Mededeling

**smeenk** · 13-03-08, 14:19

Wie heeft jouw die instructies voor CFScript.txt gegeven?

Ik zie die bestanden die jij probeert te verwijderen in het logje in ieder geval niet terug

Zet dit maar eens in je CFScript.txt

File::
C:\Windows\system32\drivers\WUDFRdd.sys
C:\Windows\system32\drivers\core.cache.dsk

Driver::
WUDFRdd

Probeer het slepen met CFScript.txt over Combofix.exe dan nog maar een keer

**rayen** · 13-03-08, 14:36

ComboFix 08-03-10.1 - Admin 2008-03-13 13:22:18.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1194 [GMT 1:00]
Gestart vanuit: C:\Users\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Admin\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\WUDFRdd.sys
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\WUDFRdd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_WUDFRDD
-------\WUDFRdd

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))
.

2008-03-13 12:02 . 2008-03-13 12:02 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-03-13 12:02 . 2008-03-13 12:02 <DIR> d-------- C:\Users\Admin\AppData\Roaming\Malwarebytes
2008-03-13 12:02 . 2008-03-13 12:02 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-03-13 12:02 . 2008-03-13 12:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-12 22:28 . 2008-03-12 22:28 <DIR> d-------- C:\Users\All Users\SpecialBit Games
2008-03-12 22:28 . 2008-03-12 22:28 <DIR> d-------- C:\ProgramData\SpecialBit Games
2008-03-12 22:22 . 2008-03-12 22:22 <DIR> d-------- C:\Program Files\bfgclient
2008-03-12 22:22 . 2008-03-12 22:27 <DIR> d-------- C:\BigFishGamesCache
2008-03-12 11:40 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 11:40 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-05 17:54 . 2008-03-05 17:54 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-03-05 17:11 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-03-05 17:11 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-03-05 17:11 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-03-05 17:10 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-03-05 17:10 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-05 17:10 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-21 11:10 . 2008-02-21 11:10 <DIR> d-------- C:\Windows\Hidden Expedition - Everest
2008-02-16 17:20 . 2008-02-16 17:20 <DIR> d-------- C:\Users\All Users\Trymedia
2008-02-16 17:20 . 2008-02-16 17:20 <DIR> d-------- C:\ProgramData\Trymedia
2008-02-16 12:47 . 2008-02-16 12:47 <DIR> d-------- C:\Users\All Users\FloodLightGames
2008-02-16 12:47 . 2008-02-16 12:47 <DIR> d-------- C:\Users\Admin\AppData\Roaming\FloodLightGames
2008-02-16 12:47 . 2008-02-16 12:47 <DIR> d-------- C:\ProgramData\FloodLightGames
2008-02-16 12:35 . 2008-02-16 12:35 <DIR> d-------- C:\Users\All Users\PlayFirst
2008-02-16 12:35 . 2008-02-16 12:35 <DIR> d-------- C:\Users\Admin\AppData\Roaming\PlayFirst
2008-02-16 12:35 . 2008-02-16 12:35 <DIR> d-------- C:\ProgramData\PlayFirst
2008-02-16 00:20 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-02-16 00:19 . 2008-02-16 00:20 <DIR> d-------- C:\Program Files\Java
2008-02-16 00:18 . 2008-02-16 00:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-14 23:26 . 2008-02-14 23:26 <DIR> d-------- C:\Users\Admin\AppData\Roaming\MysteryStudio
2008-02-14 23:26 . 2008-02-14 23:28 303 --a------ C:\Users\Admin\AppData\Roaming\bbbconfig.dat
2008-02-14 23:11 . 2008-02-14 23:11 <DIR> d-------- C:\Windows\16 Big Fish Games
2008-02-13 21:20 . 2008-02-13 21:20 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 21:20 . 2008-02-13 21:20 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 21:17 . 2008-02-13 21:17 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 21:17 . 2008-02-13 21:17 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 21:17 . 2008-02-13 21:17 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 21:17 . 2008-02-13 21:17 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 21:17 . 2008-02-13 21:17 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 21:17 . 2008-02-13 21:17 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-02-13 21:17 . 2008-02-13 21:17 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 21:17 . 2008-02-13 21:17 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-13 21:16 . 2008-02-13 21:16 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 21:16 . 2008-02-13 21:16 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 21:16 . 2008-02-13 21:16 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 21:16 . 2008-02-13 21:16 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 21:16 . 2008-02-13 21:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 21:16 . 2008-02-13 21:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 21:16 . 2008-02-13 21:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 21:13 . 2008-02-13 21:13 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 21:13 . 2008-02-13 21:13 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 21:13 . 2008-02-13 21:13 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-13 17:12 . 2008-02-13 17:12 125 --a------ C:\ioSpecial.ini
2008-02-13 15:14 . 2008-02-13 15:14 <DIR> d-------- C:\Users\Admin\AppData\Roaming\iWin

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 10:44 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 22:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 22:28 --------- d---a-w C:\ProgramData\TEMP
2008-03-01 22:18 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-02-13 20:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:14 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-11 08:39 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
2008-02-11 08:39 237,568 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
2008-02-08 12:53 110,592 ----a-w C:\Windows\System32\OnlineScannerLang.dll
2008-02-08 10:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 17:55 --------- d-----w C:\Program Files\Acer GameZone
2008-02-05 07:48 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
2008-02-01 20:15 --------- d-----w C:\Program Files\BFG
2008-02-01 19:03 --------- d-----w C:\Program Files\Gamenext
2008-02-01 12:36 --------- d-----w C:\Program Files\GamesBar
2008-02-01 11:16 --------- d-----w C:\Program Files\ReflexiveArcade
2008-01-31 21:48 --------- d-----w C:\ProgramData\LightScribe
2008-01-31 21:38 --------- d-----w C:\Users\Admin\AppData\Roaming\Nero
2008-01-31 21:36 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-31 21:34 --------- d-----w C:\ProgramData\Nero
2008-01-31 21:34 --------- d-----w C:\Program Files\Nero
2008-01-31 17:15 --------- d-----w C:\Users\Admin\AppData\Roaming\CyberLink
2008-01-31 17:15 --------- d-----w C:\ProgramData\CyberLink
2008-01-29 15:35 --------- d-----w C:\ProgramData\Forge of Games
2008-01-29 15:27 --------- d-----w C:\ProgramData\MumboJumbo
2008-01-29 15:00 --------- d-----w C:\ProgramData\Arcade Lab
2008-01-29 09:10 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-25 09:16 --------- d-----w C:\Program Files\VistaCodecPack
2008-01-25 08:32 --------- d-----w C:\Program Files\BitComet
2008-01-22 09:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-21 11:02 --------- d-----w C:\Users\Admin\AppData\Roaming\Download Manager
2008-01-21 09:26 --------- d-----w C:\Program Files\Windows Live
2008-01-21 09:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 09:19 --------- d-----w C:\ProgramData\WLInstaller
2008-01-21 08:37 --------- d-----w C:\Program Files\Alwil Software
2008-01-21 08:34 --------- d-----w C:\ProgramData\Lavasoft
2008-01-21 08:33 --------- d-----w C:\Program Files\Lavasoft
2008-01-21 08:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 10:45 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 10:41 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 10:41 --------- d-----w C:\Program Files\Windows Calendar
2008-01-20 09:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-20 09:24 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-20 09:24 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-20 09:24 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-20 09:24 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-20 09:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-20 09:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-20 09:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-20 09:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-20 09:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-20 09:15 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-20 09:15 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-20 09:15 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-20 09:12 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-20 09:12 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-20 09:12 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-20 09:12 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-20 09:12 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-20 09:11 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-20 09:10 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-19 23:15 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-19 23:15 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-19 23:15 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-19 23:15 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-19 23:14 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-19 23:14 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-19 23:14 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-19 23:14 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-19 23:14 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-01-19 13:32 --------- d-----w C:\ProgramData\Avg7
2008-01-19 13:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 13:15 --------- d-----w C:\Program Files\Winamp
2008-01-19 13:15 --------- d-----w C:\Program Files\QuickTime
2008-01-19 13:13 --------- d-----w C:\ProgramData\Apple Computer
2008-01-18 12:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-18 12:49 --------- d-----w C:\ProgramData\Symantec
2008-01-17 18:57 --------- d-----w C:\Program Files\Yahoo!
2008-01-17 18:41 --------- d-----w C:\Program Files\Acer Inc
2008-01-17 18:36 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-01-17 18:36 --------- d-----w C:\Program Files\Apoint2K
2008-01-17 18:32 --------- d-----w C:\Program Files\Launch Manager
2008-01-17 18:25 --------- d-sh--w C:\ProgramData\Sjablonen
2008-01-17 18:25 --------- d-sh--w C:\ProgramData\Menu Start
2008-01-17 18:25 --------- d-sh--w C:\ProgramData\Favorieten
2008-01-17 18:25 --------- d-sh--w C:\ProgramData\Documenten
2008-01-17 18:25 --------- d-sh--w C:\ProgramData\Bureaublad
2008-01-02 16:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 16:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 16:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 16:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 16:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 16:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 16:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 16:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 15:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
.

((((((((((((((((((((((((((((( [email protected]_12.20.10.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-13 11:17:44 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-13 12:25:51 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-03-13 11:18:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-13 12:26:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-13 12:26:36 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-13 11:18:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-13 12:26:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-13 12:26:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-13 11:18:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-03-13 12:26:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
- 2008-03-13 11:18:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-13 12:26:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-13 11:18:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-13 12:26:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-13 11:15:09 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-13 11:59:35 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-13 11:15:09 122,796 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-03-13 11:59:36 122,796 ----a-w C:\Windows\System32\perfc013.dat
- 2008-03-13 11:15:09 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-13 11:59:35 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-13 11:15:09 689,618 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-03-13 11:59:36 689,618 ----a-w C:\Windows\System32\perfh013.dat
- 2008-03-13 11:10:42 6,286 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2563748538-3981402601-2228790561-1000_UserData.bin
+ 2008-03-13 11:56:02 6,730 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2563748538-3981402601-2228790561-1000_UserData.bin
- 2008-03-13 11:10:42 62,140 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-13 11:56:02 62,490 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-13 11:10:41 48,856 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-13 11:55:59 49,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 10:15 1232896]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-17 07:05 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 17:25 155648]
"Acer Tour"=""

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 06:51 768520]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"eRecoveryService"=""

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-19 14:13 282624]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2563748538-3981402601-2228790561-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9506CF54-2C21-427B-9BD6-6A2F38305DB4}"= C:\Program Files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema|Desc=CyberLink PowerCinema
"{A508CF61-5C0E-4DE3-971F-E991FF87FFFA}"= C:\Program Files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{6047DC5D-FC09-41DF-8CFA-E340F93E855D}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{E7D88DEA-DC26-42B1-9F42-2BB6199610CF}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{A2CB42B9-06E9-4E5F-9B48-8A527EAB161A}"= C:\Program Files\Acer\HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
"{1C2F2824-488C-48ED-84C7-E1767587870A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{127B168B-A7B8-44B1-AF51-7DFEBBB3F178}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24A90DC1-E97E-4DA2-85D7-637D0FE44939}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{4496F287-A2FF-45B0-A7A4-F55BD35E25D4}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"UDP Query User{35767A20-CCEB-4024-81D7-0064D3691E96}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"{27D894D6-B845-44D9-A350-9A699B21B623}"= UDP:14359:BitComet 14359 TCP
"{E0E6D0AC-09AD-437B-94E2-ABEFE66DCAFD}"= TCP:14359:BitComet 14359 UDP
"TCP Query User{9EB86875-A5DE-4E92-B778-4B81469E6D2C}C:\program files\bitcomet\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"UDP Query User{75559AD1-6FB4-4B84-9EBF-F4BBC87BE37D}C:\program files\bitcomet\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client|Desc=BitComet - a BitTorrent Client
"TCP Query User{4BF815E2-189D-4F42-9DA1-FDE04A768DF2}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{E50D13A7-AED4-4ED7-81A1-355F6615BA3F}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{D42FDB85-C630-40C7-8DA9-26488019F12C}C:\program files\common files\nero\nero web\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer|Desc=Nero Installer
"UDP Query User{967369C7-2DFB-496D-AE25-86BA422C5C2F}C:\program files\common files\nero\nero web\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer|Desc=Nero Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 21:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 13:26:52
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-13 13:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 12:28:52
ComboFix2.txt 2008-03-13 11:57:05
ComboFix3.txt 2008-03-13 11:20:53
.
2008-03-12 22:57:09 --- E O F ---

THnx man ik hoop dat ik nu van die popups af ben..tot nu toe nog nix.
Btw moet ik nu nog iets doen bijvoorbeeld combofix verwijderen ofzo?

**smeenk** · 13-03-08, 15:46

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Dan denk ik dat het wel OK is

**rayen** · 13-03-08, 16:39

hey bedankt man ik heb tot nu toe ook nog geen popups gehad dus ik denk dat het is gelukt!

**smeenk** · 14-03-08, 16:47

Graag gedaan hoor

Mededeling

kan core.cache.dsk niet verwijderen!

kan core.cache.dsk niet verwijderen!

Comment

Comment

Comment

Comment

Comment