hulp gevraagd onbekende pictogrammen op bureablad

**kevindewachter** · 6 January 2008, 11:27

Ik krijg 3 "onbekende pictogrammen om mijn bureablad die ik zeker niet zelf heb geinstaleerd. Het zijn deze pictogrammen "go to casino", "free online dating" en "find spyware remover" Als mijn pc opgestart is verschijnt er ook steeds een programma dat genaamd is "spyware detevtion alert" (ook nog nooit gebruikt of geinstaleerd)

Hier is mijn logje

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:24:31, on 6-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\TEMP\win3F.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\lsass .exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\TEMP\win3F .exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaya.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\gebywxy.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9F4A2B45-791C-490E-A4B6-E7336DB15C5D} - (no file)
O2 - BHO: (no name) - {A25E2CD2-A51C-4B4B-861F-30E70CEE923F} - C:\WINDOWS\system32\ddaya.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win3F .exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvloj.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O20 - Winlogon Notify: gebywxy - C:\WINDOWS\SYSTEM32\gebywxy.dll
O20 - Winlogon Notify: winhdn32 - C:\WINDOWS\SYSTEM32\winhdn32.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6897 bytes

**Rosty** · 6 January 2008, 11:31

Hallo,

je hebt de nieuwste vorm van Vundo te pakken!!

Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

**kevindewachter** · 6 January 2008, 11:43

Eerst en vooral bedankt voor de snelle reactie.

Hier is het logje van combofix:

ComboFix 08-01-06.4 - kevin 2008-01-06 10:37:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.613 [GMT 1:00]
Gestart vanuit: D:\downloads\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
ADS - svchost.exe: deleted 51712 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kevin\Bureaublad\Find Spyware Remover.lnk
C:\Documents and Settings\kevin\Bureaublad\Free Online Dating.lnk
C:\Documents and Settings\kevin\Bureaublad\Go to Casino.lnk
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\lsass.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\smss.exe
C:\Program Files\spoolsv.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.exe
C:\WINDOWS\system32\drivers\GLP52.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drvlojr.dll
C:\WINDOWS\system32\drvnemr.dll
C:\WINDOWS\system32\efcyvvw.dll
C:\WINDOWS\system32\gebywxy.dll
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\urqrspq.dll
C:\WINDOWS\system32\winhdn32.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\TEMP\win3F .exe
C:\WINDOWS\xpupdate .exe
C:\WINDOWS\xpupdate.exe

Code:

 <pre>
"C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe" replaces infected copy of "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe" replaces infected copy of "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe" replaces infected copy of "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"C:\WINDOWS\xpupdate .exe" moved to QooBox
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FCI
-------\LEGACY_GLP52
-------\FCI

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
.

2008-01-06 10:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 10:17 . 2008-01-06 10:17 104,448 --a------ C:\WINDOWS\system32\drvloj.dll
2008-01-06 01:00 . 2008-01-06 01:00 29 --a------ C:\WINDOWS\system32\rtuepgdo.tmp
2008-01-05 12:22 . 2008-01-05 12:22 <DIR> dr-h----- C:\Documents and Settings\kevin\Onlangs geopend
2008-01-05 12:13 . 2008-01-05 12:13 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-01-05 12:11 . 2008-01-05 12:11 58,368 --a------ C:\itqrga.exe
2008-01-05 12:11 . 2008-01-05 12:11 2 --a------ C:\410286059
2008-01-05 12:11 . 2008-01-05 12:11 0 --a------ C:\Install
2008-01-05 11:44 . 2008-01-05 11:44 253,440 --a------ C:\WINDOWS\system32\ndt2.sys
2008-01-05 11:44 . 2008-01-05 11:44 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
2008-01-05 11:44 . 2008-01-05 11:44 32,256 --a------ C:\WINDOWS\system32\routing.exe
2008-01-05 11:44 . 2008-01-05 11:44 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-01-05 11:39 . 2008-01-05 11:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-26 18:22 . 2007-12-26 18:22 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-26 18:20 . 2007-12-26 18:20 22,328 --a------ C:\Documents and Settings\kevin\Application Data\PnkBstrK.sys
2007-12-26 18:20 . 2007-12-26 18:20 277 --a------ C:\WINDOWS\game.ini
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\InstallShield
2007-12-26 18:00 . 2007-12-26 18:00 <DIR> d-------- C:\Downloads
2007-12-21 15:47 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\MagicDisc
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-18 16:02 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\RAM Def XT
2007-12-17 17:59 . 2007-12-17 17:59 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-17 17:59 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-11 22:36 . 2007-12-11 22:36 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2007-12-11 22:36 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 10:44 . 2007-12-09 10:44 230,424 --a------ C:\img2-001.raw
2007-12-09 10:42 . 2007-04-25 15:36 835,584 --a------ C:\WINDOWS\vsnp325(2).exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-06 09:39 --------- d-----w C:\Program Files\QuickTime
2008-01-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:42 --------- d-----w C:\Documents and Settings\kevin\Application Data\uTorrent
2008-01-04 11:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-28 09:46 --------- d-----w C:\Documents and Settings\kevin\Application Data\LimeWire
2007-12-26 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 17:01 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-19 13:37 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-17 16:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 21:14 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-21 20:59 --------- d-----w C:\Program Files\uTorrent
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 11:14 --------- d-----w C:\Program Files\MOBILedit!
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-06 10:23 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 10:23 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 10:23 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"License"="locker.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2004-08-04 04:00]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2008-01-05 11:44]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-01-05 12:11]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2000-10-23 18:04]
S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV. SYS [2001-10-15 12:22]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SY S [2003-07-24 11:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 17:03:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 16:35:42 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 10:40:40
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-01-06 10:41:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 09:41:29
.
2007-12-26 22:52:23 --- E O F ---

Hier is mijn log terug:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:43:29, on 6-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5782 bytes

**Rosty** · 6 January 2008, 12:43

Hoi,

bedankt voor de logs.

Open HijackThis, klik op do a scan only en plaats een vinkje voor volgende regels:

O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O4 - HKLM\..\Run: [License] locker.exe

Sluit alle open vensters, behalve HijackThis, en klik op Fix Checked. Sluit HijackThis.

Verwijder via windows verkenner volgend bestand ( indien nog aanwezig)
C:\WINDOWS\locker.exe

Daarna,
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\drvloj.dll
C:\WINDOWS\system32\rtuepgdo.tmp
C:\itqrga.exe
C:\410286059
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\routing.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]

Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThis logje.

Laat me ook weten hoe alles werkt.

**kevindewachter** · 6 January 2008, 13:09

Het bestand C:\WINDOWS\locker.exe was niet meer terug te vinden op die locatie na de hijackthis instructies van u. De pc is wel niet opnieuw opgestart en heb de logjes geplaaste zonder terug te rebooten. Volgens mij werkt alles terug normaal en sneller als daarvoor. Maar jij bent de expert misschien kan je nog een paar foutjes vinden in de logfiles :-)

Hier is dan mijn nieuw log van combofix:

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-06 10:12 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-06 10:12 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-06 09:39 --------- d-----w C:\Program Files\QuickTime
2008-01-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost(3).exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost(2).exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2008-01-05 10:42 --------- d-----w C:\Documents and Settings\kevin\Application Data\uTorrent
2007-12-28 09:46 --------- d-----w C:\Documents and Settings\kevin\Application Data\LimeWire
2007-12-26 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 17:01 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-19 13:37 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-17 16:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp(2)(2).dll
2007-11-24 14:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-21 21:14 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-21 21:14 359,808 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-11-21 20:59 --------- d-----w C:\Program Files\uTorrent
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 11:14 --------- d-----w C:\Program Files\MOBILedit!
2007-11-04 04:13 57,670 ----a-w C:\WINDOWS\system32\Fix.bat
2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 662,528 ----a-w C:\WINDOWS\system32\wininet(2)(2).dll
2007-10-11 06:14 662,528 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 616,960 ----a-w C:\WINDOWS\system32\urlmon(2)(2).dll
2007-10-11 06:14 616,960 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,624 ----a-w C:\WINDOWS\system32\shlwapi(2)(2).dll
2007-10-11 06:14 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw(2)(2).dll
2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-06 10:23 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 10:23 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 10:23 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2004-08-04 04:00]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-01-05 12:11]
R3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2000-10-23 18:04]
R3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV. SYS [2001-10-15 12:22]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SY S [2003-07-24 11:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 17:03:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 16:35:42 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 12:06:18
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-01-06 12:06:36
ComboFix-quarantined-files.txt 2008-01-06 11:06:28
ComboFix2.txt 2008-01-06 09:41:37
.
2007-12-26 22:52:23 --- E O F ---

Hier is mijn hijack this log:

C:\WINDOWS\system32\notepad.exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5620 bytes

**Rosty** · 6 January 2008, 13:28

Hoi Kevin,

beide logjes, Combofix en HijackThis zijn niet volledig!!! Kun je deze opnieuw posten, eventueel in een aparte post!?

**kevindewachter** · 6 January 2008, 13:54

Mijn excuses hiervoor:
combofix :

ComboFix 08-01-06.4 - kevin 2008-01-06 12:05:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.726 [GMT 1:00]
Gestart vanuit: D:\downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\kevin\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\410286059
C:\itqrga.exe
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\drvloj.dll
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\rtuepgdo.tmp
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\410286059
C:\itqrga.exe
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\drvloj.dll
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\rtuepgdo.tmp

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
.

