw logje met vindjob.bat. Post dit ook. Succes. Marc
  • Logfile of HijackThis v1.99.0 Scan saved at 11:19:02, on 15-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe en nou vindjob Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 11:18 <DIR> . 15-01-2005 11:18 <DIR> .. 15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 13 bestand(en) 4.775 bytes Map van C:\WINDOWS\system32
  • Zelfde verhaal voor: [code:1:60aa66ba14] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A1A1A0CC91965490.job attrib -r -s -h A45EDFE491B958A8.job del A1A1A0CC91965490.job del A45EDFE491B958A8.job [/code:1:60aa66ba14] Sla op als deljob.bat. Run de Bat. Reboot de computer. Nadien terug 2 nieuwe logjes. Fix jezelf items in de hijackthislog?
  • neej ik fix geen logjes. Maar als het weer terug komt gebruik in de newuninstall en de toolbaruninstall. Ik heb echter het idee dat er steeds wat achterblijft want het komt steeds terug. Groetjes jaco (ik ga strak dat deljob weer doen)
  • met vindjob: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 12:21 <DIR> . 15-01-2005 12:21 <DIR> .. 15-01-2005 12:02 256 AE1CD500912B4618.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 12:21 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 12:20 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 12:18 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 12:20 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 12 bestand(en) 4.519 bytes Map van C:\Documents and Settings\J. Hollebrandse\Bureaublad met hijack this: Logfile of HijackThis v1.99.0 Scan saved at 12:23:51, on 15-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • [code:1:c3c877c9dc] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h AE1CD500912B4618.job del AE1CD500912B4618.job [/code:1:c3c877c9dc] Opslaan als deljob.bat en runnen. Nadien graag een nieuwe hijackthislog en een nieuwe log van vindjob.bat Gebruik voorlopig niet die uninstallers als ik het niet aangeef. Doe gewoon wat ik vraag.
  • hijack this: Logfile of HijackThis v1.99.0 Scan saved at 18:21:30, on 17-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe vindjob: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 17-01-2005 18:19 <DIR> . 17-01-2005 18:19 <DIR> .. 17-01-2005 16:08 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 17-01-2005 18:16 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 17-01-2005 15:29 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 17-01-2005 18:20 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 17-01-2005 16:01 6 SA.DAT 17-01-2005 16:02 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 17-01-2005 18:19 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 11 bestand(en) 4.263 bytes Map van C:\Documents and Settings\J. Hollebrandse\Bureaublad
  • Deze kan je fixen: [b:ae7380394a]O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe[/b:ae7380394a] Problemen lijken me opgelost?
  • hey mark Ik heb het idee dat de administrators account nu schoon is. Er is echter nog een andere account waar ik nog wel lop in vind. Moet ik het nu uit de administrators account scannen of uit de besmette account. ps.: sorry dat ik zo laat reageerde
  • Uit de besmette account.
  • ok marc ik heb gescand met hijackthis and vindjob.bat Eerst maar vindjob.bat Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 11:18 <DIR> . 15-01-2005 11:18 <DIR> .. 15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 13 bestand(en) 4.775 bytes Map van C:\WINDOWS\system32 en nu hijack this Logfile of HijackThis v1.99.0 Scan saved at 19:58:28, on 19-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe c:\progra~1\intern~1\iexplore.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Documents and Settings\Annet\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zsmrburigldgtvmldetfyv.com/EsmWrh7YNTreTY2bFnZ8KohsIRKY2IWUjiy6RuIq8ZY7J9NwsLgWs6gnFNxNixHn.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Annet\APPLIC~1\KNOBRO~1\mail wma.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe hey alvast heel erg bedankt voor het cleanen van de administrators account
  • Deljob.bat wordt dit: [code:1:1b3e6ed297] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A1A1A0CC91965490.job attrib -r -s -h A45EDFE491B958A8.job del A1A1A0CC91965490.job del A45EDFE491B958A8.job [/code:1:1b3e6ed297] Deze fixen met Hijackthis: [b:1b3e6ed297] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zsmrburigldgtvmldetfyv.com/EsmWrh7YNTreTY2bFnZ8KohsIRKY2IWUjiy6RuIq8ZY7J9NwsLgWs6gnFNxNixHn.html O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Annet\APPLIC~1\KNOBRO~1\mail wma.exe [/b:1b3e6ed297] Verwijder deze map: C:\DOCUME~1\Annet\APPLIC~1\KNOBRO~1 Herstart en maak nieuwe logjes. Post ze. groeten,
  • hijack this: Logfile of HijackThis v1.99.0 Scan saved at 21:10:43, on 19-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\Annet\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe vindjob: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 11:18 <DIR> . 15-01-2005 11:18 <DIR> .. 15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 13 bestand(en) 4.775 bytes Map van C:\WINDOWS\system32
  • Volgens mij post je niet het juiste logje van vindjob.bat... Het verbaast me trouwens dat die random.job bestanden er weer instaan.. Controleer even als je wil.
  • ik denk dat je gelijk hebt k heb ff opnieuw gescand en hier is het resultaat Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 11:18 <DIR> . 15-01-2005 11:18 <DIR> .. 15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 13 bestand(en) 4.775 bytes Map van C:\WINDOWS\system32
  • Op 17-01 zie ik een logje van je waar deze 2 ontbreken. [code:1:c26491a96e]15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job[/code:1:c26491a96e] Lijkt me sterk dat deze bestanden plotseling terugkomen met de datum 15-01... Dit is nog steeds het verkeerde logje volgens mij.
  • sorry marc maar ik heb ff nog een nieuwe gemaakt en die is precies het zelfde: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 11:18 <DIR> . 15-01-2005 11:18 <DIR> .. 15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 13 bestand(en) 4.775 bytes Map van C:\WINDOWS\system32

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.