Vraag & Antwoord

Beveiliging & privacy

hijack log ivm browserkaping

17 antwoorden
  • Ik heb sinds kort een paar klachten. Ten eerste wil hij de startpagina van internet explorer steeds wijzigen. verder krijg ik steeds 2 icoontjes op het bureaublad: apple ipod offer en nog iets van mobieltjes. Weet iemand wat dit is? Ik plaats hieronder mijn hijack log. Alvast bedankt. Logfile of HijackThis v1.99.1 Scan saved at 15:19:30, on 25-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\mcafee.com\agent\McAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe D:\Program Files\Microsoft AntiSpyware\gcasServ.exe D:\Program Files\Mozilla Firefox 1.0.1\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Jaco\LOCALS~1\Temp\Rar$EX00.336\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spkkquxdstpqqddjkeolkyxs.us/6v_UgJKjfrdGVlVl/35eOi8GJlK76KS0_R2SMNGZFDoKCxhWbBTegiAIbYSW/nvJ.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [bqquqi] c:\windows\system32\bqquqi.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RollerCoasterTycoon2.exe] C:\DOCUME~1\Jaco\BUREAU~1\ROLLER~1.EXE /r O4 - HKCU\..\Run: [RCT2_TT.exe] C:\DOCUME~1\Jaco\BUREAU~1\RCT2_T~1.EXE /r O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOCUME~1\Jaco\BUREAU~1\MONSTE~1.EXE /r O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Jaco\APPLIC~1\KNOBRO~1\mail wma.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: hp psc 1000 series.lnk.disabled O4 - Global Startup: hpoddt01.exe.lnk.disabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • nog even wat. Adaware spybot en microsoft antispyware vonden nikz. Ikzelf vind dit eruit zien als lop.
  • Is inderdaad lop. Als je messengerPlus nog geïnstalleerd hebt, de-installeer die dan. Open kladblok en kopieer en plak het volgende erin: [code:1:6137076fac] dir %Windir%\tasks\*.job /a:h > files.txt notepad files.txt [/code:1:6137076fac] Sla dit op als findjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Dubbelklik op findjob.bat en post de inhoud van het txtbestandje die je verkrijgt, samen met een nieuw logje van HijackThis . grtz, Beamerke
  • ok. Messenger plus had ik al niet meer sinds ik de eerste keer lop had. Dit heb ik er toen af gekregen met behulp van marc. Ik kreeg dit van findjob.bat: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van c:\windows\tasks 15-01-2005 11:18 <DIR> . 15-01-2005 11:18 <DIR> .. 15-01-2005 11:00 256 A1A1A0CC91965490.job 15-01-2005 11:00 256 A45EDFE491B958A8.job 15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job 15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job 07-09-2001 13:00 65 desktop.ini 26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job 14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job 15-01-2005 08:58 6 SA.DAT 15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job 15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job 26-11-2004 23:40 484 WebReg 20041007234018.job 13 bestand(en) 4.775 bytes Map van C:\WINDOWS\system32
  • Open kladblok en kopieer en plak het volgende erin: [code:1:2086fbb72a] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A1A1A0CC91965490.job del A1A1A0CC91965490.job attrib -r -s -h A45EDFE491B958A8.job del A45EDFE491B958A8.job [/code:1:2086fbb72a] Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Dubbelklik op remjob.bat. Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier, samen met een logje van HijackThis (niet vergeten deze keer)
  • ok. Hier komt het spul: hijack this: Logfile of HijackThis v1.99.1 Scan saved at 10:32:55, on 26-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\mcafee.com\agent\McAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Documents and Settings\Jaco\Bureaublad\HijackThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocptezqqqsbicslpj.biz/6v_UgJKjfrdGVlVl/35eOi8GJlK76KS0_R2SMNGZFDomYjrH_fdZ9yAIbYSW/nvJ.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [bqquqi] c:\windows\system32\bqquqi.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RollerCoasterTycoon2.exe] C:\DOCUME~1\Jaco\BUREAU~1\ROLLER~1.EXE /r O4 - HKCU\..\Run: [RCT2_TT.exe] C:\DOCUME~1\Jaco\BUREAU~1\RCT2_T~1.EXE /r O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOCUME~1\Jaco\BUREAU~1\MONSTE~1.EXE /r O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Jaco\APPLIC~1\KNOBRO~1\mail wma.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: hp psc 1000 series.lnk.disabled O4 - Global Startup: hpoddt01.exe.lnk.disabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe findjob: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van C:\WINDOWS\tasks 26-03-2005 10:00 256 A0D35FE39184DE03.job 26-03-2005 10:00 256 AA2B563691E8D106.job 2 bestand(en) 512 bytes 0 map(pen) 1.028.255.744 bytes beschikbaar
