Ga naar inhoud

Groen en dubbel lijnen onder woord.


Aanbevolen berichten

ComboFix 11-09-19.05 - Patrick 20/09/2011 14:56:49.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1431 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Documenten\Server\admin.txt

c:\documents and settings\All Users\Documenten\Server\server.dat

c:\documents and settings\Patrick\Application Data\PriceGong

c:\documents and settings\Patrick\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Patrick\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Patrick\Mijn documenten\~WRL0371.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL1290.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL1787.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL1841.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2074.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2075.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2499.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2695.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL2853.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL3231.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL3636.tmp

c:\documents and settings\Patrick\Mijn documenten\~WRL3747.tmp

c:\documents and settings\Patrick\WINDOWS

c:\program files\Microsoft Office\Office11\OSA.exe

C:\Thumbs.db

c:\windows\IsUn0413.exe

c:\windows\system32\11478.exe

c:\windows\system32\15724.exe

c:\windows\system32\16827.exe

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\23281.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\28145.exe

c:\windows\system32\29358.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\system32\647349613

c:\windows\system32\9961.exe

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-20 to 2011-09-20 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file)

WebBrowser-{65CA59EE-9920-4D7F-8C41-BFA12403261A} - (no file)

SafeBoot-MsMpSvc

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-Easy-WebPrint - c:\windows\IsUn0413.exe

AddRemove-XGI V3 Display Driver Setup - c:\program files\XGI Technology

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-20 15:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2011-09-20 15:04:14

ComboFix-quarantined-files.txt 2011-09-20 13:04

.

Pre-Run: 16.971.087.872 bytes beschikbaar

Post-Run: 18.128.592.896 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 482A7458B0A575F22AD0217AC2841EE6

Link naar reactie
Delen op andere sites

  • Reacties 91
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Hoe staat het inmiddels met groen en dubbele lijntjes ?

Link naar reactie
Delen op andere sites

ComboFix 11-09-19.05 - Patrick 20/09/2011 15:51:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1326 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-20 to 2011-09-20 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-20 15:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2912)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2011-09-20 15:54:50

ComboFix-quarantined-files.txt 2011-09-20 13:54

ComboFix2.txt 2011-09-20 13:38

.

Pre-Run: 18.123.214.848 bytes beschikbaar

Post-Run: 18.112.339.968 bytes beschikbaar

.

- - End Of File - - 2632282D8030F0A6F6DBAB2703C08613

---------- Post toegevoegd om 14:02 ---------- Vorige post was om 13:57 ----------

De groene woorden en dubbele lijntjes zijn er nog steeds.:dong:

Link naar reactie
Delen op andere sites

Dat word me wel allemaal ingewikkeld, ik ben maar een leek:hmpf:

ComboFix 11-09-21.02 - Patrick 21/09/2011 17:49:04.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1380 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-21 to 2011-09-21 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-09-20_13.02.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-21 07:34 . 2011-09-21 07:34 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-21 17:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3244)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2011-09-21 17:55:33

ComboFix-quarantined-files.txt 2011-09-21 15:55

ComboFix2.txt 2011-09-20 13:54

ComboFix3.txt 2011-09-20 13:38

.

Pre-Run: 17.958.711.296 bytes beschikbaar

Post-Run: 17.950.019.584 bytes beschikbaar

.

- - End Of File - - 7F311C96EF7A98343712C5B77A2095E5

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Het opslaan van CFScrift.txt is niet gelukt...bij jou noemt dit nu CFScript.txt..txt.

Ga naar je bureaublad en klik met recht op het script en kies dan voor naam wijzigen : wijzig de naam naar CFScrift.txt

Nadien sleep je CFScript.txt in ComboFix.exe en volg je de aanwijzingen uit post 12 en post 14.

Link naar reactie
Delen op andere sites

ComboFix 11-09-21.03 - Patrick 21/09/2011 19:25:38.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2037.1317 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Patrick\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Patrick\Bureaublad\CFScript.txt..txt

AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-21 to 2011-09-21 ))))))))))))))))))))))))))))))

.

.

2011-09-19 11:34 . 2011-09-19 11:34 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 16:58 . 2011-09-06 16:58 -------- d-----w- c:\documents and settings\Patrick\.jordan

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 11:52 . 2011-06-19 06:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 15:00 . 2011-03-21 13:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2008-12-15 12:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-09-07 16:42 . 2011-03-23 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-02-01 18:11 203776 --sh--w- c:\windows\system32\unrar.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-07-07 20:32 . 68180553F674B487BE777CFD6BE70726 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3GDR\es.dll

[-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP3QFE\es.dll

[-] 2008-07-07 20:23 . B3A4422CBD8DAA6710431F67C679DA24 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\753862110538d91277294ecede82cf33\SP2QFE\es.dll

[7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-09-20_13.02.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-21 07:34 . 2011-09-21 07:34 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XGIWatchDog"="XWatDog.exe" [2005-01-28 81920]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2011 15:41 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2011 15:41 22216]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\grijze stick\everest\kerneld.wnt --> h:\grijze stick\everest\kerneld.wnt [?]

S3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [15/05/2006 12:40 343040]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\r26woi8r.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=hompag

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-21 19:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\h:\grijze stick\everest\kerneld.wnt"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1376)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2011-09-21 19:31:26

ComboFix-quarantined-files.txt 2011-09-21 17:31

ComboFix2.txt 2011-09-21 15:55

ComboFix3.txt 2011-09-20 13:54

ComboFix4.txt 2011-09-20 13:38

.

Pre-Run: 18.067.853.312 bytes beschikbaar

Post-Run: 18.060.775.424 bytes beschikbaar

.

- - End Of File - - C5F93AB29389CB3EDB6F0BB18534333D

Link naar reactie
Delen op andere sites

Het is nog niet opgelost

Als ik bv gewoon naar de site van 2dehands.be ga dan staan daar woorden onderlijnd en in het groen. Hier eeb vb als ik op de groen woorden druk kom ik nu terecht opeen site waar ik een ipad 2 kan winnen

Caravan-winterhoes voor buitenstalling - Te koop | 2dehands.be

---------- Post toegevoegd om 09:16 ---------- Vorige post was om 09:13 ----------

Bij mij staan de woorden er dus zo in Compleet zelfs met winterfadekhoes apart voor het neuswiel.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.