Groen en dubbel lijnen onder woord.

[marleen2]

ComboFix 11-09-19.05 - Patrick 20/09/2011 14:56:49.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1431 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Documenten\Server\admin.txt

c:\documents and settings\All Users\Documenten\Server\server.dat

c:\documents and settings\Patrick\Application Data\PriceGong

c:\documents and settings\Patrick\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Patrick\Mijn documenten\~WRL0371.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL1290.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL1787.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL1841.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2074.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2075.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2499.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2695.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2853.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL3231.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL3636.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL3747.tmp

c:\documents and settings\Patrick\WINDOWS

c:\program files\Microsoft Office\Office11\OSA.exe

C:\Thumbs.db

c:\windows\IsUn0413.exe

c:\windows\system32\11478.exe

c:\windows\system32\15724.exe

c:\windows\system32\16827.exe

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\23281.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\28145.exe

c:\windows\system32\29358.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\system32\647349613

c:\windows\system32\9961.exe

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-20 to 2011-09-20 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file)

WebBrowser-{65CA59EE-9920-4D7F-8C41-BFA12403261A} - (no file)

SafeBoot-MsMpSvc

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-Easy-WebPrint - c:\windows\IsUn0413.exe

AddRemove-XGI V3 Display Driver Setup - c:\program files\XGI Technology

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-20 15:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2011-09-20 15:04:14

ComboFix-quarantined-files.txt 2011-09-20 13:04

.

Pre-Run: 16.971.087.872 bytes beschikbaar

Post-Run: 18.128.592.896 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 482A7458B0A575F22AD0217AC2841EE6

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Hoe staat het inmiddels met groen en dubbele lijntjes ?

[marleen2]

ComboFix 11-09-19.05 - Patrick 20/09/2011 15:51:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1326 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-20 to 2011-09-20 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-20 15:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2912)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2011-09-20 15:54:50

ComboFix-quarantined-files.txt 2011-09-20 13:54

ComboFix2.txt 2011-09-20 13:38

.

Pre-Run: 18.123.214.848 bytes beschikbaar

Post-Run: 18.112.339.968 bytes beschikbaar

.

- - End Of File - - 2632282D8030F0A6F6DBAB2703C08613

---------- Post toegevoegd om 14:02 ---------- Vorige post was om 13:57 ----------

De groene woorden en dubbele lijntjes zijn er nog steeds.

[kweezie wabbit]

De fix werd niet uitgevoerd omdat je het scriptje fout hebt opgeslagen.

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

Verwijder de ..txt op het einde zodat enkel CFScript.txt overblijft en doe dan de fix procedure opnieuw.

[marleen2]

Dat word me wel allemaal ingewikkeld, ik ben maar een leek:hmpf:

ComboFix 11-09-21.02 - Patrick 21/09/2011 17:49:04.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1380 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-21 to 2011-09-21 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-09-20_13.02.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-21 07:34 . 2011-09-21 07:34 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-21 17:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3244)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2011-09-21 17:55:33

ComboFix-quarantined-files.txt 2011-09-21 15:55

ComboFix2.txt 2011-09-20 13:54

ComboFix3.txt 2011-09-20 13:38

.

Pre-Run: 17.958.711.296 bytes beschikbaar

Post-Run: 17.950.019.584 bytes beschikbaar

.

- - End Of File - - 7F311C96EF7A98343712C5B77A2095E5

[Asus]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Het opslaan van CFScrift.txt is niet gelukt...bij jou noemt dit nu CFScript.txt..txt.

Ga naar je bureaublad en klik met recht op het script en kies dan voor naam wijzigen : wijzig de naam naar CFScrift.txt

Nadien sleep je CFScript.txt in ComboFix.exe en volg je de aanwijzingen uit post 12 en post 14.

[marleen2]

ComboFix 11-09-21.03 - Patrick 21/09/2011 19:25:38.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1317 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-21 to 2011-09-21 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-09-20_13.02.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-21 07:34 . 2011-09-21 07:34 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-21 19:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1376)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2011-09-21 19:31:26

ComboFix-quarantined-files.txt 2011-09-21 17:31

ComboFix2.txt 2011-09-21 15:55

ComboFix3.txt 2011-09-20 13:54

ComboFix4.txt 2011-09-20 13:38

.

Pre-Run: 18.067.853.312 bytes beschikbaar

Post-Run: 18.060.775.424 bytes beschikbaar

.

- - End Of File - - C5F93AB29389CB3EDB6F0BB18534333D

[kweezie wabbit]

De naam van het bestandje is nog steeds fout maar de foute lijn is nu wel verdwenen.

Is hiermee ook het probleem verdwenen?

Indien niet, post dan eens een link naar een website waar je dit fenomeen hebt. Dan klunnen we zelf zien wordt het misschien iets duidelijker wat juist het probleem is.

[marleen2]

Het is nog niet opgelost

Als ik bv gewoon naar de site van 2dehands.be ga dan staan daar woorden onderlijnd en in het groen. Hier eeb vb als ik op de groen woorden druk kom ik nu terecht opeen site waar ik een ipad 2 kan winnen

Caravan-winterhoes voor buitenstalling - Te koop | 2dehands.be

---------- Post toegevoegd om 09:16 ---------- Vorige post was om 09:13 ----------

Bij mij staan de woorden er dus zo in Compleet zelfs met winterfadekhoes apart voor het neuswiel.

[kape]

Heb even met verschillende browsers deze links getest en nergens verschijnen er groene of onderlijnde woorden. Heb je dat met je beide browsers (Firefox en Internet Explorer) ?