Mededeling

Collapse
No announcement yet.

veel pop-ups en zeer traag

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • veel pop-ups en zeer traag

    hallo,

    sinds gisteren krijg ik veel pop-ups en is mijn computer opeens veel trager geworden.
    ik heb al ad-aware laten draaien maar het mocht niet baten. ook worden er steeds threads gevonden door mijn virusscanner avg.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:29:52, on 27-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Ryangelo\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe
    C:\DOCUME~1\Ryangelo\LOCALS~1\Temp\Rar$EX02.188\HijackThis.exe
    E:\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NBKeyScan] "C:\downloaded software\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\Nero 8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

    --
    End of file - 6727 bytes

  • #2
    Hi Ryangelo,

    Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix en sla het op je bureaublad op.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download ComboFix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
    Plaats deze log in je volgende post, samen met een vers HijackThis logje.

    - Daniël

    Comment


    • #3
      ComboFix 08-02-25.3 - Ryangelo 2008-02-28 13:57:02.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.547 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Ryangelo\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\accdd.ini
      C:\WINDOWS\system32\accdd.ini2
      C:\WINDOWS\system32\cbxxwwx.dll
      C:\WINDOWS\system32\ddcca.dll
      C:\WINDOWS\system32\khfgdby.dll
      C:\WINDOWS\system32\opnmjih.dll
      C:\WINDOWS\system32\qomllkj.dll
      C:\WINDOWS\system32\ssqpqom.dll
      C:\WINDOWS\system32\wycdd.ini
      C:\WINDOWS\system32\wycdd.ini2
      C:\WINDOWS\system32\yayxxwt.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))
      .

      2008-02-27 15:09 . 2008-02-27 15:09 <DIR> d-------- C:\Program Files\Lavasoft
      2008-02-27 14:52 . 2008-02-27 15:00 <DIR> d-------- C:\Program Files\winvi
      2008-02-26 23:46 . 2008-02-27 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-26 11:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
      2008-02-26 11:03 . 2008-02-26 11:03 395 --a------ C:\WINDOWS\ODBC.INI
      2008-02-26 10:51 . 2008-02-26 10:52 <DIR> d-------- C:\WINDOWS\SHELLNEW
      2008-02-26 10:51 . 2008-02-26 10:51 <DIR> d-------- C:\Program Files\Microsoft.NET
      2008-02-20 20:24 . 2008-02-27 00:00 636 --a------ C:\WINDOWS\system32\tversity.cookies
      2008-02-20 09:28 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
      2008-02-20 09:28 . 2007-06-03 14:31 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
      2008-02-20 09:28 . 2007-06-03 14:31 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
      2008-02-20 09:28 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
      2008-02-20 09:26 . 2008-02-20 09:28 <DIR> d-------- C:\Program Files\TVersity Codec Pack
      2008-02-17 00:18 . 2008-02-17 00:18 <DIR> d--h----- C:\WINDOWS\PIF
      2008-02-14 15:42 . 2008-02-14 15:42 <DIR> d-------- C:\Program Files\Belastingdienst
      2008-02-13 00:19 . 2008-02-13 00:19 <DIR> d-------- C:\Documents and Settings\Ryangelo\Application Data\Nokia Multimedia Player
      2008-02-01 16:10 . 2008-02-01 16:11 <DIR> d-------- C:\Documents and Settings\Ryangelo\Phone Browser
      2008-02-01 16:10 . 2008-02-01 16:10 <DIR> d-------- C:\Documents and Settings\Ryangelo\Application Data\Datalayer
      2008-02-01 14:11 . 2008-02-02 14:08 <DIR> d-------- C:\Documents and Settings\Ryangelo\Application Data\Nokia
      2008-02-01 14:11 . 2008-02-01 14:11 <DIR> d-------- C:\Documents and Settings\Ryangelo\Application Data\InstallShield
      2008-02-01 14:07 . 2008-02-01 14:07 <DIR> d-------- C:\Program Files\DIFX
      2008-02-01 14:06 . 2008-02-01 14:06 <DIR> d-------- C:\Program Files\Common Files\PCSuite
      2008-02-01 14:06 . 2008-02-01 14:06 <DIR> d-------- C:\Program Files\Common Files\Nokia
      2008-02-01 14:06 . 2008-02-01 14:07 <DIR> d-------- C:\Documents and Settings\Ryangelo\Application Data\PC Suite
      2008-02-01 14:06 . 2008-02-01 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
      2008-02-01 14:06 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
      2008-02-01 14:06 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
      2008-02-01 14:06 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
      2008-02-01 14:06 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
      2008-02-01 14:06 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
      2008-02-01 14:06 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
      2008-02-01 14:05 . 2008-02-01 14:06 <DIR> d-------- C:\Program Files\Nokia
      2008-02-01 14:05 . 2008-02-01 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
      2008-02-01 14:05 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-28 08:07 --------- d-----w C:\Documents and Settings\Ryangelo\Application Data\AVG7
      2008-02-27 12:06 --------- d-----w C:\Documents and Settings\Ryangelo\Application Data\uTorrent
      2008-02-26 09:24 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-26 09:18 --------- d-----w C:\Program Files\PowerISO
      2008-02-23 07:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-02-20 08:28 --------- d-----w C:\Program Files\ffdshow
      2008-01-25 11:16 --------- d-----w C:\Documents and Settings\Ryangelo\Application Data\Hewlett-Packard
      2008-01-25 11:09 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-01-25 11:08 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
      2008-01-25 10:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
      2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
      2008-01-17 14:12 --------- d-----w C:\Documents and Settings\Ryangelo\Application Data\Ahead
      2008-01-15 20:28 --------- d-----w C:\Program Files\Windows Desktop Search
      2008-01-15 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
      2008-01-15 15:46 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-01-15 15:42 --------- d-----w C:\Program Files\Nero
      2008-01-15 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-01-15 12:59 --------- d-----w C:\Program Files\Windows Live
      2008-01-15 07:59 --------- d-----w C:\Program Files\MSXML 4.0
      2008-01-15 05:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-14 11:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2008-01-14 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-01-14 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-01-13 20:33 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-01-13 19:29 --------- d-----w C:\Program Files\TVersity
      2008-01-13 18:25 --------- d-----w C:\Program Files\uTorrent
      2008-01-13 18:14 --------- d-----w C:\Program Files\Eset
      2008-01-13 17:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-01-13 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-13 16:22 --------- d-----w C:\Program Files\Canon
      2008-01-13 16:17 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-01-13 16:14 --------- d-----w C:\Program Files\Netropa
      2008-01-13 15:55 --------- d-----w C:\Program Files\microsoft frontpage
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04D57857-4402-4445-A5EC-8640D49C6A6E}]
      C:\WINDOWS\system32\ddcyw.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
      "WinUpdater"="C:\Program Files\winvi\update.exe" [ ]
      "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2001-03-01 23:07 143360]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-13 18:12 579072]
      "NBKeyScan"="C:\downloaded software\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\Nero 8\Nero BackItUp\NBKeyScan.exe" [ ]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
      "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
      "Cmaudio"="cmicnfg.cpl"
      "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 18:12 219136]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
      "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
      "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 15:18]
      R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 16:18]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-26 11:16:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1201259601.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-28 14:04:29
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\TVersity\Media Server\MediaServer.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
      C:\Program Files\Netropa\Onscreen Display\OSD.exe
      C:\Program Files\Netropa\InetKb\Inetkb.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-28 14:06:30 - machine was rebooted [Ryangelo]
      ComboFix-quarantined-files.txt 2008-02-28 13:06:20
      .
      2008-02-27 14:11:05 --- E O F ---

      HIJACK LOG

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:09:11, on 28-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TVersity\Media Server\MediaServer.exe
      C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\PowerISO\PWRISOVM.EXE
      C:\WINDOWS\system32\RunDll32.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
      C:\Program Files\Netropa\Onscreen Display\OSD.exe
      C:\Program Files\Netropa\InetKb\Inetkb.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      E:\HiJackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fetchtoday.com/start.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {04D57857-4402-4445-A5EC-8640D49C6A6E} - C:\WINDOWS\system32\ddcyw.dll (file missing)
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [NBKeyScan] "C:\downloaded software\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\Nero 8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
      O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
      O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

      --
      End of file - 7306 bytes

      Comment


      • #4
        Hi Ryangelo,

        Start HijackThis en kies voor 'Do a system scan only'.
        Als de scan compleet is vink dan alleen de onderstaande regel in HijackThis aan:

        O2 - BHO: (no name) - {04D57857-4402-4445-A5EC-8640D49C6A6E} - C:\WINDOWS\system32\ddcyw.dll (file missing)


        Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
        Indien er een vraag komt over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

        Hoe staat het daarna met je problemen?

        - Daniël

        Comment


        • #5
          ik heb net de aanwijzingen uitgevoerd en zoals het nu lijkt is het probleem verholpen.
          mocht er verandering in komen laat ik het wel weten

          echt bedankt,

          Comment


          • #6
            Graag gedaan

            Verwijder ComboFix nog even, doe dit zo:
            Ga naar Start - Uitvoeren, Typ in: ComboFix /U en druk op OK.

            - Daniël

            Comment


            • #7
              Als Ik Combofix Probeer Te Verwijderen Geeft Hij Aan Dat Hij Combofix Niet Kan Vinden.

              Comment


              • #8
                Had je toevallig ComboFix al van je bureaublad verwijderd? Zoja, download het even terug, en herhaal daarna de verwijder stappen

                Comment


                • #9
                  sorry maar ik blijf steeds dezelfde melding krijgen, hij kan het niet vinden dus ik kan op die manier niet verwijderen.

                  Comment


                  • #10
                    Hmm.. verwijder dan maar gewoon ComboFix van je bureaublad en laat het voor wat het is

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X