Kan er a.u.b. iemand dit logje analyseren

**Buzze** · 15 February 2009, 21:13

Met de laptop raak ik niet meer op internet!
Dit is mijn logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:59, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\system\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe
C:\windows\nl07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7070
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [Captcha5] rundll "C:\Program Files\captcha5.dll",captcha
O4 - HKLM\..\Run: [sysnltray2] C:\windows\nl07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl_ver.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 9844 bytes

**Black_Bird** · 15 February 2009, 22:02

Hoi,

1. Start HijackThis opnieuw en kies voor Do a system scan only.
Vink de volgende regels, indien aanwezig, aan:

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Captcha5] rundll "C:\Program Files\captcha5.dll",captcha
O4 - HKLM\..\Run: [sysnltray2] C:\windows\nl07.exe

Sluit nu eerst alle vensters!
Klik hierna onderin op Fix Checked.
Sluit HijackThis hierna af.

2. Download Combofix naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, tesamen met een nieuwe HijackThislog.

**Buzze** · 15 February 2009, 22:35

Hey Blackbird,
bedankt voor de snelle reactie,
dit zijn de twee logjes:

ComboFix 09-02-14.01 - Corny 2009-02-15 21:23:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2046.1410 [GMT 1:00]
Gestart vanuit: E:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\system\smss.exe
c:\program files\system\smss.exe.assembly
c:\windows\system32\drivers\nfr.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NFR.SYS
-------\Service_nfr.sys

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))
.
2009-02-15 20:06 . 2009-02-15 20:06 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 19:04 . 2009-02-15 19:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-15 17:50 . 2009-02-15 20:07 <DIR> dr-h----- c:\documents and settings\Corny\Onlangs geopend
2009-02-15 17:25 . 2009-02-15 17:25 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-15 17:25 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 17:25 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-12 23:54 . 2009-02-12 23:54 0 --a------ c:\windows\system32\drivers\nfr.dll.gpref
2009-02-12 23:50 . 2009-02-12 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-12 22:47 . 2009-02-12 22:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-12 22:38 . 2009-02-15 19:59 <DIR> d-------- c:\windows\system32\485594
2009-02-12 22:38 . 2009-02-12 22:38 10,244 --a------ c:\windows\system32\drivers\nfr.dll
2009-02-12 22:38 . 2009-02-12 22:38 0 --a------ c:\windows\system32\drivers\nfr.dll.assembly
2009-02-12 08:07 . 2009-02-15 21:23 <DIR> d-------- c:\program files\system
2009-02-12 08:07 . 2009-02-12 08:07 22,528 ---h----- c:\windows\nl07.exe
2009-02-12 08:07 . 2009-02-15 17:07 16,896 -r-hs---- c:\program files\captcha5.dll
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\nlmark2.dat
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\f5667t5.dat
2009-01-30 18:23 . 2009-01-30 18:23 <DIR> d-------- c:\documents and settings\Corny\Application Data\Ulead Systems
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-15 18:22 --------- d-----w c:\documents and settings\Corny\Application Data\LimeWire
2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-15 16:25 --------- d-----w c:\program files\Google
2009-02-15 16:19 --------- d-----w c:\program files\Samsung
2009-02-15 16:19 --------- d-----w c:\documents and settings\Corny\Application Data\Samsung
2009-02-15 16:10 --------- d-----w c:\program files\Java
2009-02-03 17:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-03 17:13 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-24 15:22 --------- d-----w c:\program files\LimeWire
2008-12-31 18:29 --------- d-----w c:\program files\MSECache
2007-06-07 18:17 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-06-07 18:17 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-07 18:17 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"WLAN"="c:\windows\system32\WLan.exe" [2005-11-25 221184]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.e xe" [2006-02-23 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ExtraFilmHemmaAgent"="c:\documents and settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe" [2006-10-03 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 18:13 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-02-20 29056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-07 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-07 107272]
R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [2006-07-26 3968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]
R2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2004-09-10 14336]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [2005-09-30 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [2005-09-30 21504]
S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=6004 --> c:\program files\system\smss.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
.
Inhoud van de 'Gedeelde Taken' map
2009-02-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-NWEReboot - (no file)

.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:7070
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 21:27:13
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCap Svc.exe\"\00\00\00\00\02\00\00\000
[%\00«Ô‘|\00\00\00\00˜\1d5\03\00\00\00\00h\0e5\03\00\00.\03pè\13\00pè\13\00À\01"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\Crypserv.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\o2flash.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-15 21:30:21 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-15 20:30:17
Pre-Run: 86.146.588.672 bytes beschikbaar
Post-Run: 86,208,643,072 bytes beschikbaar
175 --- E O F --- 2009-02-12 21:47:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:36, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\o2flash.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7070
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Documents and Settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl_ver.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 9007 bytes

**Buzze** · 16 February 2009, 08:30

Deze morgen de laptop opgestart en internetten lukt niet!
Hoewel het na de combofix terug werkte!

**Black_Bird** · 16 February 2009, 16:08

Hoi,

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

File::
c:\windows\system32\drivers\nfr.dll.gpref
c:\windows\nl07.exe
c:\program files\captcha5.dll
c:\windows\nlmark2.dat
c:\windows\f5667t5.dat
Folder::
c:\windows\system32\485594
c:\program files\system

Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**Buzze** · 16 February 2009, 18:50

Dit is het logje:
ComboFix 09-02-14.01 - Corny 2009-02-16 17:44:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2046.1538 [GMT 1:00]
Gestart vanuit: E:\ComboFix.exe
gebruikte Opdracht switches :: E:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\system
c:\program files\system\smss.exe.gpref
c:\windows\system32\485594
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-16 to 2009-02-16 ))))))))))))))))))))))))))))))
.
2009-02-15 22:50 . 2009-02-15 22:50 <DIR> dr-h----- c:\documents and settings\Corny\Onlangs geopend
2009-02-15 20:06 . 2009-02-15 20:06 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 19:04 . 2009-02-15 19:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-15 17:25 . 2009-02-15 17:25 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-15 17:25 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 17:25 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-12 23:54 . 2009-02-12 23:54 0 --a------ c:\windows\system32\drivers\nfr.dll.gpref
2009-02-12 23:50 . 2009-02-12 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-12 22:47 . 2009-02-12 22:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-12 22:38 . 2009-02-12 22:38 0 --a------ c:\windows\system32\drivers\nfr.dll.assembly
2009-02-12 08:07 . 2009-02-12 08:07 22,528 ---h----- c:\windows\nl07.exe
2009-02-12 08:07 . 2009-02-15 17:07 16,896 -r-hs---- c:\program files\captcha5.dll
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\nlmark2.dat
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\f5667t5.dat
2009-01-30 18:23 . 2009-01-30 18:23 <DIR> d-------- c:\documents and settings\Corny\Application Data\Ulead Systems
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-15 18:22 --------- d-----w c:\documents and settings\Corny\Application Data\LimeWire
2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-15 16:25 --------- d-----w c:\program files\Google
2009-02-15 16:19 --------- d-----w c:\program files\Samsung
2009-02-15 16:19 --------- d-----w c:\documents and settings\Corny\Application Data\Samsung
2009-02-15 16:10 --------- d-----w c:\program files\Java
2009-02-03 17:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-03 17:13 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-03 17:13 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-24 15:22 --------- d-----w c:\program files\LimeWire
2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-31 18:29 --------- d-----w c:\program files\MSECache
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-19 09:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2007-06-07 18:17 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-06-07 18:17 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-07 18:17 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-16_ 7.19.46,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-16 16:27:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"WLAN"="c:\windows\system32\WLan.exe" [2005-11-25 221184]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.e xe" [2006-02-23 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ExtraFilmHemmaAgent"="c:\documents and settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe" [2006-10-03 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 18:13 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-02-20 29056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-07 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-07 107272]
R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [2006-07-26 3968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [2005-09-30 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [2005-09-30 21504]
S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=6004 --> c:\program files\system\smss.exe [?]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2004-09-10 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
.
Inhoud van de 'Gedeelde Taken' map
2009-02-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:7070
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 17:47:02
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCap Svc.exe\"\00\00\00\00\02\00\00\000
[%\00«Ô‘|\00\00\00\00˜\1d5\03\00\00\00\00h\0e5\03\00\00.\03pè\13\00pè\13\00À\01"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-02-16 17:48:06
ComboFix-quarantined-files.txt 2009-02-16 16:48:03
ComboFix2.txt 2009-02-16 06:20:29
Pre-Run: 87.078.526.976 bytes beschikbaar
Post-Run: 87,063,183,360 bytes beschikbaar
161 --- E O F --- 2009-02-12 21:47:00

**Black_Bird** · 16 February 2009, 19:21

Hoi,

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

File::
c:\windows\system32\drivers\nfr.dll.gpref
c:\windows\system32\drivers\nfr.dll.assembly
c:\windows\nl07.exe
c:\windows\nlmark2.dat
c:\windows\f5667t5.dat
c:\windows\system32\drivers\kbd.sys
Driver::
kbd

Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**Buzze** · 16 February 2009, 19:36

Hier volgt mijn logje:
ComboFix 09-02-15.01 - Corny 2009-02-16 18:27:31.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2046.1539 [GMT 1:00]
Gestart vanuit: E:\ComboFix.exe
gebruikte Opdracht switches :: E:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbd

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-16 to 2009-02-16 ))))))))))))))))))))))))))))))
.
2009-02-15 22:50 . 2009-02-16 17:48 <DIR> dr-h----- c:\documents and settings\Corny\Onlangs geopend
2009-02-15 20:06 . 2009-02-15 20:06 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 19:04 . 2009-02-15 19:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-15 17:25 . 2009-02-15 17:25 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-15 17:25 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 17:25 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-12 23:54 . 2009-02-12 23:54 0 --a------ c:\windows\system32\drivers\nfr.dll.gpref
2009-02-12 23:50 . 2009-02-12 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-12 22:47 . 2009-02-12 22:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-12 22:38 . 2009-02-12 22:38 0 --a------ c:\windows\system32\drivers\nfr.dll.assembly
2009-02-12 08:07 . 2009-02-12 08:07 22,528 ---h----- c:\windows\nl07.exe
2009-02-12 08:07 . 2009-02-15 17:07 16,896 -r-hs---- c:\program files\captcha5.dll
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\nlmark2.dat
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\f5667t5.dat
2009-01-30 18:23 . 2009-01-30 18:23 <DIR> d-------- c:\documents and settings\Corny\Application Data\Ulead Systems
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-15 18:22 --------- d-----w c:\documents and settings\Corny\Application Data\LimeWire
2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-15 16:25 --------- d-----w c:\program files\Google
2009-02-15 16:19 --------- d-----w c:\program files\Samsung
2009-02-15 16:19 --------- d-----w c:\documents and settings\Corny\Application Data\Samsung
2009-02-15 16:10 --------- d-----w c:\program files\Java
2009-02-03 17:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-03 17:13 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-24 15:22 --------- d-----w c:\program files\LimeWire
2008-12-31 18:29 --------- d-----w c:\program files\MSECache
2007-06-07 18:17 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-06-07 18:17 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-07 18:17 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-16_ 7.19.46,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-16 17:31:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"WLAN"="c:\windows\system32\WLan.exe" [2005-11-25 221184]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.e xe" [2006-02-23 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ExtraFilmHemmaAgent"="c:\documents and settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe" [2006-10-03 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 18:13 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-02-20 29056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-07 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-07 107272]
R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [2006-07-26 3968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]
S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=6004 --> c:\program files\system\smss.exe [?]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2004-09-10 14336]
S3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [2005-09-30 5120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
.
Inhoud van de 'Gedeelde Taken' map
2009-02-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:7070
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 18:31:35
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCap Svc.exe\"\00\00\00\00\02\00\00\000
[%\00«Ô‘|\00\00\00\00˜\1d5\03\00\00\00\00h\0e5\03\00\00.\03pè\13\00pè\13\00À\01"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\Crypserv.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServ er.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\o2flash.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-16 18:34:04 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-16 17:34:01
ComboFix2.txt 2009-02-16 16:48:07
ComboFix3.txt 2009-02-16 06:20:29
Pre-Run: 87.048.683.520 bytes beschikbaar
Post-Run: 87,035,412,480 bytes beschikbaar
170 --- E O F --- 2009-02-12 21:47:00

**Black_Bird** · 16 February 2009, 19:41

Voer CFScript nog eens uit, en post de nieuwe log

**Buzze** · 16 February 2009, 19:57

Dit is het logje:

ComboFix 09-02-15.01 - Corny 2009-02-16 18:49:35.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2046.1523 [GMT 1:00]
Gestart vanuit: E:\ComboFix.exe
gebruikte Opdracht switches :: E:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-16 to 2009-02-16 ))))))))))))))))))))))))))))))
.
2009-02-15 22:50 . 2009-02-16 18:34 <DIR> dr-h----- c:\documents and settings\Corny\Onlangs geopend
2009-02-15 20:06 . 2009-02-15 20:06 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 19:04 . 2009-02-15 19:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-15 17:25 . 2009-02-15 17:25 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-15 17:25 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 17:25 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-12 23:54 . 2009-02-12 23:54 0 --a------ c:\windows\system32\drivers\nfr.dll.gpref
2009-02-12 23:50 . 2009-02-12 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-12 22:47 . 2009-02-12 22:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-12 22:38 . 2009-02-12 22:38 0 --a------ c:\windows\system32\drivers\nfr.dll.assembly
2009-02-12 08:07 . 2009-02-12 08:07 22,528 ---h----- c:\windows\nl07.exe
2009-02-12 08:07 . 2009-02-15 17:07 16,896 -r-hs---- c:\program files\captcha5.dll
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\nlmark2.dat
2009-02-12 08:07 . 2009-02-12 08:07 1 ---h----- c:\windows\f5667t5.dat
2009-01-30 18:23 . 2009-01-30 18:23 <DIR> d-------- c:\documents and settings\Corny\Application Data\Ulead Systems
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-15 18:22 --------- d-----w c:\documents and settings\Corny\Application Data\LimeWire
2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-15 16:25 --------- d-----w c:\program files\Google
2009-02-15 16:19 --------- d-----w c:\program files\Samsung
2009-02-15 16:19 --------- d-----w c:\documents and settings\Corny\Application Data\Samsung
2009-02-15 16:10 --------- d-----w c:\program files\Java
2009-02-03 17:13 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-03 17:13 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-03 17:13 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-24 15:22 --------- d-----w c:\program files\LimeWire
2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-31 18:29 --------- d-----w c:\program files\MSECache
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-19 09:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2007-06-07 18:17 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-06-07 18:17 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-07 18:17 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-16_ 7.19.46,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-16 17:31:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"WLAN"="c:\windows\system32\WLan.exe" [2005-11-25 221184]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.e xe" [2006-02-23 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ExtraFilmHemmaAgent"="c:\documents and settings\Corny\Mijn documenten\Spector Photo Software\Agent.exe" [2006-10-03 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-15 1601304]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 18:13 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-02-20 29056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-07 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-07 107272]
R1 kioport;kioport Library Driver;c:\windows\system32\drivers\kioport.sys [2006-07-26 3968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-15 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-15 298264]
S2 NFAgent;NFAgent;c:\program files\system\smss.exe /pid=6004 --> c:\program files\system\smss.exe [?]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2004-09-10 14336]
S3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [2005-09-30 5120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
.
Inhoud van de 'Gedeelde Taken' map
2009-02-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:7070
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 18:51:00
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCap Svc.exe\"\00\00\00\00\02\00\00\000
[%\00«Ô‘|\00\00\00\00˜\1d5\03\00\00\00\00h\0e5\03\00\00.\03pè\13\00pè\13\00À\01"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-02-16 18:52:04
ComboFix-quarantined-files.txt 2009-02-16 17:52:02
ComboFix2.txt 2009-02-16 17:34:06
ComboFix3.txt 2009-02-16 16:48:07
ComboFix4.txt 2009-02-16 06:20:29
Pre-Run: 87.025.545.216 bytes beschikbaar
Post-Run: 87,010,271,232 bytes beschikbaar
156 --- E O F --- 2009-02-12 21:47:00

Discussie: Kan er a.u.b. iemand dit logje analyseren

Discussietools

Discussie doorzoeken

Weergave

Kan er a.u.b. iemand dit logje analyseren

De volgende gebruiker bedankt Black_Bird voor deze nuttige post:

De volgende gebruiker bedankt Black_Bird voor deze nuttige post:

De volgende gebruiker bedankt Black_Bird voor deze nuttige post:

De volgende gebruiker bedankt Black_Bird voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

Kan er iemand dit logje nakijken aub

Kan er iemand dit logje nazien aub?

Kan iemand dit logje nakijken

logje kan me iemand helpen aub

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten