Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:25:02, on 13-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaya.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8A1D03FA-E7BC-4068-8FC1-4C43E58954AA} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2C246E9-3041-4D21-8F2D-B451593E19A8} - C:\WINDOWS\system32\ddaya.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6326 bytes

Hoi,

gebruik in het vervolg deze versie van HJT aub: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Na instalatie mag je je vorige versie verwijderen!!

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

Hier is het combo fix logje:

ComboFix 08-01-14.1 - kevin 2008-01-13 22:22:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.704 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\kevin\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.exe
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\RCX13.TMP


<pre>
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe ---> NeroCheck.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe ---> NVMixerTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ---> SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre>
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))
.

2008-01-13 22:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 19:21 . 2008-01-13 19:21 100 --a------ C:\WINDOWS\wininit.ini
2008-01-13 12:57 . 2008-01-13 09:54 253,952 --a------ C:\WINDOWS\system32\NDT2.SYS
2008-01-13 12:57 . 2004-08-04 04:00 32,256 --a------ C:\WINDOWS\system32\PERFS.EXE
2008-01-13 09:56 . 2008-01-13 09:56 277 --a------ C:\WINDOWS\game.ini
2008-01-12 12:22 . 2008-01-12 12:22 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\PlayFirst
2008-01-12 12:22 . 2008-01-12 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-11 15:42 . 2008-01-11 15:42 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
2008-01-09 22:45 . 2008-01-09 22:45 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-09 18:39 . 2008-01-09 18:39 <DIR> d-------- C:\Documents and Settings\kevin\LimeWire Store Purchased
2008-01-06 12:30 . 2008-01-14 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 12:30 . 2008-01-06 12:30 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\SUPERAntiSpyware.com
2008-01-06 12:30 . 2008-01-06 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 12:30 . 2008-01-06 12:30 32,256 --a------ C:\WINDOWS\system32\routing.exe
2008-01-06 12:29 . 2008-01-06 12:29 40 --a------ C:\WINDOWS\system32\drmgs.sys
2008-01-06 11:12 . 2008-01-13 10:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-05 12:22 . 2008-01-13 11:03 <DIR> dr-h----- C:\Documents and Settings\kevin\Onlangs geopend
2008-01-05 12:13 . 2008-01-05 12:13 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-01-05 12:11 . 2008-01-05 12:11 0 --a------ C:\Install
2008-01-05 11:39 . 2008-01-05 11:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-26 18:22 . 2007-12-26 18:22 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-26 18:20 . 2008-01-13 09:57 22,328 --a------ C:\Documents and Settings\kevin\Application Data\PnkBstrK.sys
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\InstallShield
2007-12-26 18:00 . 2007-12-26 18:00 <DIR> d-------- C:\Downloads
2007-12-21 15:47 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\MagicDisc
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-18 16:02 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\RAM Def XT
2007-12-17 17:59 . 2007-12-17 17:59 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-17 17:59 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-14 21:23 --------- d-----w C:\Program Files\QuickTime
2008-01-13 12:00 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-13 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Documents and Settings\kevin\Application Data\LimeWire
2008-01-09 17:39 --------- d-----w C:\Program Files\LimeWire
2008-01-09 17:38 --------- d-----w C:\Documents and Settings\kevin\Application Data\uTorrent
2008-01-06 11:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 17:01 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-19 13:37 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-11 21:36 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2007-11-21 20:59 --------- d-----w C:\Program Files\uTorrent
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-13 20:24 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-13 20:24 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-13 20:24 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-13 20:24 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2004-08-04 04:00]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2008-01-06 12:30]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-01-05 12:11]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2000-10-23 18:04]
S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV. SYS [2001-10-15 12:22]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SY S [2003-07-24 11:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 17:03:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:18:55 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 22:24:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-01-14 22:26:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 21:25:55
ComboFix2.txt 2008-01-06 11:06:37
.
2008-01-09 21:46:16 --- E O F ---


Hier volgt het hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:27, on 14-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\setup files\programmas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5765 bytes

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\NDT2.SYS
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\PERFS.EXE
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\drmgs.sys


Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

Hier is mijn combofix logje na u instructies:

ComboFix 08-01-14.1 - kevin 2008-01-15 18:07:39.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.598 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\kevin\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\kevin\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\NDT2.SYS
C:\WINDOWS\system32\PERFS.EXE
C:\WINDOWS\system32\routing.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\NDT2.SYS
C:\WINDOWS\system32\PERFS.EXE
C:\WINDOWS\system32\routing.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))
.

2008-01-13 22:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 19:21 . 2008-01-13 19:21 100 --a------ C:\WINDOWS\wininit.ini
2008-01-13 09:56 . 2008-01-13 09:56 277 --a------ C:\WINDOWS\game.ini
2008-01-12 12:22 . 2008-01-12 12:22 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\PlayFirst
2008-01-12 12:22 . 2008-01-12 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-09 18:39 . 2008-01-09 18:39 <DIR> d-------- C:\Documents and Settings\kevin\LimeWire Store Purchased
2008-01-06 12:30 . 2008-01-14 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 12:30 . 2008-01-06 12:30 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\SUPERAntiSpyware.com
2008-01-06 12:30 . 2008-01-06 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 11:12 . 2008-01-13 10:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-05 12:22 . 2008-01-15 18:07 <DIR> dr-h----- C:\Documents and Settings\kevin\Onlangs geopend
2008-01-05 12:13 . 2008-01-05 12:13 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-01-05 12:11 . 2008-01-05 12:11 0 --a------ C:\Install
2008-01-05 11:39 . 2008-01-05 11:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-26 18:22 . 2007-12-26 18:22 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-26 18:20 . 2008-01-13 09:57 22,328 --a------ C:\Documents and Settings\kevin\Application Data\PnkBstrK.sys
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\InstallShield
2007-12-26 18:00 . 2007-12-26 18:00 <DIR> d-------- C:\Downloads
2007-12-21 15:47 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\MagicDisc
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-18 16:02 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\RAM Def XT
2007-12-17 17:59 . 2007-12-17 17:59 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-17 17:59 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-14 22:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 21:23 --------- d-----w C:\Program Files\QuickTime
2008-01-13 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Documents and Settings\kevin\Application Data\LimeWire
2008-01-09 17:39 --------- d-----w C:\Program Files\LimeWire
2008-01-09 17:38 --------- d-----w C:\Documents and Settings\kevin\Application Data\uTorrent
2008-01-06 11:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 17:01 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-19 13:37 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-11 21:36 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2007-11-21 20:59 --------- d-----w C:\Program Files\uTorrent
.

((((((((((((((((((((((((((((( snapshot@2008-01-14_22.25.46.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 21:22:05 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-15 17:07:30 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 21:22:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-15 17:07:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 21:22:05 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-15 17:07:30 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 21:22:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-15 17:07:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 21:22:05 3,928,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-15 17:07:30 3,928,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 21:22:05 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 17:07:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 12:00:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-01-14 22:06:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-13 20:24 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-13 20:24 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-13 20:24 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-13 20:24 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-01-05 12:11]
S2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe []
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2000-10-23 18:04]
S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV. SYS [2001-10-15 12:22]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SY S [2003-07-24 11:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 17:03:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:18:55 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 18:09:49
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-01-15 18:10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 17:10:33
ComboFix2.txt 2008-01-14 21:26:03
ComboFix3.txt 2008-01-06 11:06:37
.
2008-01-09 21:46:16 --- E O F ---

Hoi,

Kun je even het WININIT.INI bestand opzoeken en daarna bekijken door het te openen in het kladblok. Post het resultaat hier in je volgende post.

