Volledige versie bekijken : logfile HijackThis scorpio_charly



scorpio_charly
31 August 2005, 11:23
Logfile of HijackThis v1.99.1
Scan saved at 11:14:43, on 31/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\powerman.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Videobewerking\Daemon Tools\daemon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ONDERH~1\ASHAMP~1\PopUpKiller.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Onderhoud PC\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xbauhiuxkc.com/FJXSAAUyRDPGzNm2BnDCOdPAR_ULFLz8tf5s5FYW2o0mC3e/Z8TD217VrZnR770e.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com (http://www.aldi.com/)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\ONDERH~1\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Onderhoud PC\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2AC4556-167F-6F7A-DC63-612FD8257ED9} - C:\DOCUME~1\KARLSI~1\APPLIC~1\BOWSMA~1\defy base.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Videobewerking\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SHOW EQ MAPI BOLT] C:\Documents and Settings\All Users\Application Data\Vga View Show Eq\Lockscomp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\ONDERH~1\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [vga browse] C:\DOCUME~1\KARLSI~1\APPLIC~1\COALAI~1\idle view.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted Zone: http://ny.contentmatch.net (http://ny.contentmatch.net/) (HKLM)
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {297F2B65-017C-11D5-A128-00D0B7869AD6} (SpectorPhotoUploader Control) - http://www.spector.be/import/spu.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/2/en/SysWebTelecomInt.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

jurgenv
31 August 2005, 13:14
* ga naar start==>configuratiescherm==>software en de-installeer het volgende:
messenger plus <== je hebt die met sponsers geïnstalleerd! dit verklaard die icoontjes op je bureaulad en die blauwe taakbalk onderaan in internet explorer

* open hijackthis en ink volgende regels aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xbauhiuxkc.com/FJXSAAUyR...7VrZnR770e.html
O2 - BHO: (no name) - {F2AC4556-167F-6F7A-DC63-612FD8257ED9} - C:\DOCUME~1\KARLSI~1\APPLIC~1\BOWSMA~1\defy base.exe
O4 - HKLM\..\Run: [SHOW EQ MAPI BOLT] C:\Documents and Settings\All Users\Application Data\Vga View Show Eq\Lockscomp.exe
O4 - HKCU\..\Run: [vga browse] C:\DOCUME~1\KARLSI~1\APPLIC~1\COALAI~1\idle view.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/2/e...bTelecomInt.cab

* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* start je pc in veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Maak verborgen mappen en bestanden zichtbaar:
Start -> configuratiescherm -> mapopties -> weergave
dan het vinkje weghalen bij "beveiligde systeembesturingsbestanden verbergen"
onderaan dit lijstje plaats je een vinkje bij "verborgen bestanden en mappen weergeven" en je sluit af met OK te klikken.

* verwijder volgende mappen:

C:\Documents and Settings\All Users\Application Data\Vga View Show Eq
C:\Documents and Settings\KARLSI~1\Application Data\BOWSMA~1 <== de map die begint met de letters 'BOWSMA'
C:\Documents and Settings\KARLSI~1\Application Data\COALAI~1 <== de map die begint met de letters 'COALAI'

* start je pc weer normaal

* Open kladblok en kopieer en plak het volgende erin:


dir %Windir%\tasks /a h > files.txt
notepad files.txt


* Sla dit op als findjobs.bat , kies voor opslaan als alle bestanden en plaats het op je bureaublad.
Dubbelklik op findjobs.bat en post de inhoud van het txtbestandje die je dan krijgt hier met een nieuw hijackthis logje.

scorpio_charly
1 September 2005, 19:29
Bij het deïnstalleren van Messenger plus heb ik enkel de sponsors verwijderd. Daardoor waren enkele dingen die ik moest aanvinken reeds verwijderd. Hierna
Map van C:\WINDOWS\tasks

01/09/2005 19:04 <DIR> .
01/09/2005 19:04 <DIR> ..
01/09/2005 19:00 264 A00F13E2918091C6.job
01/09/2005 19:00 264 A19458899183D0AD.job
01/09/2005 19:00 264 A1ECD5B991834E05.job
01/09/2005 19:00 264 A26FC3FB91807743.job
01/09/2005 19:00 264 A2FFA65B918421BB.job
01/09/2005 19:00 264 A3245DD99183DBD5.job
01/09/2005 19:00 264 A42032EF9183AD5F.job
01/09/2005 19:00 264 A447EC7B918066E3.job
01/09/2005 19:00 264 A455D90E918A52A2.job
01/09/2005 19:00 264 A523F66691806DFE.job
01/09/2005 19:00 264 A56E454B9195FEB7.job
01/09/2005 19:00 264 A608611E91881B06.job
01/09/2005 19:00 264 A644EA4F9153658F.job
01/09/2005 19:00 264 A7047FC791B7FB43.job
01/09/2005 19:00 264 A7CFE88C91949E2C.job
01/09/2005 19:00 264 A7DED89A91B14CB2.job
01/09/2005 19:00 264 A7DF9ED0918417E0.job
01/09/2005 19:00 264 A813122491808900.job
01/09/2005 19:00 264 A81BBDCF9180343B.job
01/09/2005 19:00 264 A83C127E9183894E.job
01/09/2005 19:00 264 A85780FC918037C4.job
01/09/2005 19:00 264 A8781CCE918393CE.job
01/09/2005 19:00 264 A89BCB45918041B5.job
01/09/2005 19:00 264 A8CFB4D291842ADE.job
01/09/2005 19:00 264 A900D173918348CB.job
01/09/2005 19:00 264 A92CDDAF9183558F.job
01/09/2005 19:00 264 A954D792919B51FE.job
01/09/2005 19:00 264 A968FC5D91837379.job
01/09/2005 19:00 264 A9A025A99183DCC9.job
01/09/2005 19:00 264 A9BBA8EF9180207F.job
01/09/2005 19:00 264 A9BC0C35918382A5.job
01/09/2005 19:00 264 A9C4E7F291839F1E.job
01/09/2005 19:00 264 A9CC1AF2918391FA.job
01/09/2005 19:00 264 A9EB9AA9918411C1.job
01/09/2005 19:00 264 AA241A8C91838F94.job
01/09/2005 19:00 264 AA48418F9183F617.job
01/09/2005 19:00 268 AA52DB6B91A14FCB.job
01/09/2005 19:00 264 AA6C291C9183DDBC.job
01/09/2005 19:00 264 AA9D363A91A2A692.job
01/09/2005 19:00 264 AABC1FF391839447.job
01/09/2005 19:00 264 AACC14CF918388CF.job
01/09/2005 19:00 264 AAD9174A918A952A.job
01/09/2005 19:00 264 AAE0E49F918398A3.job
01/09/2005 19:00 264 AAE411369183855E.job
01/09/2005 19:00 264 AAE41EAA91839352.job
01/09/2005 19:00 264 AB040B7191838139.job
01/09/2005 19:00 264 AB08E1B891839764.job
01/09/2005 19:00 264 AB3CED4191836351.job
01/09/2005 19:00 264 AB40F88B91836E3F.job
01/09/2005 19:00 264 AB4C1E9491839414.job
01/09/2005 19:00 264 AB4CFE78918373F8.job
01/09/2005 19:00 264 AB5643DE9185F79E.job
01/09/2005 19:00 264 AB67225E9184D7E2.job
01/09/2005 19:00 264 AB7C1CBF91839277.job
01/09/2005 19:00 264 AB846C5A9183E222.job
01/09/2005 19:00 264 AB84AE0E91872322.job
01/09/2005 19:00 264 AB8CB016911F5F5E.job
01/09/2005 19:00 264 ABBFC5C791807B2F.job
01/09/2005 19:00 264 ABC0000F9183B943.job
01/09/2005 19:00 264 AC092EBC918AA194.job
01/09/2005 19:00 264 AC0B9C3591800EF1.job
01/09/2005 19:00 264 AC5312F4918486E4.job
01/09/2005 19:00 264 AC6772CA9344EDF6.job
01/09/2005 19:00 264 AC83091D9180BB41.job
01/09/2005 19:00 264 ACDA048D9181B6B9.job
01/09/2005 19:00 264 ACDF87219184395D.job
01/09/2005 19:00 264 AD0CF3D991836799.job
01/09/2005 19:00 264 AD3C1CED918390E5.job
01/09/2005 19:00 264 AD58E3D491839740.job
01/09/2005 19:00 264 ADF2E89A91A962A2.job
01/09/2005 19:00 264 AE1BAAA391885B63.job
01/09/2005 19:00 264 AE2CDD41918B4EC9.job
01/09/2005 19:00 264 AE5841DE9183F24A.job
01/09/2005 19:00 264 AEA8A29A918352E6.job
01/09/2005 19:00 264 AEAA20F09181D15C.job
01/09/2005 19:00 264 AEAB46A49180F904.job
01/09/2005 19:00 264 AED06184918011B8.job
01/09/2005 19:00 264 AED3E235906495E5.job
01/09/2005 19:00 264 AED7910391A80543.job
01/09/2005 19:00 264 AEF9EF8D918A6E15.job
01/09/2005 19:00 264 AF0439E3918BB357.job
01/09/2005 19:00 264 AF1326EE9180D8C2.job
01/09/2005 19:00 264 AF18596C9183CB58.job
01/09/2005 19:00 264 AF1FD24E91845062.job
01/09/2005 19:00 264 AF2C5D749183CF5C.job
01/09/2005 19:00 264 AF2C5EF39183D0D3.job
01/09/2005 19:00 264 AFA236259181A789.job
01/09/2005 19:00 264 AFB479699183EAE9.job
01/09/2005 19:00 264 AFC45B0691BFCDF6.job
01/09/2005 19:00 264 AFE8B36D918724B5.job
01/09/2005 19:00 264 B6453E92911EAF5E.job
11/09/2002 14:00 65 desktop.ini
26/08/2005 17:30 294 One Button Checkup van Norton SystemWorks.job
01/09/2005 19:10 6 SA.DAT
30/08/2005 00:00 322 Symantec Drmc.job
12/10/2004 17:54 414 Symantec NetDetect.job
96 bestand(en) 25.129 bytes

Map van C:\Documents and Settings\Karl Simoens\Bureaublad volgt het nieuwe logje. Bedankt voor de hulp.

jurgenv
1 September 2005, 20:21
* Open kladblok en kopieer en plak het volgende erin:

%systemdrive%
cd %WinDir%\Tasks
attrib -r -s -h A00F13E2918091C6.job
del A00F13E2918091C6.job
attrib -r -s -h A19458899183D0AD.job
del A19458899183D0AD.job
attrib -r -s -h A1ECD5B991834E05.job
del A1ECD5B991834E05.job
attrib -r -s -h A26FC3FB91807743.job
del A26FC3FB91807743.job
attrib -r -s -h A2FFA65B918421BB.job
del A2FFA65B918421BB.job
attrib -r -s -h A3245DD99183DBD5.job
del A3245DD99183DBD5.job
attrib -r -s -h A42032EF9183AD5F.job
del A42032EF9183AD5F.job
attrib -r -s -h A447EC7B918066E3.job
del A447EC7B918066E3.job
attrib -r -s -h A455D90E918A52A2.job
del A455D90E918A52A2.job
attrib -r -s -h A523F66691806DFE.job
del A523F66691806DFE.job
attrib -r -s -h A56E454B9195FEB7.job
del A56E454B9195FEB7.job
attrib -r -s -h A608611E91881B06.job
del A608611E91881B06.job
attrib -r -s -h A644EA4F9153658F.job
del A644EA4F9153658F.job
attrib -r -s -h A7047FC791B7FB43.job
del A7047FC791B7FB43.job
attrib -r -s -h A7CFE88C91949E2C.job
del A7CFE88C91949E2C.job
attrib -r -s -h A7DED89A91B14CB2.job
del A7DED89A91B14CB2.job
attrib -r -s -h A7DF9ED0918417E0.job
del A7DF9ED0918417E0.job
attrib -r -s -h A813122491808900.job
del A813122491808900.job
attrib -r -s -h A81BBDCF9180343B.job
del A81BBDCF9180343B.job
attrib -r -s -h A83C127E9183894E.job
del A83C127E9183894E.job
attrib -r -s -h A85780FC918037C4.job
del A85780FC918037C4.job
attrib -r -s -h A8781CCE918393CE.job
del A8781CCE918393CE.job
attrib -r -s -h A89BCB45918041B5.job
del A89BCB45918041B5.job
attrib -r -s -h A8CFB4D291842ADE.job
del A8CFB4D291842ADE.job
attrib -r -s -h A900D173918348CB.job
del A900D173918348CB.job
attrib -r -s -h A92CDDAF9183558F.job
del A92CDDAF9183558F.job
attrib -r -s -h A954D792919B51FE.job
del A954D792919B51FE.job
attrib -r -s -h A968FC5D91837379.job
del A968FC5D91837379.job
attrib -r -s -h A9A025A99183DCC9.job
del A9A025A99183DCC9.job
attrib -r -s -h A9BBA8EF9180207F.job
del A9BBA8EF9180207F.job
attrib -r -s -h A9BC0C35918382A5.job
del A9BC0C35918382A5.job
attrib -r -s -h A9C4E7F291839F1E.job
del A9C4E7F291839F1E.job
attrib -r -s -h A9CC1AF2918391FA.job
del A9CC1AF2918391FA.job
attrib -r -s -h A9EB9AA9918411C1.job
del A9EB9AA9918411C1.job
attrib -r -s -h AA241A8C91838F94.job
del AA241A8C91838F94.job
attrib -r -s -h AA48418F9183F617.job
del AA48418F9183F617.job
attrib -r -s -h AA52DB6B91A14FCB.job
del AA52DB6B91A14FCB.job
attrib -r -s -h AA6C291C9183DDBC.job
del AA6C291C9183DDBC.job
attrib -r -s -h AA9D363A91A2A692.job
del AA9D363A91A2A692.job
attrib -r -s -h AABC1FF391839447.job
del AABC1FF391839447.job
attrib -r -s -h AACC14CF918388CF.job
del AACC14CF918388CF.job
attrib -r -s -h AAD9174A918A952A.job
del AAD9174A918A952A.job
attrib -r -s -h AAE0E49F918398A3.job
del AAE0E49F918398A3.job
attrib -r -s -h AAE411369183855E.job
del AAE411369183855E.job
attrib -r -s -h AAE41EAA91839352.job
del AAE41EAA91839352.job
attrib -r -s -h AB040B7191838139.job
del AB040B7191838139.job
attrib -r -s -h AB08E1B891839764.job
del AB08E1B891839764.job
attrib -r -s -h AB3CED4191836351.job
del AB3CED4191836351.job
attrib -r -s -h AB40F88B91836E3F.job
del AB40F88B91836E3F.job
attrib -r -s -h AB4C1E9491839414.job
del AB4C1E9491839414.job
attrib -r -s -h AB4CFE78918373F8.job
del AB4CFE78918373F8.job
attrib -r -s -h AB5643DE9185F79E.job
del AB5643DE9185F79E.job
attrib -r -s -h AB67225E9184D7E2.job
del AB67225E9184D7E2.job
attrib -r -s -h AB7C1CBF91839277.job
del AB7C1CBF91839277.job
attrib -r -s -h AB846C5A9183E222.job
del AB846C5A9183E222.job
attrib -r -s -h AB84AE0E91872322.job
del AB84AE0E91872322.job
attrib -r -s -h AB8CB016911F5F5E.job
del AB8CB016911F5F5E.job
attrib -r -s -h ABBFC5C791807B2F.job
del ABBFC5C791807B2F.job
attrib -r -s -h ABC0000F9183B943.job
del ABC0000F9183B943.job
attrib -r -s -h AC092EBC918AA194.job
del AC092EBC918AA194.job
attrib -r -s -h AC0B9C3591800EF1.job
del AC0B9C3591800EF1.job
attrib -r -s -h AC5312F4918486E4.job
del AC5312F4918486E4.job
attrib -r -s -h AC6772CA9344EDF6.job
del AC6772CA9344EDF6.job
attrib -r -s -h AC83091D9180BB41.job
del AC83091D9180BB41.job
attrib -r -s -h ACDA048D9181B6B9.job
del ACDA048D9181B6B9.job
attrib -r -s -h ACDF87219184395D.job
del ACDF87219184395D.job
attrib -r -s -h AD0CF3D991836799.job
del AD0CF3D991836799.job
attrib -r -s -h AD3C1CED918390E5.job
del AD3C1CED918390E5.job
attrib -r -s -h AD58E3D491839740.job
del AD58E3D491839740.job
attrib -r -s -h ADF2E89A91A962A2.job
del ADF2E89A91A962A2.job
attrib -r -s -h AE1BAAA391885B63.job
del AE1BAAA391885B63.job
attrib -r -s -h AE2CDD41918B4EC9.job
del AE2CDD41918B4EC9.job
attrib -r -s -h AE5841DE9183F24A.job
del AE5841DE9183F24A.job
attrib -r -s -h AEA8A29A918352E6.job
del AEA8A29A918352E6.job
attrib -r -s -h AEAA20F09181D15C.job
del AEAA20F09181D15C.job
attrib -r -s -h AEAB46A49180F904.job
del AEAB46A49180F904.job
attrib -r -s -h AED06184918011B8.job
del AED06184918011B8.job
attrib -r -s -h AED3E235906495E5.job
del AED3E235906495E5.job
attrib -r -s -h AED7910391A80543.job
del AED7910391A80543.job
attrib -r -s -h AEF9EF8D918A6E15.job
del AEF9EF8D918A6E15.job
attrib -r -s -h AF0439E3918BB357.job
del AF0439E3918BB357.job
attrib -r -s -h AF1326EE9180D8C2.job
del AF1326EE9180D8C2.job
attrib -r -s -h AF18596C9183CB58.job
del AF18596C9183CB58.job
attrib -r -s -h AF1FD24E91845062.job
del AF1FD24E91845062.job
attrib -r -s -h AF2C5D749183CF5C.job
del AF2C5D749183CF5C.job
attrib -r -s -h AF2C5EF39183D0D3.job
del AF2C5EF39183D0D3.job
attrib -r -s -h AFA236259181A789.job
del AFA236259181A789.job
attrib -r -s -h AFB479699183EAE9.job
del AFB479699183EAE9.job
attrib -r -s -h AFC45B0691BFCDF6.job
del AFC45B0691BFCDF6.job
attrib -r -s -h AFE8B36D918724B5.job
del AFE8B36D918724B5.job
attrib -r -s -h B6453E92911EAF5E.job
del B6453E92911EAF5E.job

* Sla dit op als remjobs.bat , kies voor opslaan als alle bestanden en plaats het op je bureaublad.
Dubbelklik op remjobs.bat. Een dosvenster zal vlug openen en sluiten. Dit is normaal.


* Dubbelklik opnieuw op findjobs.bat en plaats daarvan een nieuw logje met een nieuw hijackthis logje

scorpio_charly
2 September 2005, 00:32
Zoals gevraagd het volgende logje. Hoeveel maal moet je dat zo doen ?



De volumenaam van station C is BOOT
Het volumenummer is 2CA8-6C61
Map van C:\WINDOWS\tasks

02/09/2005 00:27 <DIR> .
02/09/2005 00:27 <DIR> ..
11/09/2002 14:00 65 desktop.ini
26/08/2005 17:30 294 One Button Checkup van Norton SystemWorks.job
02/09/2005 00:13 6 SA.DAT
30/08/2005 00:00 322 Symantec Drmc.job
12/10/2004 17:54 414 Symantec NetDetect.jo

jurgenv
2 September 2005, 17:16
ok, en het hijackthis logje?

scorpio_charly
3 September 2005, 12:10
Logfile of HijackThis v1.99.1
Scan saved at 12:07:01, on 3/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\powerman.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Videobewerking\Daemon Tools\daemon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ONDERH~1\ASHAMP~1\PopUpKiller.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Onderhoud PC\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\ONDERH~1\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Onderhoud PC\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Videobewerking\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\ONDERH~1\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {297F2B65-017C-11D5-A128-00D0B7869AD6} (SpectorPhotoUploader Control) - http://www.spector.be/import/spu.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

jurgenv
3 September 2005, 12:30
ziet er goed uit, ondervind je nog problemen?

scorpio_charly
6 September 2005, 08:33
Alles ziet er nu goed uit. Bedankt voor de hulp

jurgenv
6 September 2005, 16:05
graag gedaan