  • Open kladblok en kopieer en plak het volgende erin: [code:1:99defcd9ae] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A0D35FE39184DE03.job del A0D35FE39184DE03.job attrib -r -s -h AA2B563691E8D106.job del AA2B563691E8D106.job [/code:1:99defcd9ae] Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Dubbelklik op remjob.bat. Zet ook even je teatimer en je spysweeper voorlopig af en laat deze niet opstarten samen met windows volgende keer want het kan de veranderingen die je zelf op je systeem aanbrengt terug ongedaan maken. Lees hier hoe je teatimer moet uitschakelen: http://russelltexas.com/malware/teatimer.htm Open HijackThis en vink volgende regels aan: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocptezqqqsbicslpj.biz/6v_UgJKjfrdGVlVl/35eOi8GJlK76KS0_R2SMNGZFDomYjrH_fdZ9yAIbYSW/nvJ.html O4 - HKLM\..\Run: [bqquqi] c:\windows\system32\bqquqi.exe sluit alle vensters behalve HijackThis, en klik op "fix checked" Zorg dat [url=http://users.pandora.be/marcvn/spyware/1117602.htm]alle verborgen bestanden weergegeven worden[/url] zoek daarna via verkenner naar volgend bestand en verwijder het: c:\windows\system32\bqquqi.exe <==dit bestand Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier, samen met een nieuw logje van HijackThis
  • ff opmerking. Ik heb geen (webroot) spysweeper. Of bedoel je een andere? Ik zal je instructies uitvoeren en je krijgt straks hijack this. Groeten en bedankt van jaco
  • hey inderdaad. Ik zie in spybot bij system startup dat ie nog gedraaid word. Ik dacht dat ik hem verwijderd had. k ga gelijk ff kijken.
  • er zit helemaal niks meer in die map. Spysweeper kan dus niet meer draaien. Ik zal hem voor de zekerheid nog ff afvinken bij system startup.
  • ok beamerke. Hier zijn de logs. findjob: Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van C:\WINDOWS\tasks 26-03-2005 13:00 256 A0D35FE39184DE03.job 26-03-2005 13:00 256 AA2B563691E8D106.job 2 bestand(en) 512 bytes 0 map(pen) 1.028.534.272 bytes beschikbaar hijack this Logfile of HijackThis v1.99.1 Scan saved at 13:21:15, on 26-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\mcafee.com\agent\McAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe D:\Program Files\Mozilla Firefox 1.0.1\firefox.exe C:\Documents and Settings\Jaco\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: hp psc 1000 series.lnk.disabled O4 - Global Startup: hpoddt01.exe.lnk.disabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • ok, we maken vorderingen :wink: Open kladblok en kopieer en plak het volgende erin: [code:1:5119ee0c8d] %systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h A0D35FE39184DE03.job del A0D35FE39184DE03.job attrib -r -s -h AA2B563691E8D106.job del AA2B563691E8D106.job [/code:1:5119ee0c8d] Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad. Dubbelklik op remjob.bat. Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier.
  • ok Findjob.bat Het volume in station C heeft geen naam. Het volumenummer is 748D-79EA Map van C:\WINDOWS\tasks ziet er goed uit.
  • Ziet er inderdaad goed uit :wink: Kan je nog eens een logje van HijackThis plaatsen? Het is maar dat ik echt zeker wil zijn dat alles ook effectief weg is :wink:
  • hijack log: Logfile of HijackThis v1.99.1 Scan saved at 18:37:19, on 26-3-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\PROGRA~1\mcafee.com\agent\McAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Real\RealPlayer\RealPlay.exe C:\Documents and Settings\Jaco\Bureaublad\HijackThis.exe D:\Program Files\Real\RealPlayer\RealPlay.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: hp psc 1000 series.lnk.disabled O4 - Global Startup: hpoddt01.exe.lnk.disabled O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe En bedankt beamerke
  • ok, nu ben ik ook gerust. Je logje is schoon!! :D :D :D Veel plezier terug :D
  • ok beamerke. Bedankt voor alles.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.