Ga naar inhoud

Windows doet apart.


Gast lemby

Aanbevolen berichten

ok hier is die

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:46, on 8-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Rose Online\Mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6717DA9C-4C48-4D2E-8822-B3CC9094023E} (XionesWebStarter Control) - http://www.xiones.com/gameexec/XionesWebStarter.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Digital Identity Service (InfoCard Service) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\Rose.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8117 bytes

Link naar reactie
Delen op andere sites

  • Reacties 51
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met een nieuw log van HiJackThis.

Link naar reactie
Delen op andere sites

oke

Combofix log:

ComboFix 09-03-06.02 - marco visser 09-03-2009 12:11:01.3 - NTFSx86
Gestart vanuit: d:\documenten en settings\marco visser\Bureaublad\ComboFix.exe
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system\

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-02-09 to 2009-03-09  ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 19:29    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\Xfire
2009-03-08 17:00    ---------    d-----w    c:\program files\Norton Security Scan
2009-03-08 12:37    ---------    d-----w    c:\program files\Warcraft III
2009-03-07 16:32    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\LimeWire
2009-03-07 16:31    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\BitTorrent
2009-03-07 16:31    ---------    d-----w    c:\program files\BitTorrent
2009-03-06 11:24    ---------    d-----w    c:\program files\Xfire
2009-03-03 18:57    ---------    d-----w    c:\program files\Free Download Manager
2009-03-03 18:04    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\DNA
2009-03-03 18:03    ---------    d-----w    c:\program files\Neffy
2009-03-03 17:50    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\Free Download Manager
2009-02-26 22:43    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\Echo Software
2009-02-26 22:42    ---------    d-----w    c:\program files\Programmer's Notepad
2009-02-26 18:46    42,320    ----a-w    c:\windows\system32\xfcodec.dll
2009-02-22 00:53    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\PowerSHAPE
2009-02-22 00:48    ---------    d-----w    c:\program files\Common Files\Delcam
2009-02-22 00:47    ---------    d-----w    c:\program files\Delcam
2009-02-22 00:24    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\TeamViewer
2009-02-22 00:05    ---------    d-----w    c:\program files\TeamViewer
2009-02-13 17:01    ---------    d-----w    c:\program files\Cheat Engine
2009-02-12 13:30    ---------    d-----w    d:\documenten en settings\All Users\Application Data\avg8
2009-02-12 13:29    325,128    ----a-w    c:\windows\system32\drivers\avgldx86.sys
2009-02-12 13:29    107,272    ----a-w    c:\windows\system32\drivers\avgtdix.sys
2009-02-12 13:29    10,520    ----a-w    c:\windows\system32\avgrsstx.dll
2009-02-04 21:47    ---------    d-----w    d:\documenten en settings\All Users\Application Data\F6D
2009-02-04 21:46    ---------    d-----w    d:\documenten en settings\All Users\Application Data\160
2009-02-03 18:30    34    ----a-w    d:\documenten en settings\marco visser\jagex_runescape_preferences.dat
2009-01-28 21:01    ---------    d-----w    d:\documenten en settings\All Users\Application Data\D290
2009-01-28 20:46    ---------    d-----w    d:\documenten en settings\All Users\Application Data\1A186
2009-01-22 21:52    ---------    d-----w    c:\program files\Sun
2009-01-22 21:50    ---------    d-----w    c:\program files\Java
2009-01-21 18:35    ---------    d-----w    d:\documenten en settings\All Users\Application Data\298C
2009-01-21 18:23    ---------    d-----w    d:\documenten en settings\All Users\Application Data\142DE
2009-01-21 18:21    ---------    d-----w    d:\documenten en settings\All Users\Application Data\3A2DE
2009-01-20 22:21    ---------    d-----w    c:\program files\Common Files\Common Share
2009-01-20 15:40    ---------    d-----w    c:\program files\Microsoft.NET
2009-01-18 21:24    ---------    d-----w    d:\documenten en settings\All Users\Application Data\36AB
2009-01-18 13:38    ---------    d-----w    d:\documenten en settings\All Users\Application Data\11FA
2009-01-18 10:51    ---------    d-----w    d:\documenten en settings\All Users\Application Data\331F4
2009-01-17 16:08    ---------    d-----w    d:\documenten en settings\All Users\Application Data\151C5
2009-01-17 15:53    ---------    d-----w    c:\program files\SystemRequirementsLab
2009-01-17 15:50    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\SystemRequirementsLab
2009-01-15 21:25    ---------    d-----w    d:\documenten en settings\All Users\Application Data\2F
2009-01-15 12:15    ---------    d-----w    d:\documenten en settings\All Users\Application Data\E29F
2009-01-13 12:12    43,520    ----a-w    c:\windows\system32\CmdLineExt03.dll
2009-01-12 17:46    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\Leadertech
2009-01-12 17:46    ---------    d-----w    d:\docume~1\MARCOV~1\APPLIC~1\Atari
2009-01-12 17:45    ---------    d-----w    c:\program files\Common Files\PocketSoft
2009-01-12 17:42    ---------    d--h--w    c:\program files\InstallShield Installation Information
2009-01-12 17:42    ---------    d-----w    c:\program files\Atari
2009-01-11 11:08    ---------    d-----w    c:\program files\Maxis
2009-01-09 19:29    ---------    d-----w    c:\program files\THQ
2008-12-23 20:58    453,152    ----a-w    c:\windows\system32\NVUNINST.EXE
2008-12-21 17:42    410,984    ----a-w    c:\windows\system32\deploytk.dll
2008-12-20 23:03    826,368    ----a-w    c:\windows\system32\wininet.dll
2007-10-22 13:42    152    -c--a-w    d:\documenten en settings\marco visser\brdgInst.bat
2004-10-01 13:00    40,960    ----a-w    c:\program files\Uninstall_CDS.exe
2008-09-28 10:58    32,768    --sha-w    c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092820080929\index.dat
.

