Pagina 2 van 6 EersteEerste 1234 ... LaatsteLaatste
Weergegeven resultaten: 11 t/m 20 van 55
  1. #11
    Gevorderd  
    Geregistreerd
    23 August 2008
    Berichten
    379
    Bedankjes
    17
    Bedankt
    162 keer in 116 posts
    Hoi,

    We zullen wat zwaardere tools hier moeten inschakelen.

    Download OTMoveIt3 (by OldTimer) naar je Bureaublad.
    • * Dubbelklik op OTMoveIt3.exe om de tool te starten.
      * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst :
      :Processes
      explorer.exe
      :Services
      :Reg
      :Files
      c:\windows\system32\drivers\nfr.dll.gpref
      c:\windows\system32\drivers\nfr.dll.assembly
      c:\windows\nl07.exe
      c:\windows\nlmark2.dat
      c:\windows\f5667t5.dat
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
      * Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster
      * Klik op de rode MoveIt! knop
      * Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,
      (of het logje dat je terugvindt als C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
      * Sluit OTMoveIt3

    Indien een bestand of map niet onmiddellijk kan verplaatst worden,
    kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
    Klik dan op Ja/Yes.

  2. De volgende gebruiker bedankt Black_Bird voor deze nuttige post:

    Buzze (16 February 2009)

  3. #12
    Expert   Buzze's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    Menen
    Berichten
    586
    Bedankjes
    293
    Bedankt
    411 keer in 255 posts
    Dit is het vervolg:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    c:\windows\system32\drivers\nfr.dll.gpref moved successfully.
    c:\windows\system32\drivers\nfr.dll.assembly moved successfully.
    c:\windows\nl07.exe moved successfully.
    c:\windows\nlmark2.dat moved successfully.
    c:\windows\f5667t5.dat moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_5 00.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_e ec.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_e f4.dat scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_250.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\sqlite_hTebpQRIVxfXHpj scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02162009_192425

    Files moved on Reboot...
    File C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_5 00.dat not found!
    File C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_e ec.dat not found!
    File C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_e f4.dat not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_250.dat not found!
    File C:\WINDOWS\temp\sqlite_hTebpQRIVxfXHpj not found!
    Groetjes Buzze

  4. #13
    Gevorderd  
    Geregistreerd
    23 August 2008
    Berichten
    379
    Bedankjes
    17
    Bedankt
    162 keer in 116 posts
    Hoi,

    Is de computer opnieuw opgestart?

    Zonee: Doe dat nu, en maak daarna een nieuwe log met ComboFix, en post die in je volgende bericht.
    Zoja: maak een nieuwe log met ComboFix, en post die in je volgende bericht.

    Succes

  5. De volgende gebruiker bedankt Black_Bird voor deze nuttige post:

    Buzze (16 February 2009)

  6. #14
    Expert   Buzze's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    Menen
    Berichten
    586
    Bedankjes
    293
    Bedankt
    411 keer in 255 posts
    ComboFix 09-02-15.01 - Corny 2009-02-16 19:52:38.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1531 [GMT 1:00]
    Gestart vanuit: E:\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-16 to 2009-02-16 ))))))))))))))))))))))))))))))
    .

    2009-02-15 22:50 . 2009-02-16 19:29 <DIR> dr-h----- c:\documents and settings\Corny\Onlangs geopend
    2009-02-15 20:06 . 2009-02-15 20:06 <DIR> d-------- c:\program files\Trend Micro
    2009-02-15 19:04 . 2009-02-15 19:04 <DIR> d-------- c:\windows\system32\NtmsData
    2009-02-15 17:25 . 2009-02-15 17:25 <DIR> d-------- c:\windows\system32\IOSUBSYS
    2009-02-15 17:25 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
    2009-02-15 17:25 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
    2009-02-12 23:50 . 2009-02-12 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-12 22:47 . 2009-02-12 22:47 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-12 08:07 . 2009-02-15 17:07 16,896 -r-hs---- c:\program files\captcha5.dll
    2009-01-30 18:23 . 2009-01-30 18:23 <DIR> d-------- c:\documents and settings\Corny\Application Data\Ulead Systems