Hoi,

Kun je even het WININIT.INI bestand opzoeken en daarna bekijken door het te openen in het kladblok. Post het resultaat hier in je volgende post.


dit staat er in dat tekstbestand:

[rename]
c:\tempjunk3893.tmp=C:\WINDOWS\system32\ddaya.dll_ tobedeleted
nul=c:\tempjunk3893.tmp

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\wininit.ini

Drivers::
perfmons
Routing


Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

nieuw combo fix logje na de laatse instructies:

ComboFix 08-01-14.1 - kevin 2008-01-15 22:00:42.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.718 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\kevin\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\kevin\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\wininit.ini
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\wininit.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))
.

2008-01-13 22:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 09:56 . 2008-01-13 09:56 277 --a------ C:\WINDOWS\game.ini
2008-01-12 12:22 . 2008-01-12 12:22 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\PlayFirst
2008-01-12 12:22 . 2008-01-12 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-09 18:39 . 2008-01-09 18:39 <DIR> d-------- C:\Documents and Settings\kevin\LimeWire Store Purchased
2008-01-06 12:30 . 2008-01-14 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 12:30 . 2008-01-06 12:30 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\SUPERAntiSpyware.com
2008-01-06 12:30 . 2008-01-06 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 11:12 . 2008-01-13 10:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-05 12:22 . 2008-01-15 22:00 <DIR> dr-h----- C:\Documents and Settings\kevin\Onlangs geopend
2008-01-05 12:13 . 2008-01-05 12:13 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-01-05 12:11 . 2008-01-05 12:11 0 --a------ C:\Install
2008-01-05 11:39 . 2008-01-05 11:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 13:20 . 2008-01-04 13:20 2 --a------ C:\WINDOWS\uid.tmp
2007-12-26 18:22 . 2007-12-26 18:22 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-26 18:20 . 2008-01-13 09:57 22,328 --a------ C:\Documents and Settings\kevin\Application Data\PnkBstrK.sys
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-26 18:01 . 2007-12-26 18:01 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\InstallShield
2007-12-26 18:00 . 2007-12-26 18:00 <DIR> d-------- C:\Downloads
2007-12-21 15:47 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\MagicDisc
2007-12-19 15:19 . 2007-12-19 15:19 38,400 --a------ C:\WINDOWS\wl.exe
2007-12-19 15:13 . 2007-12-19 15:13 73,216 --a------ C:\WINDOWS\WinLockDll.dll
2007-12-18 16:02 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\RAM Def XT
2007-12-17 17:59 . 2007-12-17 17:59 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-17 17:59 . 2007-12-26 18:02 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-15 17:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-14 22:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 21:23 --------- d-----w C:\Program Files\QuickTime
2008-01-13 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Documents and Settings\kevin\Application Data\LimeWire
2008-01-09 17:39 --------- d-----w C:\Program Files\LimeWire
2008-01-09 17:38 --------- d-----w C:\Documents and Settings\kevin\Application Data\uTorrent
2008-01-06 11:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost(3).exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\svchost(2).exe
2008-01-05 11:11 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2007-12-26 17:01 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-19 13:37 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-11 21:36 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp(2)(2).dll
2007-11-24 14:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-21 20:59 --------- d-----w C:\Program Files\uTorrent
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-14_22.25.46.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 21:22:05 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-15 21:00:39 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 21:22:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-15 21:00:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 21:22:05 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-15 21:00:39 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 21:22:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-15 21:00:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 21:22:05 3,928,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-15 21:00:40 3,928,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 21:22:05 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 21:00:40 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-13 20:24 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-13 20:24 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-13 20:24 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-13 20:24 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-01-05 12:11]
S2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe []
S2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2000-10-23 18:04]
S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV. SYS [2001-10-15 12:22]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SY S [2003-07-24 11:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 17:03:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:18:55 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:01:45
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2008-01-15 22:02:09
ComboFix-quarantined-files.txt 2008-01-15 21:02:01
ComboFix2.txt 2008-01-15 17:10:41
ComboFix3.txt 2008-01-14 21:26:03
ComboFix4.txt 2008-01-06 11:06:37
.
2008-01-09 21:46:16 --- E O F ---

Hoe werkt alles nu?

Hoe werkt alles nu?

Heb gescand met super anti spyware en nog steeds, hij vind deze "trojan vundo/ variant installer" Heb hem die wel laten verwijderen en dan heb ik terug opgestart. Tijdens heb opstarten krijg ik wel geen keuze menu met veilig modus zoals in het begin toen ik contact met u zocht. Nog een klein ding dat er is bijgekomen. Heb geen geluid meer in mijn webbrowers (internet explorer en mozilla firefox" Mijn geluidsvolume in het mengpaneel staat op en dempen staat NIET aangevinkt. Het enigste dat is verdwenen is die speaker rechts onderaan in de taakbalk. Voor de rest heb ik geluid via winamp en op al men games heb ik ook geluid

Hoi,

kijk eens in configuratiescherm bij geluiden en audioapparaten!! Controleer of daar alles nog goed staat.

Hoi,

kijk eens in configuratiescherm bij geluiden en audioapparaten!! Controleer of daar alles nog goed staat.

Dat staat allemaal correct denk ik. Het volume staat op 75%, dempen staat uitgevinkt, pictogram voor geluid in syteemvak plaatsen staat aangevinkt. Ook de hardware is getest en werkt correct. Toch staat het luidsprekertje niet rechts onderaan in de taakbalk ook al klik ik op dat kleine pijltje. Heb ook nog steeds geen geluid in mijn browsers. als ik mijn prullenbak leegmak ook geen geluid, bij opstarten pc ook geen geluid denk dat er iets mis is met de windows geluiden. Ik heb ook nog eens met super anti spyware een scan gedaan en geen vundo meer te vinden dus ik denk dat hij volledig is verwijderd.

Heb er nog maar even een hijackthis logfile bijgedaan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:23, on 16-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\MSN Messenger\livecall.exe
D:\setup files\programmas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5796 bytes

Staat windows geluiden standaard aangevinkt? Bij geluidschema!!

http://img341.imageshack.us/img341/4185/naamloosym0.th.png (http://img341.imageshack.us/my.php?image=naamloosym0.png)

Staat windows geluiden standaard aangevinkt? Bij geluidschema!!

http://img341.imageshack.us/img341/4185/naamloosym0.th.png (http://img341.imageshack.us/my.php?image=naamloosym0.png)


Hey avond,

jep windows standaard staat aangevinkt!!

Hoi,

ik zie echt niets in je logje hoor!!
Misschien je probleem hier eens voorleggen: http://www.minatica.be/forumdisplay.php?f=189

Hoi,

ik zie echt niets in je logje hoor!!
Misschien je probleem hier eens voorleggen: http://www.minatica.be/forumdisplay.php?f=189

In iedere geval hartelijk bedankt voor het helpen om vundo te verwijderen. Hoe komt men eigenlijk aan zoiets?

Bedankt!!!:bow::bow::bow::bow:

In iedere geval hartelijk bedankt voor het helpen om vundo te verwijderen. Hoe komt men eigenlijk aan zoiets?

Bedankt!!!:bow::bow::bow::bow:

Door te downloaden van slechte site's, iets over zetten van USB of cd met geinfecteerde bestanden enzovoort.

Wel gaan we Combofix nog verwijderen!!

Je kunt Combofix zo de-installeren:

Ga naar Start -> Uitvoeren
Typ in: ComboFix /U en druk op OK.

Je hebt nu ook een nieuw systeemherstelpunt.

Door te downloaden van slechte site's, iets over zetten van USB of cd met geinfecteerde bestanden enzovoort.

Wel gaan we Combofix nog verwijderen!!

Je kunt Combofix zo de-installeren:

Ga naar Start -> Uitvoeren
Typ in: ComboFix /U en druk op OK.

Je hebt nu ook een nieuw systeemherstelpunt.

O is gebeurd dank u :bow::bow::good: