Hallo en welkom,

Ik ga even kijken voor je.

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


* Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

• Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
• Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
• Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
• De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
• Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Het probleem is in middels opgelost door de instellingen te resetten van IE.

Goed gedaan, mag ik toch nog om een nieuw gemaakt hjt logje verzoeken ?

Heb die regels verwijderd met hijack alleen die yahoo toolbar stond er niet meer bij. Heb ook gescand met malware daarvan hier het logje:

Malwarebytes' Anti-Malware 1.08
Database versie: 493

Scan type: Snelle Scan
Objecten gescand: 32796
Verstreken tijd: 3 minute(s), 29 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


Hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:45, on 10-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11147 bytes

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven

Druk daarna op Toepassen gevolgd door Ok.

Verwijder de volgende bestanden:
C:\Windows\system32\certen.dll

Hoe gaat het nu met de pc ?

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll

deze regels zijn verwijderd. Alleen ziet ie ik die Yahoo toolbar regel niet in de scan terug. het bestand certen.dll bestaat niet. Er is daar wel een bestandje dat het certenc.dl.
Voor de rest geen problemen met de pc.

Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:45, on 10-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {880E73B0-1998-4607-86C0-4A8D2243FC2F} - C:\Windows\system32\certen.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11147 bytes




Combofix



ComboFix 08-03-14.4 - Fam. Hoogervorst 2008-03-15 18:47:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1897 [GMT 1:00]
Gestart vanuit: C:\Users\Fam. Hoogervorst\Downloads\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 17:09 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Xfire
2008-03-15 16:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-15 16:47 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 16:04 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Malwarebytes
2008-03-15 16:04 --------- d-----w C:\ProgramData\Malwarebytes
2008-03-15 16:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-15 10:44 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\LimeWire
2008-03-15 07:52 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-03-14 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 17:02 --------- d-----w C:\Program Files\EA GAMES
2008-03-14 15:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-14 15:52 --------- d-----w C:\Program Files\Java
2008-03-14 13:01 --------- d-----w C:\ProgramData\Symantec
2008-03-13 18:39 --------- d-----w C:\ProgramData\Lavasoft
2008-03-13 18:38 --------- d-----w C:\Program Files\Lavasoft
2008-03-13 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 15:33 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 15:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 14:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 19:55 --------- d-----w C:\Program Files\Trend Micro
2008-03-10 19:34 --------- d-----w C:\Program Files\Google
2008-03-10 15:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-09 08:31 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Zylom
2008-03-08 07:52 --------- d-----w C:\ProgramData\Zylom
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-07 12:17 --------- d-----w C:\ProgramData\Xfire
2008-02-26 20:12 --------- d-s---w C:\Program Files\Xfire
2008-02-23 18:18 --------- d-----w C:\Program Files\18 WoS Pedal to the Metal
2008-02-21 01:57 54,608 ----a-w C:\Windows\System32\xfcodec.dll
2008-02-20 11:29 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\U3
2008-02-15 20:59 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Fuzzy Games
2008-02-13 22:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 22:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 22:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 22:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 22:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 22:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 22:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 22:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 22:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 22:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 22:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 22:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 22:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 22:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 22:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 22:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 15:28 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-06 09:45 --------- d-----w C:\Program Files\LimeWire
2008-02-05 14:33 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\AdobeUM
2008-02-03 18:56 --------- d-----w C:\ProgramData\Logishrd
2008-02-03 18:56 --------- d-----w C:\Program Files\Picasa2
2008-02-03 18:56 --------- d-----w C:\Program Files\Microsoft Works
2008-02-03 18:56 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-02-03 14:53 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Samsung
2008-02-03 14:44 --------- d-----w C:\ProgramData\Logitech
2008-02-03 14:44 --------- d-----w C:\Program Files\Logitech
2008-02-03 13:51 --------- d-----w C:\Program Files\Samsung
2008-02-02 17:18 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-02 17:14 22,328 ----a-w C:\Users\Fam. Hoogervorst\AppData\Roaming\PnkBstrK.sys
2008-02-02 16:58 --------- d-----w C:\Program Files\Activision
2008-01-22 15:31 --------- d-----w C:\Program Files\Teach2000
2008-01-21 22:18 --------- d-----w C:\Program Files\DivX
2008-01-18 16:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-10 07:41 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-12 22:26 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 08:41 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=""
"eRecoveryService"=""
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-12 22:59 1006264]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 18:17 249856]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-18 21:28:25 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20415DD2-3993-4AE4-9FE6-74AE0F20AAB3}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0794A8CE-B631-4B5E-86F4-4C02AD148390}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{DFAD2593-1AA6-48DC-9D20-B08966C5C813}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A9CE1EA-2396-41FD-997F-849BB8D76F56}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{7B53CD19-58C3-46A3-8DCA-0C28FE714C22}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{5E314730-7F91-4291-A008-019D38479373}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0DD82BC9-687A-460A-82D3-46FA338528AA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DA27D130-3A31-4E3A-B19C-0FFDB864BB05}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6AC89EBE-8C6A-478A-A83B-3A497569F2F1}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{15F98176-D853-42C8-8930-8EE02C0E943C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{68537384-E21A-48F0-86FE-B13402A0E979}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{F148EC8C-8FAC-4AC8-8962-F5966D7F344E}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{EDCE3643-5315-4BD1-8365-020C4354A4F5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{54C8A972-0F66-4ACD-A31F-C497CBE519B4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{46778FBF-7A5C-47C3-95E3-24702EEC2689}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{FA8326F5-88BD-41C2-8CD4-67C8CC8E3F8B}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0123E671-86EF-48CB-A0A4-6812A7ECD6FD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 21:36]
R3 GMFilter Filter;GMFilter Filter;C:\Windows\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e1ca5f-a914-11dc-a9ee-806e6f6e6963}]
\shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc84953-c1b3-11dc-836f-001921ee9e25}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-14 19:03:50 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Fam. Hoogervorst.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 18:49:09
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-03-15 18:49:59
.
2008-03-14 15:41:11 --- E O F ---





