Vraag & Antwoord
hijack this
30 antwoorden
- ik heb het met veel scanners geprobeerd adaware, spybot, microsoft spywarescanner, de spyware scanner van mccaffee.
Lop komt echter steeds weer terug. (ik heb ook die newuninstall en die toolbar uninstall bestandjes). Niks werkt echter. Spyware blaster houd hem ook niet buiten. Ten einde raad plaats ik een hijack this log.
Zou iemand van jullie zo aardig willen zijn om hem te controleren?
Alvast bedankt.
Logfile of HijackThis v1.99.0
Scan saved at 21:43:29, on 13-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe - Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
15-01-2005 09:04 <DIR> .
15-01-2005 09:04 <DIR> ..
15-01-2005 09:00 256 A1A1A0CC91965490.job
15-01-2005 09:00 256 A2990C5C91BA80A0.job
15-01-2005 09:00 256 A40218AD91559329.job
15-01-2005 09:00 256 A424739E91B7E6EA.job
15-01-2005 09:00 256 A426230A91A9DC96.job
15-01-2005 09:00 256 A44F1DF09184987C.job
15-01-2005 09:00 256 A51FF3E1900067F9.job
15-01-2005 09:00 260 A7A4D34791AF4CA3.job
15-01-2005 09:00 256 A8110BAE910E830A.job
15-01-2005 09:00 256 A87241C49185F88C.job
15-01-2005 09:00 256 A8884C97908BC377.job
15-01-2005 09:00 256 A892295591E1A4C9.job
15-01-2005 09:00 260 A8E15D0591E2CDC5.job
15-01-2005 09:00 250 A91A26489181DE24.job
15-01-2005 09:00 256 A9600EE691D78A8A.job
15-01-2005 09:00 260 A9C8C07991877761.job
15-01-2005 09:00 260 AA62B8F69089334A.job
15-01-2005 09:00 256 AA674ED490B0C0AC.job
15-01-2005 09:00 260 AABFCFF991AC4491.job
15-01-2005 09:00 260 AB6BCBA7915042F7.job
15-01-2005 09:00 260 AB964CAB91DDC2BB.job
15-01-2005 09:00 256 ABDBFFAC91B07DB4.job
15-01-2005 09:00 256 ABEBF87D90386D95.job
15-01-2005 09:00 256 AC92E44890C99604.job
15-01-2005 09:00 256 AC9DEA19919E9C95.job
15-01-2005 09:00 256 ACAE77AE91FDF43E.job
15-01-2005 09:00 260 AE1EDA0E91854AFA.job
15-01-2005 09:00 260 AE4EEE8491859F00.job
15-01-2005 09:00 256 AE62EBD791ED611B.job
15-01-2005 09:00 256 AE7CDB5E918B4C16.job
15-01-2005 09:00 260 AED2F17591856195.job
15-01-2005 09:00 260 AFC1E74E91269CAA.job
15-01-2005 09:00 260 B057CAC7903C7B93.job
15-01-2005 09:00 260 B1A5CF9690C246BA.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 09:04 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:03 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 09:05 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 08:58 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 09:04 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
45 bestand(en) 13.013 bytes
Map van C:\WINDOWS\system32 - Jacie,
Kopieer onderstaande code in een kladblokbestand. Sla het op als deljob.bat. Zorg dat bij opslaan als type het volgende geselecteerd is: Alle bestanden (*.*).
[code:1:de24a89963]
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A2990C5C91BA80A0.job
attrib -r -s -h A40218AD91559329.job
attrib -r -s -h A424739E91B7E6EA.job
attrib -r -s -h A426230A91A9DC96.job
attrib -r -s -h A44F1DF09184987C.job
attrib -r -s -h A51FF3E1900067F9.job
attrib -r -s -h A7A4D34791AF4CA3.job
attrib -r -s -h A8110BAE910E830A.job
attrib -r -s -h A87241C49185F88C.job
attrib -r -s -h A8884C97908BC377.job
attrib -r -s -h A892295591E1A4C9.job
attrib -r -s -h A8E15D0591E2CDC5.job
attrib -r -s -h A91A26489181DE24.job
attrib -r -s -h A9600EE691D78A8A.job
attrib -r -s -h A9C8C07991877761.job
attrib -r -s -h AA62B8F69089334A.job
attrib -r -s -h AA674ED490B0C0AC.job
attrib -r -s -h AABFCFF991AC4491.job
attrib -r -s -h AB6BCBA7915042F7.job
attrib -r -s -h AB964CAB91DDC2BB.job
attrib -r -s -h ABDBFFAC91B07DB4.job
attrib -r -s -h ABEBF87D90386D95.job
attrib -r -s -h AC92E44890C99604.job
attrib -r -s -h AC9DEA19919E9C95.job
attrib -r -s -h ACAE77AE91FDF43E.job
attrib -r -s -h AE1EDA0E91854AFA.job
attrib -r -s -h AE4EEE8491859F00.job
attrib -r -s -h AE62EBD791ED611B.job
attrib -r -s -h AE7CDB5E918B4C16.job
attrib -r -s -h AED2F17591856195.job
attrib -r -s -h AFC1E74E91269CAA.job
attrib -r -s -h B057CAC7903C7B93.job
attrib -r -s -h B1A5CF9690C246BA.job
del A1A1A0CC91965490.job
del A2990C5C91BA80A0.job
del A40218AD91559329.job
del A424739E91B7E6EA.job
del A426230A91A9DC96.job
del A44F1DF09184987C.job
del A51FF3E1900067F9.job
del A7A4D34791AF4CA3.job
del A8110BAE910E830A.job
del A87241C49185F88C.job
del A8884C97908BC377.job
del A892295591E1A4C9.job
del A8E15D0591E2CDC5.job
del A91A26489181DE24.job
del A9600EE691D78A8A.job
del A9C8C07991877761.job
del AA62B8F69089334A.job
del AA674ED490B0C0AC.job
del AABFCFF991AC4491.job
del AB6BCBA7915042F7.job
del AB964CAB91DDC2BB.job
del ABDBFFAC91B07DB4.job
del ABEBF87D90386D95.job
del AC92E44890C99604.job
del AC9DEA19919E9C95.job
del ACAE77AE91FDF43E.job
del AE1EDA0E91854AFA.job
del AE4EEE8491859F00.job
del AE62EBD791ED611B.job
del AE7CDB5E918B4C16.job
del AED2F17591856195.job
del AFC1E74E91269CAA.job
del B057CAC7903C7B93.job
del B1A5CF9690C246BA.job
[/code:1:de24a89963]
Start de computer opnieuw.
Maak een nieuwe hijackthislog en post deze.
Maak ook een nieuw logje met vindjob.bat. Post dit ook.
Succes.
Marc - Logfile of HijackThis v1.99.0
Scan saved at 11:19:02, on 15-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
en nou vindjob
Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
15-01-2005 11:18 <DIR> .
15-01-2005 11:18 <DIR> ..
15-01-2005 11:00 256 A1A1A0CC91965490.job
15-01-2005 11:00 256 A45EDFE491B958A8.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 08:58 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
13 bestand(en) 4.775 bytes
Map van C:\WINDOWS\system32 - Zelfde verhaal voor:
[code:1:60aa66ba14]
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A1A1A0CC91965490.job
attrib -r -s -h A45EDFE491B958A8.job
del A1A1A0CC91965490.job
del A45EDFE491B958A8.job
[/code:1:60aa66ba14]
Sla op als deljob.bat. Run de Bat.
Reboot de computer.
Nadien terug 2 nieuwe logjes.
Fix jezelf items in de hijackthislog? - neej ik
fix geen logjes. Maar als het weer terug komt gebruik in de newuninstall en de toolbaruninstall. Ik heb echter het idee dat er steeds wat achterblijft want het komt steeds terug.
Groetjes jaco
(ik ga strak dat deljob weer doen) - met vindjob:
Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
15-01-2005 12:21 <DIR> .
15-01-2005 12:21 <DIR> ..
15-01-2005 12:02 256 AE1CD500912B4618.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 12:21 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 12:20 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 12:18 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 12:20 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
12 bestand(en) 4.519 bytes
Map van C:\Documents and Settings\J. Hollebrandse\Bureaublad
met hijack this:
Logfile of HijackThis v1.99.0
Scan saved at 12:23:51, on 15-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe - [code:1:c3c877c9dc]
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h AE1CD500912B4618.job
del AE1CD500912B4618.job
[/code:1:c3c877c9dc]
Opslaan als deljob.bat en runnen.
Nadien graag een nieuwe hijackthislog en een nieuwe log van vindjob.bat
Gebruik voorlopig niet die uninstallers als ik het niet aangeef. Doe gewoon wat ik vraag. - hijack this:
Logfile of HijackThis v1.99.0
Scan saved at 18:21:30, on 17-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\J. Hollebrandse\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
vindjob:
Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
17-01-2005 18:19 <DIR> .
17-01-2005 18:19 <DIR> ..
17-01-2005 16:08 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
17-01-2005 18:16 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
17-01-2005 15:29 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
17-01-2005 18:20 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
17-01-2005 16:01 6 SA.DAT
17-01-2005 16:02 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
17-01-2005 18:19 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
11 bestand(en) 4.263 bytes
Map van C:\Documents and Settings\J. Hollebrandse\Bureaublad - Deze kan je fixen:
[b:ae7380394a]O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe[/b:ae7380394a]
Problemen lijken me opgelost? - hey mark
Ik heb het idee dat de administrators account nu schoon is.
Er is echter nog een andere account waar ik nog wel lop in vind.
Moet ik het nu uit de administrators account scannen of uit de besmette account.
ps.: sorry dat ik zo laat reageerde - Uit de besmette account.
- ok marc
ik heb gescand met hijackthis and vindjob.bat
Eerst maar vindjob.bat
Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
15-01-2005 11:18 <DIR> .
15-01-2005 11:18 <DIR> ..
15-01-2005 11:00 256 A1A1A0CC91965490.job
15-01-2005 11:00 256 A45EDFE491B958A8.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 08:58 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
13 bestand(en) 4.775 bytes
Map van C:\WINDOWS\system32
en nu hijack this
Logfile of HijackThis v1.99.0
Scan saved at 19:58:28, on 19-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
c:\progra~1\intern~1\iexplore.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Annet\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zsmrburigldgtvmldetfyv.com/EsmWrh7YNTreTY2bFnZ8KohsIRKY2IWUjiy6RuIq8ZY7J9NwsLgWs6gnFNxNixHn.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Annet\APPLIC~1\KNOBRO~1\mail wma.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
hey alvast heel erg bedankt voor het cleanen van de administrators account - Deljob.bat wordt dit:
[code:1:1b3e6ed297]
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A1A1A0CC91965490.job
attrib -r -s -h A45EDFE491B958A8.job
del A1A1A0CC91965490.job
del A45EDFE491B958A8.job
[/code:1:1b3e6ed297]
Deze fixen met Hijackthis:
[b:1b3e6ed297]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zsmrburigldgtvmldetfyv.com/EsmWrh7YNTreTY2bFnZ8KohsIRKY2IWUjiy6RuIq8ZY7J9NwsLgWs6gnFNxNixHn.html
O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Annet\APPLIC~1\KNOBRO~1\mail wma.exe
[/b:1b3e6ed297]
Verwijder deze map: C:\DOCUME~1\Annet\APPLIC~1\KNOBRO~1
Herstart en maak nieuwe logjes. Post ze.
groeten, - hijack this:
Logfile of HijackThis v1.99.0
Scan saved at 21:10:43, on 19-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Annet\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O23 - Service: McAfee Privacy Service - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
vindjob:
Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
15-01-2005 11:18 <DIR> .
15-01-2005 11:18 <DIR> ..
15-01-2005 11:00 256 A1A1A0CC91965490.job
15-01-2005 11:00 256 A45EDFE491B958A8.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 08:58 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
13 bestand(en) 4.775 bytes
Map van C:\WINDOWS\system32 - Volgens mij post je niet het juiste logje van vindjob.bat…
Het verbaast me trouwens dat die random.job bestanden er weer instaan..
Controleer even als je wil. - Jaco,
Er loopt toch iets mis hoor met het vindjob-logje
Vergelijk maar eens:
[code:1:6696962452]
15-01-2005 11:00 256 A1A1A0CC91965490.job
15-01-2005 11:00 256 A45EDFE491B958A8.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 08:58 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
13 bestand(en) 4.775 bytes[/code:1:6696962452]
In de startuplist komen ze niet voor.
[code:1:6696962452]
Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
McAfee Privacy Service - Scan door Anti-spyware.job
Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
WebReg 20041007234018.job
[/code:1:6696962452]
Ik neem aan dat de problemen opgelost zijn? - ik denk dat je gelijk hebt
k heb ff opnieuw gescand en hier is het resultaat
Het volume in station C heeft geen naam.
Het volumenummer is 748D-79EA
Map van c:\windows\tasks
15-01-2005 11:18 <DIR> .
15-01-2005 11:18 <DIR> ..
15-01-2005 11:00 256 A1A1A0CC91965490.job
15-01-2005 11:00 256 A45EDFE491B958A8.job
15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
07-09-2001 13:00 65 desktop.ini
26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
15-01-2005 08:58 6 SA.DAT
15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
26-11-2004 23:40 484 WebReg 20041007234018.job
13 bestand(en) 4.775 bytes
Map van C:\WINDOWS\system32 - Op 17-01 zie ik een logje van je waar deze 2 ontbreken.
[code:1:c26491a96e]15-01-2005 11:00 256 A1A1A0CC91965490.job
15-01-2005 11:00 256 A45EDFE491B958A8.job[/code:1:c26491a96e]
Lijkt me sterk dat deze bestanden plotseling terugkomen met de datum 15-01…
Dit is nog steeds het verkeerde logje volgens mij.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