(((((((((((((((((((((((((((((   SnapShot@di 03-03-2009_20.03.22,82   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-03 18:04:42    170,084    -c--a-w    c:\windows\system32\Restore\rstrlog.dat
+ 2009-03-06 11:26:31    378,060    -c--a-w    c:\windows\system32\Restore\rstrlog.dat
- 2009-03-03 19:02:57    53,248    ----a-w    c:\windows\Temp\catchme.dll
+ 2009-03-09 11:12:44    53,248    ----a-w    c:\windows\Temp\catchme.dll
+ 2009-03-09 10:48:23    16,384    ----atw    c:\windows\Temp\Perflib_Perfdata_50c.dat
+ 2009-03-09 10:48:47    16,384    ----atw    c:\windows\Temp\Perflib_Perfdata_7d0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [26-12-2008 00:08 13680640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [09-07-2007 19:07 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [21-12-2008 18:42 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [02-03-2006 13:00 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [02-03-2006 13:00 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [02-03-2006 13:00 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [02-03-2006 13:00 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [12-02-2009 14:29 1601304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [26-12-2008 00:08 86016]
"nwiz"="nwiz.exe" [26-12-2008 00:08 1657376 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [14-04-2008 18:02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
12-02-2009 14:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 16-12-2008 21:16 637232 c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 19-01-2005 16:34 128000 c:\program files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 19-07-2007 07:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 19-01-2007 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 09-07-2001 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 26-12-2008 00:08 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 26-12-2008 00:08 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 02-11-2004 19:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 14-03-2007 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09-07-2007 19:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 02-11-2006 21:53 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 26-12-2008 00:08 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 31-10-2005 20:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 02-03-2006 01:22 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 16-06-2006 03:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"=
"c:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"=
"d:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\java.exe"=
"c:\\Sierra\\Empire Earth Demo\\Empire Earth.exe"=
"d:\\Empire Earth\\Empire Earth\\Empire Earth.exe"=
"d:\\Rose Online\\LoginServer.exe"=
"d:\\Rose Online\\CharServer.exe"=
"d:\\Rose Online\\WorldServer.exe"=
"d:\\Documenten en settings\\marco visser\\Mijn documenten\\Nieuwe map (2)\\pokemon online\\Pokemon Game.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"d:\\2moons!\\Fussion\\Fussion\\fussion\\FusionEX.exe"=
"c:\\rctycoon\\rct.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43594:TCP"= 43594:TCP:PvpScapepk
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"32976:TCP"= 32976:TCP:Hamachi

R2 Apache2.2;Apache2.2; [x]
R2 MySQL5;MySQL5; [x]
R2 MySQL501;MySQL501; [x]
R2 MySQL51;MySQL51; [x]
R3 gtermddo;gtermddo;d:\docume~1\MARCOV~1\LOCALS~1\Temp\gtermddo.sys [12-04-2006 03:32 31744]
R3 PavSRK.sys;PavSRK.sys; [x]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [22-06-2006 19:23 808448]
R3 ssj1;ssj1; [x]
R3 XDva158;XDva158; [x]
R3 XDva165;XDva165; [x]
R3 XDva201;XDva201; [x]
R4 itcppss;Indigo Tcp Port Sharing Service; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [12-02-2009 14:29 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [12-02-2009 14:29 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12-02-2009 14:29 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12-02-2009 14:29 298264]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - CTDevice_Srv
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - hamachi
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mcdbus
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - MSSQLSERVER
*Deregistered* - Mup
*Deregistered* - MySQL
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - NPPTNT2
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SNMP
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMPNetworkSvc
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Inhoud van de 'Gedeelde Taken' map

2009-03-08 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [09-01-2008 04:08]
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-RunOnce-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe


.
------- Bijkomende Scan -------
.
DPF: {6717DA9C-4C48-4D2E-8822-B3CC9094023E} - hxxp://www.xiones.com/gameexec/XionesWebStarter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
FF - ProfilePath - d:\docume~1\MARCOV~1\APPLIC~1\Mozilla\Firefox\Profiles\e25oo7ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\documenten en settings\marco visser\Application Data\Mozilla\Firefox\Profiles\e25oo7ju.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsaix.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documenten en settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 12:12:45
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"d:\rose online\Mysql\bin\mysqld-nt\" --defaults-file=\"d:\rose online\Mysql\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL501]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL501"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL51"
.
Voltooingstijd: 09-03-2009 12:14:35
ComboFix-quarantined-files.txt  2009-03-09 11:13:47
ComboFix2.txt  2009-03-03 19:04:48
ComboFix3.txt  2008-12-21 15:12:08

Pre-Run: 14.982.746.112 bytes beschikbaar
Post-Run: 14.974.373.888 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

387    --- E O F ---    2009-02-25 21:52:00

En hier is Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:50, on 9-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Rose Online\Mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6717DA9C-4C48-4D2E-8822-B3CC9094023E} (XionesWebStarter Control) - http://www.xiones.com/gameexec/XionesWebStarter.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Digital Identity Service (InfoCard Service) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\Rose.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7846 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

d:\documenten en settings\All Users\Application Data\F6D

d:\documenten en settings\All Users\Application Data\160

d:\documenten en settings\All Users\Application Data\D290

d:\documenten en settings\All Users\Application Data\1A186

d:\documenten en settings\All Users\Application Data\298C

d:\documenten en settings\All Users\Application Data\142DE

d:\documenten en settings\All Users\Application Data\3A2DE

d:\documenten en settings\All Users\Application Data\36AB

d:\documenten en settings\All Users\Application Data\11FA

d:\documenten en settings\All Users\Application Data\331F4

d:\documenten en settings\All Users\Application Data\151C5

d:\documenten en settings\All Users\Application Data\2F

d:\documenten en settings\All Users\Application Data\E29F

c:\windows\system32\CmdLineExt03.dll

Driver::

gtermddo.sys

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O4 - HKLM\..\RunOnce: [GrpConv] grpconv –o

ALLE 015-LIJNEN

O16 - DPF: {6717DA9C-4C48-4D2E-8822-B3CC9094023E} (XionesWebStarter Control) - http://www.xiones.com/gameexec/XionesWebStarter.cab

Klik op 'Fix checked' om de items te verwijderen.

Tot slot nog een vraagje : gebruik je alles van MySQL ? Of niet ?

Link naar reactie
Delen op andere sites

Oke alles gedaan..

Ik heb maar 1x MySQL gebruikt meer niet gebruik het niet eens.

Log van Combofix :

ComboFix 09-03-06.02 - marco visser 10-03-2009 10:26:16.4 - NTFSx86
Gestart vanuit: d:\documenten en settings\marco visser\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documenten en settings\marco visser\Bureaublad\CFScript.txt

FILE ::
c:\windows\system32\CmdLineExt03.dll
d:\documenten en settings\All Users\Application Data\11FA
d:\documenten en settings\All Users\Application Data\142DE
d:\documenten en settings\All Users\Application Data\151C5
d:\documenten en settings\All Users\Application Data\160
d:\documenten en settings\All Users\Application Data\1A186
d:\documenten en settings\All Users\Application Data\298C
d:\documenten en settings\All Users\Application Data\2F
d:\documenten en settings\All Users\Application Data\331F4
d:\documenten en settings\All Users\Application Data\36AB
d:\documenten en settings\All Users\Application Data\3A2DE
d:\documenten en settings\All Users\Application Data\D290
d:\documenten en settings\All Users\Application Data\E29F
d:\documenten en settings\All Users\Application Data\F6D
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CmdLineExt03.dll
c:\windows\system32\system\

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-02-10 to 2009-03-10  ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 17:00    ---------    d-----w    c:\program files\Norton Security Scan
2009-03-08 12:37    ---------    d-----w    c:\program files\Warcraft III
2009-03-07 16:31    ---------    d-----w    c:\program files\BitTorrent
2009-03-06 11:24    ---------    d-----w    c:\program files\Xfire
2009-03-03 18:57    ---------    d-----w    c:\program files\Free Download Manager
2009-03-03 18:03    ---------    d-----w    c:\program files\Neffy
2009-02-26 22:42    ---------    d-----w    c:\program files\Programmer's Notepad
2009-02-26 18:46    42,320    ----a-w    c:\windows\system32\xfcodec.dll
2009-02-22 00:48    ---------    d-----w    c:\program files\Common Files\Delcam
2009-02-22 00:47    ---------    d-----w    c:\program files\Delcam
2009-02-22 00:05    ---------    d-----w    c:\program files\TeamViewer
2009-02-13 17:01    ---------    d-----w    c:\program files\Cheat Engine
2009-02-12 13:30    ---------    d-----w    d:\documenten en settings\All Users\Application Data\avg8
2009-02-12 13:29    325,128    ----a-w    c:\windows\system32\drivers\avgldx86.sys
2009-02-12 13:29    107,272    ----a-w    c:\windows\system32\drivers\avgtdix.sys
2009-02-12 13:29    10,520    ----a-w    c:\windows\system32\avgrsstx.dll
2009-02-04 21:47    ---------    d-----w    d:\documenten en settings\All Users\Application Data\F6D
2009-02-04 21:46    ---------    d-----w    d:\documenten en settings\All Users\Application Data\160
2009-02-03 18:30    34    ----a-w    d:\documenten en settings\marco visser\jagex_runescape_preferences.dat
2009-01-28 21:01    ---------    d-----w    d:\documenten en settings\All Users\Application Data\D290
2009-01-28 20:46    ---------    d-----w    d:\documenten en settings\All Users\Application Data\1A186
2009-01-22 21:52    ---------    d-----w    c:\program files\Sun
2009-01-22 21:50    ---------    d-----w    c:\program files\Java
2009-01-21 18:35    ---------    d-----w    d:\documenten en settings\All Users\Application Data\298C
2009-01-21 18:23    ---------    d-----w    d:\documenten en settings\All Users\Application Data\142DE
2009-01-21 18:21    ---------    d-----w    d:\documenten en settings\All Users\Application Data\3A2DE
2009-01-20 22:21    ---------    d-----w    c:\program files\Common Files\Common Share
2009-01-20 15:40    ---------    d-----w    c:\program files\Microsoft.NET
2009-01-18 21:24    ---------    d-----w    d:\documenten en settings\All Users\Application Data\36AB
2009-01-18 13:38    ---------    d-----w    d:\documenten en settings\All Users\Application Data\11FA
2009-01-18 10:51    ---------    d-----w    d:\documenten en settings\All Users\Application Data\331F4
2009-01-17 16:08    ---------    d-----w    d:\documenten en settings\All Users\Application Data\151C5
2009-01-17 15:53    ---------    d-----w    c:\program files\SystemRequirementsLab
2009-01-15 21:25    ---------    d-----w    d:\documenten en settings\All Users\Application Data\2F
2009-01-15 12:15    ---------    d-----w    d:\documenten en settings\All Users\Application Data\E29F
2009-01-12 17:45    ---------    d-----w    c:\program files\Common Files\PocketSoft
2009-01-12 17:42    ---------    d--h--w    c:\program files\InstallShield Installation Information
2009-01-12 17:42    ---------    d-----w    c:\program files\Atari
2009-01-11 11:08    ---------    d-----w    c:\program files\Maxis
2008-12-23 20:58    453,152    ----a-w    c:\windows\system32\NVUNINST.EXE
2008-12-21 17:42    410,984    ----a-w    c:\windows\system32\deploytk.dll
2008-12-20 23:03    826,368    ----a-w    c:\windows\system32\wininet.dll
2007-10-22 13:42    152    -c--a-w    d:\documenten en settings\marco visser\brdgInst.bat
2004-10-01 13:00    40,960    ----a-w    c:\program files\Uninstall_CDS.exe
2008-09-28 10:58    32,768    --sha-w    c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092820080929\index.dat
.

(((((((((((((((((((((((((((((   SnapShot@di 03-03-2009_20.03.22,82   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-03 18:04:42    170,084    -c--a-w    c:\windows\system32\Restore\rstrlog.dat
+ 2009-03-06 11:26:31    378,060    -c--a-w    c:\windows\system32\Restore\rstrlog.dat
- 2009-03-03 19:02:57    53,248    ----a-w    c:\windows\Temp\catchme.dll
+ 2009-03-10 09:29:14    53,248    ----a-w    c:\windows\Temp\catchme.dll
+ 2009-03-10 09:14:13    16,384    ----atw    c:\windows\Temp\Perflib_Perfdata_320.dat
+ 2009-03-10 09:13:40    16,384    ----atw    c:\windows\Temp\Perflib_Perfdata_754.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [26-12-2008 00:08 13680640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [09-07-2007 19:07 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [21-12-2008 18:42 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [02-03-2006 13:00 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [02-03-2006 13:00 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [02-03-2006 13:00 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [02-03-2006 13:00 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [12-02-2009 14:29 1601304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [26-12-2008 00:08 86016]
"nwiz"="nwiz.exe" [26-12-2008 00:08 1657376 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [14-04-2008 18:02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
12-02-2009 14:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 16-12-2008 21:16 637232 c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 19-01-2005 16:34 128000 c:\program files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 19-07-2007 07:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 19-01-2007 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 09-07-2001 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 26-12-2008 00:08 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 26-12-2008 00:08 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 02-11-2004 19:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 14-03-2007 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09-07-2007 19:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 02-11-2006 21:53 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 26-12-2008 00:08 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 31-10-2005 20:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 02-03-2006 01:22 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 16-06-2006 03:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"=
"c:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"=
"d:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\java.exe"=
"c:\\Sierra\\Empire Earth Demo\\Empire Earth.exe"=
"d:\\Empire Earth\\Empire Earth\\Empire Earth.exe"=
"d:\\Rose Online\\LoginServer.exe"=
"d:\\Rose Online\\CharServer.exe"=
"d:\\Rose Online\\WorldServer.exe"=
"d:\\Documenten en settings\\marco visser\\Mijn documenten\\Nieuwe map (2)\\pokemon online\\Pokemon Game.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"d:\\2moons!\\Fussion\\Fussion\\fussion\\FusionEX.exe"=
"c:\\rctycoon\\rct.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43594:TCP"= 43594:TCP:PvpScapepk
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"32976:TCP"= 32976:TCP:Hamachi

R2 Apache2.2;Apache2.2; [x]
R2 MySQL5;MySQL5; [x]
R2 MySQL501;MySQL501; [x]
R2 MySQL51;MySQL51; [x]
R3 gtermddo;gtermddo;d:\docume~1\MARCOV~1\LOCALS~1\Temp\gtermddo.sys [12-04-2006 03:32 31744]
R3 PavSRK.sys;PavSRK.sys; [x]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [22-06-2006 19:23 808448]
R3 ssj1;ssj1; [x]
R3 XDva158;XDva158; [x]
R3 XDva165;XDva165; [x]
R3 XDva201;XDva201; [x]
R4 itcppss;Indigo Tcp Port Sharing Service; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [12-02-2009 14:29 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [12-02-2009 14:29 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12-02-2009 14:29 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12-02-2009 14:29 298264]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - CTDevice_Srv
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - hamachi
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mcdbus
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - MSSQLSERVER
*Deregistered* - Mup
*Deregistered* - MySQL
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - NPPTNT2
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SNMP
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMPNetworkSvc
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Inhoud van de 'Gedeelde Taken' map

2009-03-08 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [09-01-2008 04:08]
.
.
------- Bijkomende Scan -------
.
DPF: {6717DA9C-4C48-4D2E-8822-B3CC9094023E} - hxxp://www.xiones.com/gameexec/XionesWebStarter.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
FF - ProfilePath - d:\docume~1\MARCOV~1\APPLIC~1\Mozilla\Firefox\Profiles\e25oo7ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\documenten en settings\marco visser\Application Data\Mozilla\Firefox\Profiles\e25oo7ju.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsaix.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documenten en settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 10:29:14
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"d:\rose online\Mysql\bin\mysqld-nt\" --defaults-file=\"d:\rose online\Mysql\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL501]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL501"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL51"
.
Voltooingstijd: 10-03-2009 10:31:07
ComboFix-quarantined-files.txt  2009-03-10 09:30:17
ComboFix2.txt  2009-03-09 11:14:36
ComboFix3.txt  2009-03-03 19:04:48
ComboFix4.txt  2008-12-21 15:12:08

Pre-Run: 16.400.146.432 bytes beschikbaar
Post-Run: 16.426.868.736 bytes beschikbaar

381    --- E O F ---    2009-02-25 21:52:00

Moet ie nu weer normaal zijn? of nog niet

Link naar reactie
Delen op andere sites

Ga naar Start - Uitvoeren en tik in: sc delete MySQL

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete MySQL5

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete MySQL501

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete MySQL51

Druk op Enter.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL][-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5][-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL501]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post dit logje in je volgende antwoord, samen met een nieuw log van HiJackThis.

Link naar reactie
Delen op andere sites

Combofix logje:

ComboFix 09-03-06.02 - marco visser 10-03-2009 11:29:29.5 - NTFSx86
Gestart vanuit: d:\documenten en settings\marco visser\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documenten en settings\marco visser\Bureaublad\CFScript.txt
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system\

