Volledige versie bekijken : vmmdiag32.exe
senna 25 February 2007, 11:09 Hello,
Bij het opstarten van de pc krijg ik deze boodschap vmmdiag32.exe
Hierbij vindt u een hijackthis log
dank u
Logfile of HijackThis v1.99.1
Scan saved at 10:10:20, on 25/02/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DirectX64] C:\WINNT\System32\DirectXset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wormexe] MNTP.exe
O4 - HKLM\..\Run: [borlandg] jopplerg.exe
O4 - HKLM\..\Run: [ms] c:\msupd02.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Uninstall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//303/Eyetide%20Installer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.telenet.be/gamezone/classes/ExentCtl.ocx
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/ssxtricky/ea/wtinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4841/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B4B9CC-B90E-4CD9-ABBA-80DBD9771050}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Juisterr 25 February 2007, 11:15 Download en installeer CCleaner (http://www.ccleaner.com/ccdownload.asp)
(De CCLeaner Yahoo Toolbar is niet nodig)
Nog niet gebruiken.
Installeer hijackthis.exe bijv. in C:\Program Files\Hijackthis
Dit in verband met de backups die dit programma maakt.
Download FixWareout van één van de volgende links:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe
Sla het op je bureaublad op en dubbelklik op Fixwareout.exe.
Klik op "Next", daarna op "Install".
Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
Volg de aanwijzingen op het scherm.
Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal.
Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).
Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log
Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
(kopieer de tekst naar bijv. Word en print dit uit)
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
O4 - HKLM\..\Run: [wormexe] MNTP.exe
O4 - HKLM\..\Run: [borlandg] jopplerg.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/w.../ea/wtinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B4B9CC-B90E-4CD9-ABBA-80DBD9771050}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
De volgende items zijn optioneel om te fixen:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:
Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen
Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven
Verwijder de volgende directories:
C:\Program Files\Common Files\BOONTY Shared\Service\
Als je problemen hebt met de internet verbinding, voer dan het volgende uit:
Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".
Plaats de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.
Start Ccleaner.
Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
Selecteer nu alleen de volgende items:
Internet Explorer:
- Tijdelijke Internet bestanden
Systeem:
- Prullenbak leegmaken
- Tijdelijke bestanden
klik nu in Ccleaner op opschonen (rechts onderaan).
plaats ook een nieuwe HJT logje aub.
senna 25 February 2007, 13:26 @Juisterr
bedankt voor je hulp
hieronder eerst het fixwareout report
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csucg.exe"
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}7793D6509299-50DA-6314-DCF8-A0BC9E41{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}2CC1B192E948-8158-B004-677B-DB49C705{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}1906E7A4D049-F0DB-3244-5B80-80AC1C5F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}BC3001B3B639-99CB-7DC4-B92D-5617FEB0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}8406C27840DD-6F19-E3A4-F4C2-0FAD9CDF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}72412D0541B0-797B-8BC4-A88F-B79473FF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}E27DF5CAAA49-64EA-9D44-ED82-FF84FDD6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}0A6FBAC0E6CC-D8DA-AAB4-FFAC-67FE4102{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}54C47AF324E2-C5C8-2724-460F-2D9F134F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}9B6DF4F531E2-FCEA-8144-59AE-EE2FA72F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "12" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "13" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "14" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "15" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "16" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "17" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "18" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "19" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "20" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "21" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "22" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "23" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "24" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "25" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "26" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "27" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "28" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "29" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "30" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "31" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "32" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "33" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "34" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "35" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "36" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "37" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "38" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "39" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "40" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "41" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "42" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "43" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "44" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "45" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "46" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "47" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "48" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "49" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "50" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "51" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "52" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "53" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "54" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "55" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "56" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "57" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "58" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "59" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}25DBA9ABC89D-0038-5954-4BE4-5D2105D2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}234EA0B33031-9828-1B64-4798-EB5E2C19{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}8C143CABF9C6-D95B-FF54-BB7A-EB25A09C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}B40BE1D6FBD3-E269-0CB4-5AB3-E24FAA50{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "}EF95DB20D426-599A-D144-3DD2-85126E08{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rui ns "cylmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "swen" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "owt" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "eerht" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "ruof" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "evif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "eno" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Url s "1mdm" Deleted
....
»»»»» Misc files.
