Mededeling

Collapse
No announcement yet.

Internet Explorer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Internet Explorer

    Ik heb sinds een paar dagen een probleem met Internet Explorer. Als ik ong. 5min gebruik maak van Internet Explorer zegt hij dat het niet meer reageerd en sluit het af en start het vervolgens weer opnieuw op. Als ik het weg klik dmv het kruisje geeft hij de melding dat hij niet meer reageerd en word afgesloten, als je dan op annuleren drukt krijgt je een error.
    Hier paar screenshots:

    http://img219.imageshack.us/my.php?image=num1fe7.jpg
    http://img134.imageshack.us/my.php?image=num2jd3.jpg
    http://img225.imageshack.us/my.php?image=num3tz3.jpg

    Als ik gebruik maak van Firefox heb ik hier geen problemen mee. Ik heb windows vista en gebruik als scanner de nieuwste Northon.
    Ik hoop dat iemand mij hier vanaf kan helpen want het is behoorlijk irritant als je via msn naar je mail gaat gebruikt hij nog steeds IE.
    De Google toolbar is inmiddelse gedeinstalleerd vie configuratie scherm.
    Mijn zusje had wat gedownload via Limewire bij het openen daarvan kwamen er een paar rare programmas geinstalleerdn deze heb ik inmiddels verwijderd. Daarbij kwam er ook een melding van een Trojan door Northon.

    Hier mijn Hijack Log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:55:45, on 10-3-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 11147 bytes

  • #2
    Hallo en welkom,

    Ik ga even kijken voor je.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
      Kies voor 'Do a system scan only'
      Selecteer alleen de items die hieronder zijn genoemd:

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll

      Sluit alle vensters behalve Hijackthis
      Klik op 'Fix checked' om de items te verwijderen.


      * Download Malwarebytes' Anti-Malware via hier of hier.

      Dubbelklik mbam-setup.exe om het programma te installeren.
      • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
      • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
      • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
      • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
      • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

      Extra Nota:
      Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Het probleem is in middels opgelost door de instellingen te resetten van IE.

        Comment


        • #5
          Goed gedaan, mag ik toch nog om een nieuw gemaakt hjt logje verzoeken ?

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Heb die regels verwijderd met hijack alleen die yahoo toolbar stond er niet meer bij. Heb ook gescand met malware daarvan hier het logje:

            Malwarebytes' Anti-Malware 1.08
            Database versie: 493

            Scan type: Snelle Scan
            Objecten gescand: 32796
            Verstreken tijd: 3 minute(s), 29 second(s)

            Geheugenprocessen geïnfecteerd: 0
            Geheugenmodulen geïnfecteerd: 0
            Registersleutels geïnfecteerd: 1
            Registerwaarden geïnfecteerd: 0
            Registerdata bestanden geïnfecteerd: 0
            Mappen geïnfecteerd: 0
            Bestanden geïnfecteerd: 0

            Geheugenprocessen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Geheugenmodulen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registersleutels geïnfecteerd:
            HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

            Registerwaarden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registerdata bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Mappen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)


            Hijack this log.

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 20:55:45, on 10-3-2008
            Platform: Windows Vista (WinNT 6.00.1904)
            MSIE: Internet Explorer v7.00 (7.00.6000.16609)
            Boot mode: Normal

            Running processes:
            C:\Windows\system32\taskeng.exe
            C:\Windows\system32\Dwm.exe
            C:\Windows\RtHDVCpl.exe
            C:\Acer\Empowering Technology\SysMonitor.exe
            C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
            C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
            C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
            C:\Program Files\Windows Sidebar\sidebar.exe
            C:\Windows\ehome\ehtray.exe
            C:\Program Files\Windows Media Player\wmpnscfg.exe
            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
            C:\Windows\ehome\ehmsas.exe
            C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
            C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
            C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
            C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
            C:\Windows\System32\mobsync.exe
            C:\Windows\system32\conime.exe
            C:\Windows\explorer.exe
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            C:\Program Files\Xfire\xfire.exe
            C:\Program Files\Xfire\xfire.exe
            C:\Windows\SYSTEM32\WISPTIS.EXE
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Internet Explorer\IEUser.exe
            C:\Windows\system32\SearchFilterHost.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
            O1 - Hosts: ::1 localhost
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
            O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
            O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
            O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
            O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
            O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
            O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
            O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
            O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
            O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
            O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
            O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
            O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
            O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
            O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
            O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
            O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Empowering Technology Launcher.lnk = ?
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O13 - Gopher Prefix:
            O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
            O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
            O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
            O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
            O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
            O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
            O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

            --
            End of file - 11147 bytes

            Comment


            • #7
              Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
              Kies voor 'Do a system scan only'
              Selecteer alleen de items die hieronder zijn genoemd:

              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
              O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll

              Sluit alle vensters behalve Hijackthis
              Klik op 'Fix checked' om de items te verwijderen.

              Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
              Controleer onder Weergave de volgende instellingen:

              Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
              Uitzetten: Extensies voor bekende bestandstypen verbergen

              Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
              Selecteer: Verborgen bestanden en mappen weergeven

              Druk daarna op Toepassen gevolgd door Ok.

              Verwijder de volgende bestanden:
              C:\Windows\system32\certen.dll

              Hoe gaat het nu met de pc ?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll

                deze regels zijn verwijderd. Alleen ziet ie ik die Yahoo toolbar regel niet in de scan terug. het bestand certen.dll bestaat niet. Er is daar wel een bestandje dat het certenc.dl.
                Voor de rest geen problemen met de pc.

                Comment


                • #9
                  Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

                  Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
                  Is er iets niet duidelijk, dan vraag je het.
                  Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
                  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Hijack this:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 20:55:45, on 10-3-2008
                    Platform: Windows Vista (WinNT 6.00.1904)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
                    Boot mode: Normal

                    Running processes:
                    C:\Windows\system32\taskeng.exe
                    C:\Windows\system32\Dwm.exe
                    C:\Windows\RtHDVCpl.exe
                    C:\Acer\Empowering Technology\SysMonitor.exe
                    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
                    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
                    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
                    C:\Program Files\Windows Sidebar\sidebar.exe
                    C:\Windows\ehome\ehtray.exe
                    C:\Program Files\Windows Media Player\wmpnscfg.exe
                    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                    C:\Windows\ehome\ehmsas.exe
                    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
                    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
                    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
                    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
                    C:\Windows\System32\mobsync.exe
                    C:\Windows\system32\conime.exe
                    C:\Windows\explorer.exe
                    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                    C:\Program Files\Xfire\xfire.exe
                    C:\Program Files\Xfire\xfire.exe
                    C:\Windows\SYSTEM32\WISPTIS.EXE
                    C:\Program Files\Mozilla Firefox\firefox.exe
                    C:\Program Files\Internet Explorer\IEUser.exe
                    C:\Windows\system32\SearchFilterHost.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                    O1 - Hosts: ::1 localhost
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                    O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
                    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
                    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
                    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
                    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
                    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
                    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
                    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
                    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
                    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
                    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
                    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
                    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
                    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
                    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
                    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
                    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O13 - Gopher Prefix:
                    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
                    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
                    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
                    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
                    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

                    --
                    End of file - 11147 bytes




                    Combofix



                    ComboFix 08-03-14.4 - Fam. Hoogervorst 2008-03-15 18:47:28.1 - NTFSx86
                    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1897 [GMT 1:00]
                    Gestart vanuit: C:\Users\Fam. Hoogervorst\Downloads\ComboFix.exe
                    * Nieuw herstelpunt werd aangemaakt
                    .

                    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
                    .

                    Geen nieuwe bestanden aangemaakt in deze periode

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-03-15 17:09 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Xfire
                    2008-03-15 16:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
                    2008-03-15 16:47 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
                    2008-03-15 16:04 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Malwarebytes
                    2008-03-15 16:04 --------- d-----w C:\ProgramData\Malwarebytes
                    2008-03-15 16:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
                    2008-03-15 10:44 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\LimeWire
                    2008-03-15 07:52 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
                    2008-03-14 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
                    2008-03-14 17:02 --------- d-----w C:\Program Files\EA GAMES
                    2008-03-14 15:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
                    2008-03-14 15:52 --------- d-----w C:\Program Files\Java
                    2008-03-14 13:01 --------- d-----w C:\ProgramData\Symantec
                    2008-03-13 18:39 --------- d-----w C:\ProgramData\Lavasoft
                    2008-03-13 18:38 --------- d-----w C:\Program Files\Lavasoft
                    2008-03-13 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                    2008-03-13 15:33 --------- d-----w C:\Program Files\Windows Mail
                    2008-03-13 15:32 --------- d-----w C:\ProgramData\Microsoft Help
                    2008-03-11 14:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                    2008-03-10 19:55 --------- d-----w C:\Program Files\Trend Micro
                    2008-03-10 19:34 --------- d-----w C:\Program Files\Google
                    2008-03-10 15:29 --------- d-----w C:\Program Files\Common Files\Adobe
                    2008-03-09 08:31 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Zylom
                    2008-03-08 07:52 --------- d-----w C:\ProgramData\Zylom
                    2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
                    2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
                    2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
                    2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
                    2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
                    2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
                    2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
                    2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
                    2008-03-07 12:17 --------- d-----w C:\ProgramData\Xfire
                    2008-02-26 20:12 --------- d-s---w C:\Program Files\Xfire
                    2008-02-23 18:18 --------- d-----w C:\Program Files\18 WoS Pedal to the Metal
                    2008-02-21 01:57 54,608 ----a-w C:\Windows\System32\xfcodec.dll
                    2008-02-20 11:29 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\U3
                    2008-02-15 20:59 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Fuzzy Games
                    2008-02-13 22:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
                    2008-02-13 22:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
                    2008-02-13 22:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
                    2008-02-13 22:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
                    2008-02-13 22:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
                    2008-02-13 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
                    2008-02-13 22:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
                    2008-02-13 22:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
                    2008-02-13 22:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
                    2008-02-13 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
                    2008-02-13 22:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
                    2008-02-13 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
                    2008-02-13 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
                    2008-02-13 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
                    2008-02-13 22:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
                    2008-02-13 22:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
                    2008-02-13 22:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
                    2008-02-13 22:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
                    2008-02-13 22:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
                    2008-02-13 22:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
                    2008-02-13 22:02 824,832 ----a-w C:\Windows\System32\wininet.dll
                    2008-02-13 22:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
                    2008-02-13 22:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
                    2008-02-13 22:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
                    2008-02-12 15:28 --------- d-----w C:\Program Files\Norton Internet Security
                    2008-02-06 09:45 --------- d-----w C:\Program Files\LimeWire
                    2008-02-05 14:33 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\AdobeUM
                    2008-02-03 18:56 --------- d-----w C:\ProgramData\Logishrd
                    2008-02-03 18:56 --------- d-----w C:\Program Files\Picasa2
                    2008-02-03 18:56 --------- d-----w C:\Program Files\Microsoft Works
                    2008-02-03 18:56 --------- d-----w C:\Program Files\Common Files\LogiShrd
                    2008-02-03 14:53 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Samsung
                    2008-02-03 14:44 --------- d-----w C:\ProgramData\Logitech
                    2008-02-03 14:44 --------- d-----w C:\Program Files\Logitech
                    2008-02-03 13:51 --------- d-----w C:\Program Files\Samsung
                    2008-02-02 17:18 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
                    2008-02-02 17:14 22,328 ----a-w C:\Users\Fam. Hoogervorst\AppData\Roaming\PnkBstrK.sys
                    2008-02-02 16:58 --------- d-----w C:\Program Files\Activision
                    2008-01-22 15:31 --------- d-----w C:\Program Files\Teach2000
                    2008-01-21 22:18 --------- d-----w C:\Program Files\DivX
                    2008-01-18 16:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
                    2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
                    2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
                    2008-01-10 07:41 11,776 ----a-w C:\Windows\System32\sbunattend.exe
                    2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
                    2007-12-12 22:26 174 --sha-w C:\Program Files\desktop.ini
                    .

                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
                    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
                    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 08:41 1232896]
                    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Acer Tour"=""
                    "eRecoveryService"=""
                    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-12 22:59 1006264]
                    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
                    "Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 18:17 249856]
                    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
                    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
                    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
                    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
                    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
                    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
                    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
                    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
                    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
                    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
                    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
                    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
                    "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

                    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
                    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
                    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-18 21:28:25 528384]

                    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                    "UacDisableNotify"=dword:00000001
                    "InternetSettingsDisableNotify"=dword:00000001
                    "AutoUpdateDisableNotify"=dword:00000001

                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                    "DisableMonitoring"=dword:00000001

                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                    "DisableMonitoring"=dword:00000001

                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                    "DisableMonitoring"=dword:00000001

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
                    "EnableFirewall"= 0 (0x0)

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
                    "{20415DD2-3993-4AE4-9FE6-74AE0F20AAB3}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
                    "{0794A8CE-B631-4B5E-86F4-4C02AD148390}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
                    "{DFAD2593-1AA6-48DC-9D20-B08966C5C813}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
                    "{7A9CE1EA-2396-41FD-997F-849BB8D76F56}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
                    "{7B53CD19-58C3-46A3-8DCA-0C28FE714C22}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
                    "{5E314730-7F91-4291-A008-019D38479373}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
                    "{0DD82BC9-687A-460A-82D3-46FA338528AA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
                    "{DA27D130-3A31-4E3A-B19C-0FFDB864BB05}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
                    "{6AC89EBE-8C6A-478A-A83B-3A497569F2F1}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
                    "{15F98176-D853-42C8-8930-8EE02C0E943C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
                    "{68537384-E21A-48F0-86FE-B13402A0E979}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
                    "{F148EC8C-8FAC-4AC8-8962-F5966D7F344E}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
                    "{EDCE3643-5315-4BD1-8365-020C4354A4F5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
                    "{54C8A972-0F66-4ACD-A31F-C497CBE519B4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
                    "{46778FBF-7A5C-47C3-95E3-24702EEC2689}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
                    "{FA8326F5-88BD-41C2-8CD4-67C8CC8E3F8B}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
                    "{0123E671-86EF-48CB-A0A4-6812A7ECD6FD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
                    "EnableFirewall"= 0 (0x0)

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
                    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
                    "EnableFirewall"= 0 (0x0)

                    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
                    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
                    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
                    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
                    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
                    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 21:36]
                    R3 GMFilter Filter;GMFilter Filter;C:\Windows\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
                    R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
                    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
                    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
                    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
                    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
                    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
                    S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e1ca5f-a914-11dc-a9ee-806e6f6e6963}]
                    \shell\AutoRun\command - F:\AUTORUN.EXE

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc84953-c1b3-11dc-836f-001921ee9e25}]
                    \shell\AutoRun\command - K:\LaunchU3.exe -a

                    *Newly Created Service* - COMHOST
                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2008-03-14 19:03:50 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Fam. Hoogervorst.job"
                    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
                    .
                    **************************************************************************

                    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-03-15 18:49:09
                    Windows 6.0.6000 NTFS

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    Voltooingstijd: 2008-03-15 18:49:59
                    .
                    2008-03-14 15:41:11 --- E O F ---





                    De Yahoo regel zie ik niet in hijack this zelf staan dat vind ik raar en die 2 andere regels komen steeds terug.
                    Last edited by Sassefrass; 15-03-08, 20:01.

                    Comment


                    • #11
                      Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

                      • File::
                        C:\Windows\system32\drivers\lvuvc.hs
                        C:\Windows\system32\certen.dll


                      Sla dit op op je Bureaublad als CFScript.txt.

                      Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                      Dit zal ComboFix doen herstarten.

                      Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        ComboFix 08-03-14.4 - Fam. Hoogervorst 2008-03-15 19:19:42.2 - NTFSx86
                        Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2037 [GMT 1:00]
                        Gestart vanuit: C:\Users\Fam. Hoogervorst\Desktop\ComboFix.exe
                        Command switches used :: C:\Users\Fam. Hoogervorst\Desktop\CFScript.txt
                        * Nieuw herstelpunt werd aangemaakt

                        FILE ::
                        C:\Windows\system32\certen.dll
                        C:\Windows\system32\drivers\lvuvc.hs
                        .

                        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                        .

                        C:\Windows\system32\drivers\lvuvc.hs

                        .
                        (((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
                        .

                        Geen nieuwe bestanden aangemaakt in deze periode

                        .
                        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        2008-03-15 17:09 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Xfire
                        2008-03-15 16:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
                        2008-03-15 16:47 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
                        2008-03-15 16:04 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Malwarebytes
                        2008-03-15 16:04 --------- d-----w C:\ProgramData\Malwarebytes
                        2008-03-15 16:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
                        2008-03-15 10:44 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\LimeWire
                        2008-03-14 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
                        2008-03-14 17:02 --------- d-----w C:\Program Files\EA GAMES
                        2008-03-14 15:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
                        2008-03-14 15:52 --------- d-----w C:\Program Files\Java
                        2008-03-14 13:01 --------- d-----w C:\ProgramData\Symantec
                        2008-03-13 18:39 --------- d-----w C:\ProgramData\Lavasoft
                        2008-03-13 18:38 --------- d-----w C:\Program Files\Lavasoft
                        2008-03-13 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                        2008-03-13 15:33 --------- d-----w C:\Program Files\Windows Mail
                        2008-03-13 15:32 --------- d-----w C:\ProgramData\Microsoft Help
                        2008-03-11 14:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                        2008-03-10 19:55 --------- d-----w C:\Program Files\Trend Micro
                        2008-03-10 19:34 --------- d-----w C:\Program Files\Google
                        2008-03-10 15:29 --------- d-----w C:\Program Files\Common Files\Adobe
                        2008-03-09 08:31 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Zylom
                        2008-03-08 07:52 --------- d-----w C:\ProgramData\Zylom
                        2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
                        2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
                        2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
                        2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
                        2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
                        2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
                        2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
                        2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
                        2008-03-07 12:17 --------- d-----w C:\ProgramData\Xfire
                        2008-02-26 20:12 --------- d-s---w C:\Program Files\Xfire
                        2008-02-23 18:18 --------- d-----w C:\Program Files\18 WoS Pedal to the Metal
                        2008-02-21 01:57 54,608 ----a-w C:\Windows\System32\xfcodec.dll
                        2008-02-20 11:29 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\U3
                        2008-02-15 20:59 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Fuzzy Games
                        2008-02-13 22:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
                        2008-02-13 22:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
                        2008-02-13 22:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
                        2008-02-13 22:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
                        2008-02-13 22:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
                        2008-02-13 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
                        2008-02-13 22:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
                        2008-02-13 22:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
                        2008-02-13 22:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
                        2008-02-13 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
                        2008-02-13 22:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
                        2008-02-13 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
                        2008-02-13 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
                        2008-02-13 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
                        2008-02-13 22:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
                        2008-02-13 22:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
                        2008-02-13 22:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
                        2008-02-13 22:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
                        2008-02-13 22:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
                        2008-02-13 22:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
                        2008-02-13 22:02 824,832 ----a-w C:\Windows\System32\wininet.dll
                        2008-02-13 22:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
                        2008-02-13 22:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
                        2008-02-13 22:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
                        2008-02-12 15:28 --------- d-----w C:\Program Files\Norton Internet Security
                        2008-02-06 09:45 --------- d-----w C:\Program Files\LimeWire
                        2008-02-05 14:33 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\AdobeUM
                        2008-02-03 18:56 --------- d-----w C:\ProgramData\Logishrd
                        2008-02-03 18:56 --------- d-----w C:\Program Files\Picasa2
                        2008-02-03 18:56 --------- d-----w C:\Program Files\Microsoft Works
                        2008-02-03 18:56 --------- d-----w C:\Program Files\Common Files\LogiShrd
                        2008-02-03 14:53 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Samsung
                        2008-02-03 14:44 --------- d-----w C:\ProgramData\Logitech
                        2008-02-03 14:44 --------- d-----w C:\Program Files\Logitech
                        2008-02-03 13:51 --------- d-----w C:\Program Files\Samsung
                        2008-02-02 17:18 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
                        2008-02-02 17:14 22,328 ----a-w C:\Users\Fam. Hoogervorst\AppData\Roaming\PnkBstrK.sys
                        2008-02-02 16:58 --------- d-----w C:\Program Files\Activision
                        2008-01-22 15:31 --------- d-----w C:\Program Files\Teach2000
                        2008-01-21 22:18 --------- d-----w C:\Program Files\DivX
                        2008-01-18 16:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
                        2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
                        2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
                        2008-01-10 07:41 11,776 ----a-w C:\Windows\System32\sbunattend.exe
                        2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
                        2007-12-12 22:26 174 --sha-w C:\Program Files\desktop.ini
                        .