2008-01-06 11:12 . 2008-01-06 11:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-06 10:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:22 . 2008-01-06 12:04 <DIR> dr-h----- C:\Documents and Settings\kevin\Onlangs geopend
2008-01-05 12:13 . 2008-01-05 12:13 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-01-05 12:11 . 2008-01-05 12:11 0 --a------ C:\Install
2008-01-05 11:39 . 2008-01-05 11:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-26 18:22 . 2007-12-26 18:22 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-26 18:20 . 2007-12-26 18:20 22,328 --a------ C:\Documents and Settings\kevin\Application Data\PnkBstrK.sys
2007-12-26 18:20 . 2007-12-26 18:20 277 --a------ C:\WINDOWS\game.ini
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\InstallShield
2007-12-26 18:00 . 2007-12-26 18:00 <DIR> d-------- C:\Downloads
2007-12-21 15:47 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\MagicDisc
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-18 16:02 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\RAM Def XT
2007-12-17 17:59 . 2007-12-17 17:59 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-17 17:59 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-11 22:36 . 2007-12-11 22:36 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2007-12-11 22:36 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 10:44 . 2007-12-09 10:44 230,424 --a------ C:\img2-001.raw
2007-12-09 10:42 . 2007-04-25 15:36 835,584 --a------ C:\WINDOWS\vsnp325(2).exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-06 10:12 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-06 10:12 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-06 09:39 --------- d-----w C:\Program Files\QuickTime
2008-01-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost(3).exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost(2).exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2008-01-05 10:42 --------- d-----w C:\Documents and Settings\kevin\Application Data\uTorrent
2007-12-28 09:46 --------- d-----w C:\Documents and Settings\kevin\Application Data\LimeWire
2007-12-26 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 17:01 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-19 13:37 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-17 16:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp(2)(2).dll
2007-11-24 14:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-21 21:14 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-21 21:14 359,808 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-11-21 20:59 --------- d-----w C:\Program Files\uTorrent
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 11:14 --------- d-----w C:\Program Files\MOBILedit!
2007-11-04 04:13 57,670 ----a-w C:\WINDOWS\system32\Fix.bat
2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 662,528 ----a-w C:\WINDOWS\system32\wininet(2)(2).dll
2007-10-11 06:14 662,528 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 616,960 ----a-w C:\WINDOWS\system32\urlmon(2)(2).dll
2007-10-11 06:14 616,960 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,624 ----a-w C:\WINDOWS\system32\shlwapi(2)(2).dll
2007-10-11 06:14 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw(2)(2).dll
2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-06 10:23 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 10:23 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 10:23 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2004-08-04 04:00]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-01-05 12:11]
R3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2000-10-23 18:04]
R3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV. SYS [2001-10-15 12:22]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SY S [2003-07-24 11:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 17:03:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 16:35:42 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 12:06:18
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-01-06 12:06:36
ComboFix-quarantined-files.txt 2008-01-06 11:06:28
ComboFix2.txt 2008-01-06 09:41:37
.
2007-12-26 22:52:23 --- E O F ---

hijack log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:54:26, on 6-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5942 bytes

**Rosty** · 6 January 2008, 19:41

Dat ziet er goed uit.
Nog problemen?

**kevindewachter** · 6 January 2008, 20:10

Oorspronkelijk geplaatst door Rosty

Dat ziet er goed uit.
Nog problemen?

Nee hoor helemaal gaan problemen. Er is zelfs meer opgelost dan dat de vraag was. Ik had namelijk als ik men pc opstarte maar langs 1 box geluid, dan moest ik mij headset even aansluiten en dan werkte het wel. Nu start hij op en heb ik langs beide boxen geluid. Weet nu wel niet of het iets me dit probleem te maken heeft maar in ieder geval erg bedankt voor alle hulp.

groeten Kevin

**Rosty** · 6 January 2008, 20:14

Goed om horen.

Nu gaan we combofix de-instaleren:

Je kunt Combofix zo de-installeren:

Ga naar Start -> Uitvoeren
Typ in: ComboFix /U en druk op OK.

Je hebt nu ook een nieuw systeemherstelpunt.

Discussie: hulp gevraagd onbekende pictogrammen op bureablad

Discussietools

Discussie doorzoeken

Weergave

hulp gevraagd onbekende pictogrammen op bureablad

De volgende gebruiker bedankt Rosty voor deze nuttige post:

De volgende gebruiker bedankt Rosty voor deze nuttige post:

De volgende gebruiker bedankt Rosty voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

hulp gevraagd!!

hulp gevraagd

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten