Mededeling

Collapse
No announcement yet.

core.cache.dsk wil niet weg ! veel irritante popups.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • core.cache.dsk wil niet weg ! veel irritante popups.

    hoi,

    ik krijg allemaal irritante popups zoals be2.nl mobile2match.nl mt50.nl paypopup.com etc.
    dit wordt zoals ik hier: http://www.nucia.eu/forum/showthread.php?p=311253 heb gelezen veroorzaakt door core.cache.dsk en ik heb al vanalles geprobeerd. ook alles uit deze post gevolgd, maar bij mij is het niet opgelost. hitmanpro vele malen gedraaid, ook in veilige modus. hijackthis gedaan en log gechecked op hijackthis.de en de foute dingen verwijderd. combofix gedraaid in normale als veilige modus, maar deze meld dat core.cache.dsk niet verwijderd kon worden.

    ik heb het opnieuw installeren van windows even uitgesteld, omdat ik toch wel graag wil weten hoe dit verwijderd moet worden.

    ik kon helaas niet posten die de andere post waar dit probleem al was behandeld, vandaar deze nieuwe threat.

    is er ondertussen al een oplossing voor dit probleem. ik wacht in spanning af.
    Last edited by boriznl; 18-01-08, 14:45.

  • #2
    hijackthis log

    hier is mijn hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:00:52, on 18-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\DU Super Controler\DUSuperControler.exe
    C:\Program Files\DU Super Controler\DUSuperControler.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\BoriS\Bureaublad\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9751 bytes

    Comment


    • #3
      combofix log

      ComboFix 08-01-17.5 - BoriS 2008-01-17 20:37:58.4 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2509 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\BoriS\Bureaublad\ComboFix.exe

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\temp\tn3
      C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))
      .

      2008-01-17 20:40 . 2008-01-17 20:40 <DIR> d-------- C:\Temp\tn3
      2008-01-17 17:43 . 2008-01-17 17:43 <DIR> d--h----- C:\WINDOWS\PIF
      2008-01-17 14:54 . 2008-01-17 14:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-01-17 14:54 . 2008-01-17 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-01-17 14:52 . 2008-01-17 20:40 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
      2008-01-16 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-16 19:39 . 2008-01-16 19:39 <DIR> d-------- C:\RVAXO
      2008-01-16 19:38 . 2008-01-16 09:28 608,867 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-16 19:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-14 17:36 . 2008-01-14 21:59 <DIR> d-------- C:\Temp\Tmp___27274
      2008-01-14 12:40 . 2008-01-14 23:08 265 --a------ C:\WINDOWS\wininit.ini
      2008-01-14 11:22 . 2008-01-14 11:22 86,144 --a------ C:\WINDOWS\system32\drivers\ipfltdrvv.sys
      2008-01-09 20:35 . 2008-01-09 23:35 <DIR> d-------- C:\Temp\Tmp___27823
      2008-01-09 18:15 . 2008-01-09 18:15 1,355 --a------ C:\WINDOWS\imsins.BAK
      2008-01-09 13:09 . 2008-01-17 17:44 <DIR> dr-h----- C:\Documents and Settings\BoriS\Onlangs geopend
      2007-12-18 19:29 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\iTunes
      2007-12-18 19:29 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\iPod
      2007-12-18 19:28 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\QuickTime

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-17 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-01-17 07:07 --------- d-----w C:\Program Files\LogMeIn
      2008-01-16 10:57 --------- d-----w C:\Documents and Settings\BoriS\Application Data\Azureus
      2008-01-16 07:28 --------- d-----w C:\Program Files\DYMO Label
      2008-01-15 20:31 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-15 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-15 20:25 --------- d-----w C:\Program Files\Spyware Doctor
      2008-01-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-15 18:45 --------- d-----w C:\Program Files\SpywareBlaster
      2008-01-11 16:18 --------- d-----w C:\Documents and Settings\BoriS\Application Data\mIRC
      2008-01-11 16:17 --------- d-----w C:\Program Files\mIRC
      2008-01-07 11:04 --------- d-----w C:\Program Files\Azureus
      2008-01-04 07:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-12-18 07:46 --------- d-----w C:\Program Files\Norton 360
      2007-12-16 21:00 --------- d-----w C:\Documents and Settings\BoriS\Application Data\Lavasoft
      2007-12-16 20:58 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
      2007-12-16 20:58 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
      2007-12-16 16:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
      2007-12-16 15:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Tools
      2007-12-16 15:57 --------- d-----w C:\Program Files\Lavasoft
      2007-12-13 11:46 --------- d-----w C:\Program Files\CCleaner
      2007-12-13 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-12-10 12:08 --------- d-----w C:\Program Files\PokerStars
      2007-12-06 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-06 15:59 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
      2007-12-05 07:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
      2007-12-05 07:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
      2007-12-05 07:05 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
      2007-12-05 07:05 --------- d-----w C:\Program Files\Symantec
      2007-12-04 20:42 --------- d-----w C:\Program Files\Avery Wizard 3.1
      2007-12-04 20:14 --------- d-----w C:\Program Files\Common Files\Avery
      2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
      2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
      2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
      2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
      2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
      2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
      2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
      2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
      2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
      2007-11-28 16:06 --------- d-----w C:\Program Files\TomTom DesktopSuite
      2007-11-28 15:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2007-11-26 18:23 --------- d-----w C:\Program Files\Golf Buddies
      2007-11-26 17:04 164 ----a-w C:\install.dat
      2007-11-26 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
      2007-11-26 16:48 --------- d-----w C:\Program Files\Red Chair Software
      2007-11-26 16:48 --------- d-----w C:\Documents and Settings\BoriS\Application Data\Red Chair Software
      2007-11-22 19:53 --------- d-----w C:\Program Files\DC++
      2007-11-22 07:08 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer
      2007-11-22 07:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
      2007-11-18 08:57 --------- d-----w C:\Program Files\Porta
      2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
      .

      ((((((((((((((((((((((((((((( [email protected]_19.52.45.81 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-01-16 18:47:44 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      + 2008-01-17 13:18:49 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      - 2008-01-16 18:47:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2008-01-17 13:18:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      - 2008-01-16 18:47:44 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      + 2008-01-17 13:18:49 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      - 2008-01-16 18:47:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      + 2008-01-17 13:18:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      - 2008-01-16 18:47:46 7,790,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      + 2008-01-17 13:18:49 7,806,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      - 2008-01-16 18:47:46 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      + 2008-01-17 13:18:49 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      + 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
      + 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      + 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
      - 2008-01-16 18:43:39 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-01-17 13:28:13 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-01-16 18:43:39 77,862 ----a-w C:\WINDOWS\system32\perfc013.dat
      + 2008-01-17 13:28:13 77,862 ----a-w C:\WINDOWS\system32\perfc013.dat
      - 2008-01-16 18:43:39 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-01-17 13:28:13 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-01-16 18:43:39 458,884 ----a-w C:\WINDOWS\system32\perfh013.dat
      + 2008-01-17 13:28:13 458,884 ----a-w C:\WINDOWS\system32\perfh013.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-21 21:07 5674352]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51 202024]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:34 1289000]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
      "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35 716800]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
      "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 12:27 222208]
      "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048]
      "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
      "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
      "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:03 399360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
      DUSuperControler.lnk - C:\Program Files\DU Super Controler\DUSuperControler.exe [2004-01-20 21:09:46]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
      LMIinit.dll 2007-11-22 15:38 87352 C:\WINDOWS\system32\LMIinit.dll

      R1 ipfltdrvv;ipfltdrvv;C:\WINDOWS\system32\drivers\ipfltdrvv.sys [2008-01-14 11:22]
      R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00]
      R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
      R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys [2004-01-20 21:09]
      S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
      S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys
      S4 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Common Files\BinarySense\hldasvc.exe" [2007-08-09 13:23]

      *Newly Created Service* - COMHOST
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-12 08:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-17 20:41:00
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-17 20:43:11 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-17 19:43:09
      ComboFix2.txt 2008-01-17 19:37:30
      ComboFix3.txt 2008-01-17 13:25:33
      ComboFix4.txt 2008-01-16 18:53:05
      .
      2008-01-16 07:11:11 --- E O F ---

      Comment


      • #4
        Open Kladblok, kopieer en plak het volgende (vetgedrukte, tekst) in een leeg venster:

        Driver::
        SjyPkt
        ipfltdrvv

        File::
        C:\WINDOWS\system32\drivers\ipfltdrvv.sys



        Sla dit op op je Bureaublad als CFScript.txt.