                        ((((((((((((((((((((((((((((( [email protected]_18.49.35,61 )))))))))))))))))))))))))))))))))))))))))
                        .
                        - 2008-03-15 07:50:54 67,584 ----a-w C:\Windows\bootstat.dat
                        + 2008-03-15 17:53:14 67,584 ----a-w C:\Windows\bootstat.dat
                        - 2008-03-15 17:06:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                        + 2008-03-15 18:08:24 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
                        - 2008-03-15 07:52:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                        + 2008-03-15 17:54:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                        + 2008-03-15 17:54:48 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
                        - 2008-03-15 17:46:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                        + 2008-03-15 17:55:14 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
                        - 2008-03-15 07:52:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                        + 2008-03-15 17:54:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                        + 2008-03-15 17:54:43 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
                        - 2008-03-15 17:12:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
                        + 2008-03-15 17:58:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
                        - 2008-03-15 17:12:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
                        + 2008-03-15 17:58:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
                        - 2008-03-15 17:12:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
                        + 2008-03-15 17:58:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
                        - 2008-03-15 07:57:20 104,570 ----a-w C:\Windows\System32\perfc009.dat
                        + 2008-03-15 17:59:38 104,570 ----a-w C:\Windows\System32\perfc009.dat
                        - 2008-03-15 07:57:21 123,636 ----a-w C:\Windows\System32\perfc013.dat
                        + 2008-03-15 17:59:39 123,636 ----a-w C:\Windows\System32\perfc013.dat
                        - 2008-03-15 07:57:21 612,848 ----a-w C:\Windows\System32\perfh009.dat
                        + 2008-03-15 17:59:39 612,848 ----a-w C:\Windows\System32\perfh009.dat
                        - 2008-03-15 07:57:21 692,336 ----a-w C:\Windows\System32\perfh013.dat
                        + 2008-03-15 17:59:39 692,336 ----a-w C:\Windows\System32\perfh013.dat
                        - 2008-03-15 07:53:48 9,550 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4015739630-3192811137-1066030499-1000_UserData.bin
                        + 2008-03-15 17:55:08 9,566 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4015739630-3192811137-1066030499-1000_UserData.bin
                        - 2008-03-15 07:53:48 65,602 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                        + 2008-03-15 17:55:08 65,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                        - 2008-03-15 07:53:46 46,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                        + 2008-03-15 17:55:06 46,800 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                        .
                        -- Snapshot reset to current date --
                        .
                        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        .
                        REGEDIT4
                        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
                        "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
                        "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 08:41 1232896]
                        "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "Acer Tour"=""
                        "eRecoveryService"=""
                        "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-12 22:59 1006264]
                        "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
                        "Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 18:17 249856]
                        "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
                        "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
                        "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
                        "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
                        "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
                        "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
                        "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
                        "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
                        "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
                        "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
                        "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
                        "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
                        "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
                        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

                        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                        "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
                        Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
                        Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-18 21:28:25 528384]

                        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                        "UacDisableNotify"=dword:00000001
                        "InternetSettingsDisableNotify"=dword:00000001
                        "AutoUpdateDisableNotify"=dword:00000001

                        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                        "DisableMonitoring"=dword:00000001

                        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                        "DisableMonitoring"=dword:00000001

                        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                        "DisableMonitoring"=dword:00000001

                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
                        "EnableFirewall"= 0 (0x0)

                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
                        "{20415DD2-3993-4AE4-9FE6-74AE0F20AAB3}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
                        "{0794A8CE-B631-4B5E-86F4-4C02AD148390}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
                        "{DFAD2593-1AA6-48DC-9D20-B08966C5C813}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
                        "{7A9CE1EA-2396-41FD-997F-849BB8D76F56}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
                        "{7B53CD19-58C3-46A3-8DCA-0C28FE714C22}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
                        "{5E314730-7F91-4291-A008-019D38479373}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
                        "{0DD82BC9-687A-460A-82D3-46FA338528AA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
                        "{DA27D130-3A31-4E3A-B19C-0FFDB864BB05}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
                        "{6AC89EBE-8C6A-478A-A83B-3A497569F2F1}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
                        "{15F98176-D853-42C8-8930-8EE02C0E943C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
                        "{68537384-E21A-48F0-86FE-B13402A0E979}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
                        "{F148EC8C-8FAC-4AC8-8962-F5966D7F344E}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
                        "{EDCE3643-5315-4BD1-8365-020C4354A4F5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
                        "{54C8A972-0F66-4ACD-A31F-C497CBE519B4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
                        "{46778FBF-7A5C-47C3-95E3-24702EEC2689}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
                        "{FA8326F5-88BD-41C2-8CD4-67C8CC8E3F8B}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
                        "{0123E671-86EF-48CB-A0A4-6812A7ECD6FD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
                        "EnableFirewall"= 0 (0x0)

                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
                        "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

                        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
                        "EnableFirewall"= 0 (0x0)

                        R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
                        R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
                        R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
                        R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
                        R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
                        R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 21:36]
                        R3 GMFilter Filter;GMFilter Filter;C:\Windows\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
                        R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
                        R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
                        R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
                        S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
                        S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
                        S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
                        S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

                        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e1ca5f-a914-11dc-a9ee-806e6f6e6963}]
                        \shell\AutoRun\command - F:\AUTORUN.EXE

                        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc84953-c1b3-11dc-836f-001921ee9e25}]
                        \shell\AutoRun\command - K:\LaunchU3.exe -a

                        *Newly Created Service* - COMHOST
                        .
                        Inhoud van de 'Gedeelde Taken' map
                        "2008-03-14 19:03:50 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Fam. Hoogervorst.job"
                        - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
                        .
                        **************************************************************************

                        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                        Rootkit scan 2008-03-15 19:21:17
                        Windows 6.0.6000 NTFS

                        scannen van verborgen processen ...

                        LVPrcSrv.exe [23952]

                        scannen van verborgen autostart items ...

                        scannen van verborgen bestanden ...

                        Scan succesvol afgerond
                        verborgen bestanden: 0

                        **************************************************************************
                        .
                        Voltooingstijd: 2008-03-15 19:22:02
                        ComboFix-quarantined-files.txt 2008-03-15 18:21:59
                        ComboFix2.txt 2008-03-15 17:50:00
                        .
                        2008-03-14 15:41:11 --- E O F ---

                        Comment


                        • #13
                          Alles goed neem ik aan

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            OKe dan is het verholpen bedankt...

                            Comment


                            • #15
                              Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

                              Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
                              Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.


                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X