Groen en dubbel lijnen onder woord.

[kape]

Download dan opnieuw Combofix en maak er een nieuw logje mee.

[marleen2]

Hier het gevraagde logje

ComboFix 11-10-01.03 - Patrick 02/10/2011 9:16.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1446 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Bureaublad\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\google\common\google updater\googleupdaterservice.exe

c:\windows\system32\Process.exe

c:\windows\system32\restart.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-02 to 2011-10-02 ))))))))))))))))))))))))))))))

.

.

2011-10-01 13:53 . 2011-10-01 13:55 4096 ----a-w- c:\windows\system32\reboot.exe

2011-10-01 13:53 . 2011-10-01 13:53 -------- d-----w- c:\windows\system32\regdacl

2011-09-27 19:58 . 2011-10-01 15:08 -------- d--h--r- c:\documents and settings\Patrick\Onlangs geopend

2011-09-27 18:16 . 2011-09-28 17:53 -------- d-----w- c:\documents and settings\Patrick\Application Data\Systweak

2011-09-27 18:16 . 2011-07-22 10:16 17280 ----a-w- c:\windows\system32\roboot.exe

2011-09-27 17:13 . 2011-10-01 14:04 -------- d-----w- c:\program files\Unlocker

2011-09-27 17:12 . 2011-09-29 05:39 -------- d-----w- c:\documents and settings\Patrick\Application Data\QuickStoresToolbar

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-02 09:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2011-10-02 09:22:41

ComboFix-quarantined-files.txt 2011-10-02 07:22

.

Pre-Run: 18.559.082.496 bytes beschikbaar

Post-Run: 18.686.488.576 bytes beschikbaar

.

- - End Of File - - 2AC6A150218B4A95CA160126311E419C

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\ctredr15.sys

Folder::

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar

DDS::

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

Driver::

ctredr15.sys

Firefox::

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[marleen2]

Hier het nieuwe logje

ComboFix 11-10-02.01 - Patrick 02/10/2011 20:35:05.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1393 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\system32\drivers\ctredr15.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\affid.ini

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\data.ini

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\Interop.SHDocVw.dll

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\persist.ini

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\QuickStores.ico

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\QuickStoresToolbar.dll

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\unins000.dat

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\unins000.exe

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\unins000.msg

c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\Update.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_CTREDR15.SYS

-------\Service_ctredr15.sys

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-02 to 2011-10-02 ))))))))))))))))))))))))))))))

.

.

2011-10-01 13:53 . 2011-10-01 13:55 4096 ----a-w- c:\windows\system32\reboot.exe

2011-10-01 13:53 . 2011-10-01 13:53 -------- d-----w- c:\windows\system32\regdacl

2011-09-27 19:58 . 2011-10-02 18:29 -------- d--h--r- c:\documents and settings\Patrick\Onlangs geopend

2011-09-27 18:16 . 2011-09-28 17:53 -------- d-----w- c:\documents and settings\Patrick\Application Data\Systweak

2011-09-27 18:16 . 2011-07-22 10:16 17280 ----a-w- c:\windows\system32\roboot.exe

2011-09-27 17:13 . 2011-10-01 14:04 -------- d-----w- c:\program files\Unlocker

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-10-02_07.21.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-02 18:41 . 2011-10-02 18:41 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-QuickStores-Toolbar_is1 - c:\documents and settings\Patrick\Application Data\QuickStoresToolbar\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-02 20:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3424)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2011-10-02 20:44:56 - machine werd herstart

ComboFix-quarantined-files.txt 2011-10-02 18:44

ComboFix2.txt 2011-10-02 07:22

.

Pre-Run: 18.546.761.728 bytes beschikbaar

Post-Run: 18.447.896.576 bytes beschikbaar

.

- - End Of File - - C33D865245C0F13009E4C8035CFF0E68

[kape]

Dit ziet er netjes uit. Is hiermee alles van de baan ?

[marleen2]

Neen,nu staat Qoobox er terug? hoe kan dat?

[kape]

Neen,nu staat Qoobox er terug? hoe kan dat?

Combofix gebruikt, dan is ook Qoobox er weer. Maar dan gaan we weer een stapje terug in het verleden :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

[marleen2]

Avenger staat er ook nog op in c schijf en daar zit een mapje in Qoobox

[kape]

Qoobox in The Avenger ??? Of lees ik dat verkeerd ? Kan je deze The Avenger niet verwijderen door rechtsklikken en kiezen voor "verwijderen". Dat moet normaal probleemloos lukken. Probeer het anders in "veilige modus".

[marleen2]

Krijg het niet verwijderd ook niet in veilige modus

[ATTACH]13740[/ATTACH]

Doc7.doc