Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijack log ivm browserkaping

Anoniem
None
17 antwoorden
  • Ik heb sinds kort een paar klachten. Ten eerste wil hij de startpagina van internet explorer steeds wijzigen.
    verder krijg ik steeds 2 icoontjes op het bureaublad: apple ipod offer en nog iets van mobieltjes.

    Weet iemand wat dit is?

    Ik plaats hieronder mijn hijack log.

    Alvast bedankt.


    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:30, on 25-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    D:\Program Files\Mozilla Firefox 1.0.1\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Jaco\LOCALS~1\Temp\Rar$EX00.336\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spkkquxdstpqqddjkeolkyxs.us/6v_UgJKjfrdGVlVl/35eOi8GJlK76KS0_R2SMNGZFDoKCxhWbBTegiAIbYSW/nvJ.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [bqquqi] c:\windows\system32\bqquqi.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RollerCoasterTycoon2.exe] C:\DOCUME~1\Jaco\BUREAU~1\ROLLER~1.EXE

    O4 - HKCU\..\Run: [RCT2_TT.exe] C:\DOCUME~1\Jaco\BUREAU~1\RCT2_T~1.EXE

    O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOCUME~1\Jaco\BUREAU~1\MONSTE~1.EXE

    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Jaco\APPLIC~1\KNOBRO~1\mail wma.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: hp psc 1000 series.lnk.disabled
    O4 - Global Startup: hpoddt01.exe.lnk.disabled
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe





  • nog even wat.
    Adaware spybot en microsoft antispyware vonden nikz.
    Ikzelf vind dit eruit zien als lop.
  • Is inderdaad lop.
    Als je messengerPlus nog geïnstalleerd hebt, de-installeer die dan.

    Open kladblok en kopieer en plak het volgende erin:
    [code:1:6137076fac]
    dir %Windir%\tasks\*.job /a:h > files.txt
    notepad files.txt
    [/code:1:6137076fac]
    Sla dit op als findjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.
    Dubbelklik op findjob.bat en post de inhoud van het txtbestandje die je verkrijgt, samen met een nieuw logje van HijackThis .

    grtz,

    Beamerke
  • ok.
    Messenger plus had ik al niet meer sinds ik de eerste keer lop had.
    Dit heb ik er toen af gekregen met behulp van marc.

    Ik kreeg dit van findjob.bat:



    Het volume in station C heeft geen naam.
    Het volumenummer is 748D-79EA

    Map van c:\windows\tasks

    15-01-2005 11:18 <DIR> .
    15-01-2005 11:18 <DIR> ..
    15-01-2005 11:00 256 A1A1A0CC91965490.job
    15-01-2005 11:00 256 A45EDFE491B958A8.job
    15-01-2005 08:54 478 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Annet).job
    15-01-2005 11:18 498 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
    15-01-2005 09:38 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Jaco).job
    15-01-2005 11:15 476 Controle op updates door McAfee.com (J-AQH0VEW8JJXEQ-Koen).job
    07-09-2001 13:00 65 desktop.ini
    26-11-2004 23:40 410 FRU Task #Hewlett-Packard#hp psc 1200 series#1097000766.job
    14-01-2005 16:00 486 McAfee Privacy Service - Scan door Anti-spyware.job
    15-01-2005 08:58 6 SA.DAT
    15-01-2005 08:58 432 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-Annet).job
    15-01-2005 11:17 452 Scannen op virussen via McAfee.com - Mijn computer (J-AQH0VEW8JJXEQ-J. Hollebrandse).job
    26-11-2004 23:40 484 WebReg 20041007234018.job
    13 bestand(en) 4.775 bytes

    Map van C:\WINDOWS\system32
  • Open kladblok en kopieer en plak het volgende erin:
    [code:1:2086fbb72a]
    %systemdrive%
    cd C:\WINDOWS\Tasks
    attrib -r -s -h A1A1A0CC91965490.job
    del A1A1A0CC91965490.job
    attrib -r -s -h A45EDFE491B958A8.job
    del A45EDFE491B958A8.job
    [/code:1:2086fbb72a]

    Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.
    Dubbelklik op remjob.bat.

    Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier, samen met een logje van HijackThis (niet vergeten deze keer)
  • ok.
    Hier komt het spul:


    hijack this:


    Logfile of HijackThis v1.99.1
    Scan saved at 10:32:55, on 26-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Documents and Settings\Jaco\Bureaublad\HijackThis.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32
    otepad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocptezqqqsbicslpj.biz/6v_UgJKjfrdGVlVl/35eOi8GJlK76KS0_R2SMNGZFDomYjrH_fdZ9yAIbYSW/nvJ.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [bqquqi] c:\windows\system32\bqquqi.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RollerCoasterTycoon2.exe] C:\DOCUME~1\Jaco\BUREAU~1\ROLLER~1.EXE

    O4 - HKCU\..\Run: [RCT2_TT.exe] C:\DOCUME~1\Jaco\BUREAU~1\RCT2_T~1.EXE

    O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOCUME~1\Jaco\BUREAU~1\MONSTE~1.EXE

    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Mp3 vc] C:\DOCUME~1\Jaco\APPLIC~1\KNOBRO~1\mail wma.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: hp psc 1000 series.lnk.disabled
    O4 - Global Startup: hpoddt01.exe.lnk.disabled
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe





    findjob:




    Het volume in station C heeft geen naam.
    Het volumenummer is 748D-79EA

    Map van C:\WINDOWS\tasks

    26-03-2005 10:00 256 A0D35FE39184DE03.job
    26-03-2005 10:00 256 AA2B563691E8D106.job
    2 bestand(en) 512 bytes
    0 map(pen) 1.028.255.744 bytes beschikbaar






  • Open kladblok en kopieer en plak het volgende erin:
    [code:1:99defcd9ae]
    %systemdrive%
    cd C:\WINDOWS\Tasks
    attrib -r -s -h A0D35FE39184DE03.job
    del A0D35FE39184DE03.job
    attrib -r -s -h AA2B563691E8D106.job
    del AA2B563691E8D106.job
    [/code:1:99defcd9ae]

    Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.
    Dubbelklik op remjob.bat.

    Zet ook even je teatimer en je spysweeper voorlopig af en laat deze niet opstarten samen met windows volgende keer want het kan de veranderingen die je zelf op je systeem aanbrengt terug ongedaan maken.
    Lees hier hoe je teatimer moet uitschakelen: http:/
    usselltexas.com/malware/teatimer.htm


    Open HijackThis en vink volgende regels aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocptezqqqsbicslpj.biz/6v_UgJKjfrdGVlVl/35eOi8GJlK76KS0_R2SMNGZFDomYjrH_fdZ9yAIbYSW/nvJ.html
    O4 - HKLM\..\Run: [bqquqi] c:\windows\system32\bqquqi.exe

    sluit alle vensters behalve HijackThis, en klik op "fix checked"

    Zorg dat alle verborgen bestanden weergegeven worden

    zoek daarna via verkenner naar volgend bestand en verwijder het:

    c:\windows\system32\bqquqi.exe <==dit bestand


    Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier, samen met een nieuw logje van HijackThis
  • ff opmerking.
    Ik heb geen (webroot) spysweeper.
    Of bedoel je een andere?
    Ik zal je instructies uitvoeren en je krijgt straks hijack this.

    Groeten en bedankt van jaco
  • hey inderdaad.
    Ik zie in spybot bij system startup dat ie nog gedraaid word.
    Ik dacht dat ik hem verwijderd had.
    k ga gelijk ff kijken.
  • er zit helemaal niks meer in die map.
    Spysweeper kan dus niet meer draaien.
    Ik zal hem voor de zekerheid nog ff afvinken bij system startup.
  • ok beamerke.
    Hier zijn de logs.

    findjob:

    Het volume in station C heeft geen naam.
    Het volumenummer is 748D-79EA

    Map van C:\WINDOWS\tasks

    26-03-2005 13:00 256 A0D35FE39184DE03.job
    26-03-2005 13:00 256 AA2B563691E8D106.job
    2 bestand(en) 512 bytes
    0 map(pen) 1.028.534.272 bytes beschikbaar


    hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 13:21:15, on 26-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    D:\Program Files\Mozilla Firefox 1.0.1\firefox.exe
    C:\Documents and Settings\Jaco\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: hp psc 1000 series.lnk.disabled
    O4 - Global Startup: hpoddt01.exe.lnk.disabled
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


  • ok, we maken vorderingen :wink:

    Open kladblok en kopieer en plak het volgende erin:
    [code:1:5119ee0c8d]
    %systemdrive%
    cd C:\WINDOWS\Tasks
    attrib -r -s -h A0D35FE39184DE03.job
    del A0D35FE39184DE03.job
    attrib -r -s -h AA2B563691E8D106.job
    del AA2B563691E8D106.job
    [/code:1:5119ee0c8d]

    Sla dit op als remjob.bat , kies onder opslaan voor alle bestanden en plaats het op je bureaublad.
    Dubbelklik op remjob.bat.

    Reboot je pc en dubbelklik op findjob.bat en post terug de inhoud van de tekst hier.
  • ok

    Findjob.bat

    Het volume in station C heeft geen naam.
    Het volumenummer is 748D-79EA

    Map van C:\WINDOWS\tasks


    ziet er goed uit.
  • Ziet er inderdaad goed uit :wink:
    Kan je nog eens een logje van HijackThis plaatsen? Het is maar dat ik echt zeker wil zijn dat alles ook effectief weg is :wink:
  • hijack log:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:37:19, on 26-3-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Documents and Settings\Jaco\Bureaublad\HijackThis.exe
    D:\Program Files\Real\RealPlayer\RealPlay.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: hp psc 1000 series.lnk.disabled
    O4 - Global Startup: hpoddt01.exe.lnk.disabled
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - D:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
    O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - D:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe





    En bedankt beamerke


  • ok, nu ben ik ook gerust. Je logje is schoon!! :D :D :D

    Veel plezier terug :D
  • ok beamerke.
    Bedankt voor alles.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.