C:\Documents and Settings\All Users\Favorieten\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorieten\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorieten\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorieten\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorieten\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorieten\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorieten\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorieten\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorieten\View ADULT photos of REAL GIRLS!.url Deleted
C:\WINNT\RDT.INI Deleted
C:\Documents and Settings\All Users\Favorieten\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorieten\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favorieten\Spyware Uninstall Deleted
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /install"
"DirectX64"="C:\\WINNT\\System32\\DirectXset.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"wormexe"="MNTP.exe"
"borlandg"="jopplerg.exe"
"ms"="c:\\msupd02.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
nu het Hijackthis report
Logfile of HijackThis v1.99.1
Scan saved at 12:26:53, on 25/02/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//303/Eyetide%20Installer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.telenet.be/gamezone/classes/ExentCtl.ocx
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://downloads.telenet.be/tisp/ols/fscax.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4841/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
en het sdfix report
SDFix: Version 1.68
Run by Administrator - zo 25/02/2007 @ 12:00:42,83
Microsoft Windows 2000 [versie 5.00.2195]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\uniq - Deleted
ADS Check:
C:\WINNT\system32
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\WINNT\Temp\OLD45.tmp
C:\WINNT\Temp\OLD47.tmp
C:\WINNT\Temp\OLD41.tmp
C:\WINNT\Temp\OLD42.tmp
C:\WINNT\Temp\OLD31.tmp
C:\WINNT\Temp\OLD32.tmp
C:\WINNT\Temp\OLD35.tmp
C:\WINNT\Temp\OLD36.tmp
C:\WINNT\Temp\OLD20.tmp
C:\WINNT\Temp\OLD15.tmp
C:\WINNT\Temp\OLD16.tmp
C:\WINNT\Temp\OLD21.tmp
C:\WINNT\Temp\OLD97.tmp
C:\WINNT\Temp\OLD98.tmp
C:\WINNT\Temp\OLD92.tmp
C:\WINNT\Temp\OLD93.tmp
C:\WINNT\Temp\OLD10.tmp
C:\WINNT\Temp\OLD11.tmp
C:\WINNT\Temp\OLD5E.tmp
C:\WINNT\Temp\$_2341233.TMP
C:\WINNT\Temp\$_2341235.TMP
C:\Documents and Settings\Administrator.bak\Local Settings\Temp\$b17a2e8.tmp
Add/Remove Programs List:
AVG 7.5
DivX 5.0.2 Pro Bundle
DivX Codec
eCleaner 2.02
HijackThis 1.99.1
Microsoft Internet Explorer 6 SP1
Windows 2000-hotfix (SP4) KB810217
Windows 2000-hotfix (SP4) KB817606
Windows 2000-hotfix (SP4) KB822679
Windows 2000-hotfix - KB823182
Windows 2000-hotfix - KB823559
Windows 2000-hotfix - KB823980
Windows 2000-hotfix - KB824105
Windows 2000-hotfix - KB824141
Windows 2000-hotfix - KB824146
Windows 2000-hotfix - KB825119
Windows 2000-hotfix - KB826232
Windows 2000-hotfix - KB828028
Windows 2000-hotfix - KB828035
Windows 2000-hotfix - KB828741
Windows 2000-hotfix - KB828749
Windows 2000-hotfix - KB835732
Windows 2000-hotfix - KB837001
Windows 2000-hotfix - KB839645
Windows 2000-hotfix - KB840315
Windows 2000-hotfix - KB840987
Windows 2000-hotfix - KB841356
Windows 2000-hotfix - KB841533
Windows 2000-hotfix - KB841872
Windows 2000-hotfix - KB841873
Windows 2000-hotfix - KB842526
Windows 2000-hotfix - KB842773
Microsoft Data Access Components KB870669
Windows 2000-hotfix - KB871250
Windows 2000-hotfix - KB873333
Windows 2000-hotfix - KB873339
Windows 2000-hotfix - KB885250
Windows 2000-hotfix - KB885835
Windows 2000-hotfix - KB885836
Windows 2000-hotfix - KB888113
Windows 2000-hotfix - KB890046
Windows 2000-hotfix - KB890047
Windows 2000-hotfix - KB890175
Windows 2000-hotfix - KB890859
Windows 2000-hotfix - KB891711
Windows 2000-hotfix - KB891781
Windows 2000-hotfix - KB893066
Windows 2000-hotfix - KB893086
Windows 2000-hotfix - KB894320
Windows 2000-hotfix - KB896358
Windows 2000-hotfix - KB896422
Macromedia Shockwave Player
NVIDIA Windows 2000/XP Display Drivers
Windows 2000-hotfix (SP4) Q329553
Windows 2000-hotfix (SP4) Q811493
Windows 2000-hotfix (sp4) Q814033
Windows 2000-hotfix (SP4) Q815021
QuickTime
Shockwave
Macromedia Flash Player 8
SpywareBlaster v3.5.1
Microsoft VGX Q833989
WinZip
Ad-Aware SE Personal
Microsoft Office XP Professional
Java 2 Runtime Environment, SE v1.4.0
Finished
hartelijk dank voor de hulp
Juisterr 27 February 2007, 09:46 Nou Senna zijn je klachten over nu of heb je nog steeds klachten??
senna 27 February 2007, 14:28 @Juisterr
Bedankt voor de hulp.
Geen klachten meer
Juisterr 27 February 2007, 21:35 Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.
- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt
Hier nog wat tips. tips (http://www.jawwi.nl/tips/beveiligen.html)
senna 28 February 2007, 15:42 @JUISTERR
Bedankt voor de tips maar gaat dat wel met Windows 2000
Juisterr 1 March 2007, 12:45 Toen ik w2000 had wel, maar die was een beetje gepimpt dus. Wie weet dat dat bij jou niet zo is.
Probeer anders dit eens.
* Clean de Cache and Cookies in IE:
Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK
* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
Go to Extra > Opties.
Klik Privacy in het menu.
Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten.
* Clean andere Temporary files + Prullenbak
Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
Klik daarna op OK.
succes.
Juisterr
|
|