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-02-10 to 2009-03-10  ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 17:00    ---------    d-----w    c:\program files\Norton Security Scan
2009-03-08 12:37    ---------    d-----w    c:\program files\Warcraft III
2009-03-07 16:31    ---------    d-----w    c:\program files\BitTorrent
2009-03-06 11:24    ---------    d-----w    c:\program files\Xfire
2009-03-03 18:57    ---------    d-----w    c:\program files\Free Download Manager
2009-03-03 18:03    ---------    d-----w    c:\program files\Neffy
2009-02-26 22:42    ---------    d-----w    c:\program files\Programmer's Notepad
2009-02-26 18:46    42,320    ----a-w    c:\windows\system32\xfcodec.dll
2009-02-22 00:48    ---------    d-----w    c:\program files\Common Files\Delcam
2009-02-22 00:47    ---------    d-----w    c:\program files\Delcam
2009-02-22 00:05    ---------    d-----w    c:\program files\TeamViewer
2009-02-13 17:01    ---------    d-----w    c:\program files\Cheat Engine
2009-02-12 13:30    ---------    d-----w    d:\documenten en settings\All Users\Application Data\avg8
2009-02-12 13:29    325,128    ----a-w    c:\windows\system32\drivers\avgldx86.sys
2009-02-12 13:29    107,272    ----a-w    c:\windows\system32\drivers\avgtdix.sys
2009-02-12 13:29    10,520    ----a-w    c:\windows\system32\avgrsstx.dll
2009-02-04 21:47    ---------    d-----w    d:\documenten en settings\All Users\Application Data\F6D
2009-02-04 21:46    ---------    d-----w    d:\documenten en settings\All Users\Application Data\160
2009-02-03 18:30    34    ----a-w    d:\documenten en settings\marco visser\jagex_runescape_preferences.dat
2009-01-28 21:01    ---------    d-----w    d:\documenten en settings\All Users\Application Data\D290
2009-01-28 20:46    ---------    d-----w    d:\documenten en settings\All Users\Application Data\1A186
2009-01-22 21:52    ---------    d-----w    c:\program files\Sun
2009-01-22 21:50    ---------    d-----w    c:\program files\Java
2009-01-21 18:35    ---------    d-----w    d:\documenten en settings\All Users\Application Data\298C
2009-01-21 18:23    ---------    d-----w    d:\documenten en settings\All Users\Application Data\142DE
2009-01-21 18:21    ---------    d-----w    d:\documenten en settings\All Users\Application Data\3A2DE
2009-01-20 22:21    ---------    d-----w    c:\program files\Common Files\Common Share
2009-01-20 15:40    ---------    d-----w    c:\program files\Microsoft.NET
2009-01-18 21:24    ---------    d-----w    d:\documenten en settings\All Users\Application Data\36AB
2009-01-18 13:38    ---------    d-----w    d:\documenten en settings\All Users\Application Data\11FA
2009-01-18 10:51    ---------    d-----w    d:\documenten en settings\All Users\Application Data\331F4
2009-01-17 16:08    ---------    d-----w    d:\documenten en settings\All Users\Application Data\151C5
2009-01-17 15:53    ---------    d-----w    c:\program files\SystemRequirementsLab
2009-01-15 21:25    ---------    d-----w    d:\documenten en settings\All Users\Application Data\2F
2009-01-15 12:15    ---------    d-----w    d:\documenten en settings\All Users\Application Data\E29F
2009-01-12 17:45    ---------    d-----w    c:\program files\Common Files\PocketSoft
2009-01-12 17:42    ---------    d--h--w    c:\program files\InstallShield Installation Information
2009-01-12 17:42    ---------    d-----w    c:\program files\Atari
2009-01-11 11:08    ---------    d-----w    c:\program files\Maxis
2008-12-23 20:58    453,152    ----a-w    c:\windows\system32\NVUNINST.EXE
2008-12-21 17:42    410,984    ----a-w    c:\windows\system32\deploytk.dll
2008-12-20 23:03    826,368    ----a-w    c:\windows\system32\wininet.dll
2007-10-22 13:42    152    -c--a-w    d:\documenten en settings\marco visser\brdgInst.bat
2004-10-01 13:00    40,960    ----a-w    c:\program files\Uninstall_CDS.exe
2008-09-28 10:58    32,768    --sha-w    c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092820080929\index.dat
.

(((((((((((((((((((((((((((((   SnapShot@di 03-03-2009_20.03.22,82   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-03 18:04:42    170,084    -c--a-w    c:\windows\system32\Restore\rstrlog.dat
+ 2009-03-06 11:26:31    378,060    -c--a-w    c:\windows\system32\Restore\rstrlog.dat
- 2009-03-03 19:02:57    53,248    ----a-w    c:\windows\Temp\catchme.dll
+ 2009-03-10 10:32:23    53,248    ----a-w    c:\windows\Temp\catchme.dll
+ 2009-03-10 09:38:47    16,384    ----atw    c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2009-03-10 09:38:15    16,384    ----atw    c:\windows\Temp\Perflib_Perfdata_730.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [26-12-2008 00:08 13680640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [09-07-2007 19:07 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [21-12-2008 18:42 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [02-03-2006 13:00 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [02-03-2006 13:00 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [02-03-2006 13:00 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [02-03-2006 13:00 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [12-02-2009 14:29 1601304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [26-12-2008 00:08 86016]
"nwiz"="nwiz.exe" [26-12-2008 00:08 1657376 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [14-04-2008 18:02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
12-02-2009 14:29 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documenten en settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
path=d:\documenten en settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 16-12-2008 21:16 637232 c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 19-01-2005 16:34 128000 c:\program files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 19-07-2007 07:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 19-01-2007 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 09-07-2001 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 26-12-2008 00:08 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 26-12-2008 00:08 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 02-11-2004 19:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 14-03-2007 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09-07-2007 19:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 02-11-2006 21:53 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 26-12-2008 00:08 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 31-10-2005 20:15 163840 c:\windows\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 02-03-2006 01:22 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 16-06-2006 03:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"=
"c:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\Java\\jre1.6.0\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"=
"d:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\java.exe"=
"c:\\Sierra\\Empire Earth Demo\\Empire Earth.exe"=
"d:\\Empire Earth\\Empire Earth\\Empire Earth.exe"=
"d:\\Rose Online\\LoginServer.exe"=
"d:\\Rose Online\\CharServer.exe"=
"d:\\Rose Online\\WorldServer.exe"=
"d:\\Documenten en settings\\marco visser\\Mijn documenten\\Nieuwe map (2)\\pokemon online\\Pokemon Game.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"d:\\2moons!\\Fussion\\Fussion\\fussion\\FusionEX.exe"=
"c:\\rctycoon\\rct.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43594:TCP"= 43594:TCP:PvpScapepk
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"32976:TCP"= 32976:TCP:Hamachi

R2 Apache2.2;Apache2.2; [x]
R3 gtermddo;gtermddo;d:\docume~1\MARCOV~1\LOCALS~1\Temp\gtermddo.sys [12-04-2006 03:32 31744]
R3 PavSRK.sys;PavSRK.sys; [x]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [22-06-2006 19:23 808448]
R3 ssj1;ssj1; [x]
R3 XDva158;XDva158; [x]
R3 XDva165;XDva165; [x]
R3 XDva201;XDva201; [x]
R4 itcppss;Indigo Tcp Port Sharing Service; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [12-02-2009 14:29 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [12-02-2009 14:29 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12-02-2009 14:29 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12-02-2009 14:29 298264]


--- Andere Services/Drivers In Geheugen ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - CTDevice_Srv
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - hamachi
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mcdbus
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - MSSQLSERVER
*Deregistered* - Mup
*Deregistered* - MySQL
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - NPPTNT2
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SNMP
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMPNetworkSvc
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Inhoud van de 'Gedeelde Taken' map

2009-03-08 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [09-01-2008 04:08]
.
.
------- Bijkomende Scan -------
.
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.gamengame.com/KALogoutComponent.cab
FF - ProfilePath - d:\docume~1\MARCOV~1\APPLIC~1\Mozilla\Firefox\Profiles\e25oo7ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\documenten en settings\marco visser\Application Data\Mozilla\Firefox\Profiles\e25oo7ju.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsaix.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documenten en settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 11:32:23
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"d:\rose online\Mysql\bin\mysqld-nt\" --defaults-file=\"d:\rose online\Mysql\my.ini\" MySQL"
.
Voltooingstijd: 10-03-2009 11:34:12
ComboFix-quarantined-files.txt  2009-03-10 10:33:23
ComboFix2.txt  2009-03-10 09:31:08
ComboFix3.txt  2009-03-09 11:14:36
ComboFix4.txt  2009-03-03 19:04:48
ComboFix5.txt  2009-03-10 10:29:01

Pre-Run: 16.428.732.416 bytes beschikbaar
Post-Run: 16.423.698.432 bytes beschikbaar

356    --- E O F ---    2009-02-25 21:52:00

Hijack logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:10, on 10-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Digital Identity Service (InfoCard Service) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7349 bytes

Link naar reactie
Delen op andere sites

Nu nog enkel deze items met HiJackThis fixen :

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - Default URLSearchHook is missing

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

Klik op 'Fix checked' om de items te verwijderen. En plak een nieuw log van HJT in je volgende bericht.

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.