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.

        Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

        Comment


        • #5
          ik heb het txt bestand gebruikt voor combofix.
          hij geeft in de log inderdaad aan dat de bestanden zijn verwijderd.

          Heel erg bedankt ! ik ga er vanuit dat de popups nu weg zijn.

          hier nog even mijn log:

          ComboFix 08-01-18.4 - BoriS 2008-01-18 15:50:54.6 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2376 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\BoriS\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\BoriS\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\WINDOWS\system32\drivers\ipfltdrvv.sys
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\temp\tn3
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\ipfltdrvv.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_IPFLTDRVV
          -------\LEGACY_SJYPKT
          -------\ipfltdrvv
          -------\SjyPkt


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
          .

          2008-01-17 20:54 . 2008-01-17 20:56 4,420 --a------ C:\WINDOWS\system32\tmp.reg
          2008-01-17 17:43 . 2008-01-17 17:43 <DIR> d--h----- C:\WINDOWS\PIF
          2008-01-17 14:54 . 2008-01-17 14:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
          2008-01-17 14:54 . 2008-01-17 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
          2008-01-16 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-16 19:39 . 2008-01-16 19:39 <DIR> d-------- C:\RVAXO
          2008-01-16 19:38 . 2008-01-16 09:28 608,867 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-01-16 19:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-01-14 17:36 . 2008-01-14 21:59 <DIR> d-------- C:\Temp\Tmp___27274
          2008-01-14 12:40 . 2008-01-14 23:08 265 --a------ C:\WINDOWS\wininit.ini
          2008-01-09 20:35 . 2008-01-09 23:35 <DIR> d-------- C:\Temp\Tmp___27823
          2008-01-09 18:15 . 2008-01-09 18:15 1,355 --a------ C:\WINDOWS\imsins.BAK
          2008-01-09 13:09 . 2008-01-18 15:49 <DIR> dr-h----- C:\Documents and Settings\BoriS\Onlangs geopend
          2007-12-18 19:29 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\iTunes
          2007-12-18 19:29 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\iPod
          2007-12-18 19:28 . 2007-12-18 19:29 <DIR> d-------- C:\Program Files\QuickTime

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-18 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-01-18 07:09 --------- d-----w C:\Program Files\LogMeIn
          2008-01-16 10:57 --------- d-----w C:\Documents and Settings\BoriS\Application Data\Azureus
          2008-01-16 07:28 --------- d-----w C:\Program Files\DYMO Label
          2008-01-15 20:31 --------- d-----w C:\Program Files\Hitman Pro
          2008-01-15 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-15 20:25 --------- d-----w C:\Program Files\Spyware Doctor
          2008-01-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-15 18:45 --------- d-----w C:\Program Files\SpywareBlaster
          2008-01-11 16:18 --------- d-----w C:\Documents and Settings\BoriS\Application Data\mIRC
          2008-01-11 16:17 --------- d-----w C:\Program Files\mIRC
          2008-01-07 11:04 --------- d-----w C:\Program Files\Azureus
          2008-01-04 07:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2007-12-18 07:46 --------- d-----w C:\Program Files\Norton 360
          2007-12-16 21:00 --------- d-----w C:\Documents and Settings\BoriS\Application Data\Lavasoft
          2007-12-16 20:58 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
          2007-12-16 20:58 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
          2007-12-16 16:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
          2007-12-16 15:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Tools
          2007-12-16 15:57 --------- d-----w C:\Program Files\Lavasoft
          2007-12-13 11:46 --------- d-----w C:\Program Files\CCleaner
          2007-12-13 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-12-10 12:08 --------- d-----w C:\Program Files\PokerStars
          2007-12-06 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-06 15:59 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
          2007-12-05 07:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
          2007-12-05 07:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
          2007-12-05 07:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
          2007-12-05 07:05 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
          2007-12-05 07:05 --------- d-----w C:\Program Files\Symantec
          2007-12-04 20:42 --------- d-----w C:\Program Files\Avery Wizard 3.1
          2007-12-04 20:14 --------- d-----w C:\Program Files\Common Files\Avery
          2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
          2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
          2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
          2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
          2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
          2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
          2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
          2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
          2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
          2007-11-28 16:06 --------- d-----w C:\Program Files\TomTom DesktopSuite
          2007-11-28 15:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
          2007-11-26 18:23 --------- d-----w C:\Program Files\Golf Buddies
          2007-11-26 17:04 164 ----a-w C:\install.dat
          2007-11-26 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
          2007-11-26 16:48 --------- d-----w C:\Program Files\Red Chair Software
          2007-11-26 16:48 --------- d-----w C:\Documents and Settings\BoriS\Application Data\Red Chair Software
          2007-11-22 19:53 --------- d-----w C:\Program Files\DC++
          2007-11-22 14:38 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
          2007-11-22 14:38 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
          2007-11-22 14:38 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
          2007-11-22 14:38 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
          2007-11-22 14:38 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
          2007-11-22 07:08 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer
          2007-11-22 07:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
          2007-11-18 08:57 --------- d-----w C:\Program Files\Porta
          2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
          .

          ((((((((((((((((((((((((((((( [email protected]01-16_19.52.45.81 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-16 18:47:44 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-18 14:50:35 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          - 2008-01-16 18:47:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-18 14:50:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          - 2008-01-16 18:47:44 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          + 2008-01-18 14:50:35 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          - 2008-01-16 18:47:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-18 14:50:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          - 2008-01-16 18:47:46 7,790,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-18 14:50:36 7,852,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          - 2008-01-16 18:47:46 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-18 14:50:36 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
          + 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
          + 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
          + 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
          - 2008-01-16 18:43:39 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
          + 2008-01-17 13:28:13 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
          - 2008-01-16 18:43:39 77,862 ----a-w C:\WINDOWS\system32\perfc013.dat
          + 2008-01-17 13:28:13 77,862 ----a-w C:\WINDOWS\system32\perfc013.dat
          - 2008-01-16 18:43:39 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
          + 2008-01-17 13:28:13 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
          - 2008-01-16 18:43:39 458,884 ----a-w C:\WINDOWS\system32\perfh013.dat
          + 2008-01-17 13:28:13 458,884 ----a-w C:\WINDOWS\system32\perfh013.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-21 21:07 5674352]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51 202024]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:34 1289000]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
          "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
          "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]
          "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35 716800]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
          "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 12:27 222208]
          "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048]
          "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
          "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
          "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
          "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:03 399360]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
          "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
          DUSuperControler.lnk - C:\Program Files\DU Super Controler\DUSuperControler.exe [2004-01-20 21:09:46]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
          LMIinit.dll 2007-11-22 15:38 87352 C:\WINDOWS\system32\LMIinit.dll

          R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00]
          R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
          R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys [2004-01-20 21:09]
          S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
          S4 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Common Files\BinarySense\hldasvc.exe" [2007-08-09 13:23]

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-12 08:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-18 15:54:48
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-18 15:57:14 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-18 14:57:11
          ComboFix2.txt 2008-01-17 19:47:06
          ComboFix3.txt 2008-01-17 19:43:11
          ComboFix4.txt 2008-01-17 19:37:30
          ComboFix5.txt 2008-01-17 13:25:33
          .
          2008-01-16 07:11:11 --- E O F ---

          Comment


          • #6
            Ziet er goed uit

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Dan denk ik dat alles weer OK is

            Comment


            • #7
              nou, ik heb het laatste ook nog even gedaan.
              we gaan er vanuit dat het weer goed is, want ik heb nog geen popups gezien.

              thanks !

              Comment


              • #8
                Graag gedaan hoor

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X