De Yahoo regel zie ik niet in hijack this zelf staan dat vind ik raar en die 2 andere regels komen steeds terug.

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• 
  File::
  C:\Windows\system32\drivers\lvuvc.hs
  C:\Windows\system32\certen.dll
  
  
  

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

ComboFix 08-03-14.4 - Fam. Hoogervorst 2008-03-15 19:19:42.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2037 [GMT 1:00]
Gestart vanuit: C:\Users\Fam. Hoogervorst\Desktop\ComboFix.exe
Command switches used :: C:\Users\Fam. Hoogervorst\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\Windows\system32\certen.dll
C:\Windows\system32\drivers\lvuvc.hs
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\lvuvc.hs

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 17:09 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Xfire
2008-03-15 16:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-15 16:47 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 16:04 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Malwarebytes
2008-03-15 16:04 --------- d-----w C:\ProgramData\Malwarebytes
2008-03-15 16:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-15 10:44 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\LimeWire
2008-03-14 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 17:02 --------- d-----w C:\Program Files\EA GAMES
2008-03-14 15:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-14 15:52 --------- d-----w C:\Program Files\Java
2008-03-14 13:01 --------- d-----w C:\ProgramData\Symantec
2008-03-13 18:39 --------- d-----w C:\ProgramData\Lavasoft
2008-03-13 18:38 --------- d-----w C:\Program Files\Lavasoft
2008-03-13 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 15:33 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 15:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 14:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 19:55 --------- d-----w C:\Program Files\Trend Micro
2008-03-10 19:34 --------- d-----w C:\Program Files\Google
2008-03-10 15:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-09 08:31 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Zylom
2008-03-08 07:52 --------- d-----w C:\ProgramData\Zylom
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-07 12:17 --------- d-----w C:\ProgramData\Xfire
2008-02-26 20:12 --------- d-s---w C:\Program Files\Xfire
2008-02-23 18:18 --------- d-----w C:\Program Files\18 WoS Pedal to the Metal
2008-02-21 01:57 54,608 ----a-w C:\Windows\System32\xfcodec.dll
2008-02-20 11:29 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\U3
2008-02-15 20:59 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Fuzzy Games
2008-02-13 22:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 22:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 22:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 22:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 22:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 22:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 22:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 22:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 22:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 22:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 22:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 22:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 22:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 22:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 22:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 22:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 15:28 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-06 09:45 --------- d-----w C:\Program Files\LimeWire
2008-02-05 14:33 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\AdobeUM
2008-02-03 18:56 --------- d-----w C:\ProgramData\Logishrd
2008-02-03 18:56 --------- d-----w C:\Program Files\Picasa2
2008-02-03 18:56 --------- d-----w C:\Program Files\Microsoft Works
2008-02-03 18:56 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-02-03 14:53 --------- d-----w C:\Users\Fam. Hoogervorst\AppData\Roaming\Samsung
2008-02-03 14:44 --------- d-----w C:\ProgramData\Logitech
2008-02-03 14:44 --------- d-----w C:\Program Files\Logitech
2008-02-03 13:51 --------- d-----w C:\Program Files\Samsung
2008-02-02 17:18 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-02 17:14 22,328 ----a-w C:\Users\Fam. Hoogervorst\AppData\Roaming\PnkBstrK.sys
2008-02-02 16:58 --------- d-----w C:\Program Files\Activision
2008-01-22 15:31 --------- d-----w C:\Program Files\Teach2000
2008-01-21 22:18 --------- d-----w C:\Program Files\DivX
2008-01-18 16:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-10 07:41 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-12 22:26 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( [email protected]_18.49.35,61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-15 07:50:54 67,584 ----a-w C:\Windows\bootstat.dat
+ 2008-03-15 17:53:14 67,584 ----a-w C:\Windows\bootstat.dat
- 2008-03-15 17:06:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-15 18:08:24 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-15 07:52:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-15 17:54:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-15 17:54:48 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-15 17:46:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-15 17:55:14 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-15 07:52:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-15 17:54:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-15 17:54:43 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-15 17:12:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-03-15 17:58:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
- 2008-03-15 17:12:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-15 17:58:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-15 17:12:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-15 17:58:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-15 07:57:20 104,570 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-15 17:59:38 104,570 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-15 07:57:21 123,636 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-03-15 17:59:39 123,636 ----a-w C:\Windows\System32\perfc013.dat
- 2008-03-15 07:57:21 612,848 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-15 17:59:39 612,848 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-15 07:57:21 692,336 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-03-15 17:59:39 692,336 ----a-w C:\Windows\System32\perfh013.dat
- 2008-03-15 07:53:48 9,550 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4015739630-3192811137-1066030499-1000_UserData.bin
+ 2008-03-15 17:55:08 9,566 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4015739630-3192811137-1066030499-1000_UserData.bin
- 2008-03-15 07:53:48 65,602 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-15 17:55:08 65,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-15 07:53:46 46,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-15 17:55:06 46,800 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 08:41 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=""
"eRecoveryService"=""
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-12 22:59 1006264]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Trust Gaming mouse"="C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2005-06-13 18:17 249856]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 07:21 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 07:21 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 07:21 8429568]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-18 21:28:25 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20415DD2-3993-4AE4-9FE6-74AE0F20AAB3}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0794A8CE-B631-4B5E-86F4-4C02AD148390}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{DFAD2593-1AA6-48DC-9D20-B08966C5C813}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A9CE1EA-2396-41FD-997F-849BB8D76F56}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{7B53CD19-58C3-46A3-8DCA-0C28FE714C22}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{5E314730-7F91-4291-A008-019D38479373}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0DD82BC9-687A-460A-82D3-46FA338528AA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DA27D130-3A31-4E3A-B19C-0FFDB864BB05}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6AC89EBE-8C6A-478A-A83B-3A497569F2F1}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{15F98176-D853-42C8-8930-8EE02C0E943C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{68537384-E21A-48F0-86FE-B13402A0E979}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{F148EC8C-8FAC-4AC8-8962-F5966D7F344E}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{EDCE3643-5315-4BD1-8365-020C4354A4F5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{54C8A972-0F66-4ACD-A31F-C497CBE519B4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{46778FBF-7A5C-47C3-95E3-24702EEC2689}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{FA8326F5-88BD-41C2-8CD4-67C8CC8E3F8B}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0123E671-86EF-48CB-A0A4-6812A7ECD6FD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 21:36]
R3 GMFilter Filter;GMFilter Filter;C:\Windows\system32\Drivers\GMFilter.sys [2005-06-10 18:06]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 08:30]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e1ca5f-a914-11dc-a9ee-806e6f6e6963}]
\shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc84953-c1b3-11dc-836f-001921ee9e25}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-14 19:03:50 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Fam. Hoogervorst.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 19:21:17
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

LVPrcSrv.exe [23952]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-03-15 19:22:02
ComboFix-quarantined-files.txt 2008-03-15 18:21:59
ComboFix2.txt 2008-03-15 17:50:00
.
2008-03-14 15:41:11 --- E O F ---

Alles goed neem ik aan

OKe dan is het verholpen bedankt...

Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.