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-02-15 18:22 --------- d-----w c:\documents and settings\Corny\Application Data\LimeWire
    2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2009-02-15 16:25 --------- d-----w c:\program files\Google
    2009-02-15 16:19 --------- d-----w c:\program files\Samsung
    2009-02-15 16:19 --------- d-----w c:\documents and settings\Corny\Application Data\Samsung
    2009-02-15 16:10 --------- d-----w c:\program files\Java
    2009-02-03 17:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-02-03 17:13 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2009-02-03 17:13 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2009-01-24 15:22 --------- d-----w c:\program files\LimeWire
    2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
    2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
    2008-12-31 18:29 --------- d-----w c:\program files\MSECache
    2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
    2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
    2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
    2008-12-19 09:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    2007-06-07 18:17 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-06-07 18:17 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-06-07 18:17 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-16_ 7.19.46,26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-16 06:18:16 337,056 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-16 18:50:21 337,056 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-16 18:50:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-30 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "WLAN"="c:\windows\system32\WLan.exe" [2005-11-25 221184]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "PCMService"="c:\apps\Powercinema\PCMService.e xe" [2006-02-23 147456]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ExtraFilmHemmaAgent"="c:\documents and settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe" [2006-10-03 323584]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-02-03 18:13 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-02-27 34880]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-02-20 29056]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-07 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-07 107272]
    R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [2006-07-26 3968]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]
    S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=6004 --> c:\program files\system\smss.exe [?]
    S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2004-09-10 14336]
    S3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [2005-09-30 5120]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nfrsvc REG_MULTI_SZ NFRAgent
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-12 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-02-16 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = http=localhost:7070
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .

    ************************************************** ************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-16 19:54:38
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCap Svc.exe\"\00\00\00\00\02\00\00\000
    [%\00«Ô‘|\00\00\00\00˜\1d5\03\00\00\00\00h\0e5\03\00\00.\03pè\13\00pè\13\00À\01"

    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(684)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-02-16 19:55:45
    ComboFix-quarantined-files.txt 2009-02-16 18:55:43
    ComboFix2.txt 2009-02-16 17:52:06
    ComboFix3.txt 2009-02-16 17:34:06
    ComboFix4.txt 2009-02-16 16:48:07
    ComboFix5.txt 2009-02-16 18:52:23

    Pre-Run: 87.021.568.000 bytes beschikbaar
    Post-Run: 87,005,814,784 bytes beschikbaar

    152 --- E O F --- 2009-02-12 21:47:00
    Groetjes Buzze

  7. #15
    Gevorderd  
    Geregistreerd
    23 August 2008
    Berichten
    379
    Bedankjes
    17
    Bedankt
    162 keer in 116 posts
    Hoi,

    Start OTMoveIt 3.
    • * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst :
      :Processes
      explorer.exe
      :Services
      :Reg
      :Files
      c:\program files\captcha5.dll
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
      * Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster
      * Klik op de rode MoveIt! knop
      * Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,
      (of het logje dat je terugvindt als C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
      * Sluit OTMoveIt3

    Indien een bestand of map niet onmiddellijk kan verplaatst worden,
    kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
    Klik dan op Ja/Yes.
    Laatst gewijzigd door Black_Bird; 17 February 2009 om 16:00

  8. #16
    Expert   Buzze's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    Menen
    Berichten
    586
    Bedankjes
    293
    Bedankt
    411 keer in 255 posts
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    DllUnregisterServer procedure not found in c:\program files\captcha5.dll
    c:\program files\captcha5.dll NOT unregistered.
    c:\program files\captcha5.dll moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_9 3c.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_f 3c.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Corny\LOCALS~1\Temp\Perflib_Perfdata_f 4c.dat scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6e8.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\sqlite_DGdemOqA6VQQaks scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02172009_172956
    Groetjes Buzze

  9. #17
    Gevorderd  
    Geregistreerd
    23 August 2008
    Berichten
    379
    Bedankjes
    17
    Bedankt
    162 keer in 116 posts
    Hoi,

    Maak even een nieuwe log met Hijackthis, en post die log in je volgende antwoord.
    Vertel ook hoe het met je problemen staat.

  10. #18
    Expert   Buzze's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    Menen
    Berichten
    586
    Bedankjes
    293
    Bedankt
    411 keer in 255 posts
    Hey Black Bird,
    het probleem is dat ik nog altijd niet op internet kan!
    Moet wel zeggen dat het een stuk sneller gaat,gisteren heb ik nog een scan uitgevoerd met avg en die vondt maar liefst 9 virussen(8 trojans en 1 worm)
    Maar die zouden moeten verwijdert zijn!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:27:32, on 17/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLan.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\APPS\Powercinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Documents and Settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7070
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [OTMoveIt] E:\OTMoveIt3.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl_ver.htm
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

    --
    End of file - 8979 bytes
    Groetjes Buzze

  11. #19
    Gevorderd  
    Geregistreerd
    23 August 2008
    Berichten
    379
    Bedankjes
    17
    Bedankt
    162 keer in 116 posts
    Hoi,

    Kun je de resultaten van AVG posten? Zoja, graag.

    Doe ook even een nieuwe scan met ComboFix, en post die in je volgende bericht.

  12. #20
    Expert   Buzze's schermafbeelding
    Geregistreerd
    11 May 2005
    Locatie
    Menen
    Berichten
    586
    Bedankjes
    293
    Bedankt
    411 keer in 255 posts
    De resultaten van AVG kan ik niet terug vinden (waarschijnlijk log niet opgeslagen).
    Volgende log is van Combofix:

    ComboFix 09-02-15.01 - Corny 2009-02-17 18:45:49.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2046.1564 [GMT 1:00]
    Gestart vanuit: E:\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-17 to 2009-02-17 ))))))))))))))))))))))))))))))
    .

    2009-02-16 21:51 . 2009-02-17 18:27 <DIR> dr-h----- c:\documents and settings\Corny\Onlangs geopend
    2009-02-15 20:06 . 2009-02-15 20:06 <DIR> d-------- c:\program files\Trend Micro
    2009-02-15 19:04 . 2009-02-15 19:04 <DIR> d-------- c:\windows\system32\NtmsData
    2009-02-15 17:25 . 2009-02-15 17:25 <DIR> d-------- c:\windows\system32\IOSUBSYS
    2009-02-15 17:25 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
    2009-02-15 17:25 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
    2009-02-12 23:50 . 2009-02-12 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-02-12 22:47 . 2009-02-12 22:47 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-30 18:23 . 2009-01-30 18:23 <DIR> d-------- c:\documents and settings\Corny\Application Data\Ulead Systems

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-02-16 19:41 --------- d-----w c:\documents and settings\Corny\Application Data\LimeWire
    2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2009-02-15 16:25 --------- d-----w c:\program files\Google
    2009-02-15 16:19 --------- d-----w c:\program files\Samsung
    2009-02-15 16:19 --------- d-----w c:\documents and settings\Corny\Application Data\Samsung
    2009-02-15 16:10 --------- d-----w c:\program files\Java
    2009-02-03 17:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-02-03 17:13 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2009-02-03 17:13 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2009-01-24 15:22 --------- d-----w c:\program files\LimeWire
    2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
    2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
    2008-12-31 18:29 --------- d-----w c:\program files\MSECache
    2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
    2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
    2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
    2008-12-19 09:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    2007-06-07 18:17 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-06-07 18:17 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-06-07 18:17 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-16_ 7.19.46,26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-16 06:18:16 337,056 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-17 06:08:18 294,072 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-17 17:30:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-30 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "WLAN"="c:\windows\system32\WLan.exe" [2005-11-25 221184]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "PCMService"="c:\apps\Powercinema\PCMService.e xe" [2006-02-23 147456]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ExtraFilmHemmaAgent"="c:\documents and settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe" [2006-10-03 323584]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-02-03 18:13 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-02-27 34880]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-02-20 29056]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-07 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-07 107272]
    R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [2006-07-26 3968]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]
    S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=6004 --> c:\program files\system\smss.exe [?]
    S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2004-09-10 14336]
    S3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [2005-09-30 5120]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nfrsvc REG_MULTI_SZ NFRAgent
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-12 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-02-17 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = http=localhost:7070
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .

    ************************************************** ************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-17 18:47:57
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCap Svc.exe\"\00\00\00\00\02\00\00\000
    [%\00«Ô‘|\00\00\00\00˜\1d5\03\00\00\00\00h\0e5\03\00\00.\03pè\13\00pè\13\00À\01"

    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(700)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-02-17 18:49:03
    ComboFix-quarantined-files.txt 2009-02-17 17:49:01
    ComboFix2.txt 2009-02-16 17:52:06
    ComboFix3.txt 2009-02-16 17:34:06
    ComboFix4.txt 2009-02-16 16:48:07
    ComboFix5.txt 2009-02-16 18:52:23

    Pre-Run: 87.171.829.760 bytes beschikbaar
    Post-Run: 87,156,465,664 bytes beschikbaar

    151 --- E O F --- 2009-02-12 21:47:00
    Groetjes Buzze

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Kan er iemand dit logje nakijken aub
    Door pantani in forum HijackThis
    Reacties: 19
    Laatste bericht: 24 July 2008, 20:32
  2. Kan er iemand dit logje nazien aub?
    Door Buzze in forum HijackThis
    Reacties: 7
    Laatste bericht: 18 June 2008, 23:05
  3. Kan iemand dit logje nakijken
    Door sissen in forum HijackThis
    Reacties: 18
    Laatste bericht: 8 July 2007, 01:45
  4. logje kan me iemand helpen aub
    Door stefun72 in forum HijackThis
    Reacties: 12
    Laatste bericht: 30 August 2005, 00:19

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •