Eerst het probleem: hoe ik eraan geraakt ben weet ik niet.

ongeldig dingen wel tientallen keren "globalroot\systemroot\system32\een hoop letters"
Virusscanner wou niet meer scannen , tientallen keren moeten klikken om in mijn pc te raken, systeem-herstelpunten allemaal foetsie.

Nu heb ik Combofix gedraaid en word aangeraden achteraf het logbestand eens na te laten zien, met deze post ik het hier in de hoop dat er iemand kan en wil naar kijken, alvast bedankt. (momenteel ondervind ik geen problemen meer op deze pc)

Een hele boterham :

ComboFix 09-07-07.A2 - monne 08/07/2009 2:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3071.2026 [GMT 2:00]
Gestart vanuit: c:\users\monne\Downloads\firefox\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2231609089-1027489128-2879215587-500
c:\programdata\Microsoft\Network\Downloader\qmgr0. dat
c:\programdata\Microsoft\Network\Downloader\qmgr1. dat
c:\windows\system32\drivers\hjgruivmmeibod.sys
c:\windows\system32\hjgruibnqexoxr.dat
c:\windows\system32\hjgruieoxebpif.dll
c:\windows\system32\hjgruirciypyke.dll
c:\windows\system32\hjgruixikffqrq.dat

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruithlsprxj


(((((((((((((((((((( Bestanden Gemaakt van 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))))
.

2009-07-08 00:42 . 2009-07-08 00:42 -------- d-----w- c:\users\monne\AppData\Local\temp
2009-07-07 23:25 . 2009-07-07 23:25 -------- d-----w- c:\users\monne\AppData\Roaming\Malwarebytes
2009-07-07 23:24 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-07 23:24 . 2009-07-07 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-07 23:24 . 2009-07-07 23:24 -------- d-----w- c:\programdata\Malwarebytes
2009-07-07 23:24 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 22:11 . 2009-07-07 22:11 -------- d-----w- c:\programdata\WindowsSearch
2009-07-07 19:59 . 2009-06-25 21:16 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707. 001\Scxpx86.dll
2009-07-07 19:59 . 2009-06-25 21:16 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707. 001\IDSxpx86.dll
2009-07-07 19:59 . 2009-06-25 21:16 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707. 001\IDSviA64.sys
2009-07-07 19:59 . 2009-06-25 21:16 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707. 001\IDSvix86.sys
2009-07-07 19:59 . 2009-06-25 21:16 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707. 001\IDSXpx86.sys
2009-07-07 19:57 . 2009-07-07 19:57 -------- d-----w- c:\windows\system32\drivers\NIS
2009-07-07 19:57 . 2009-07-07 19:58 -------- d-----w- c:\program files\Norton Internet Security
2009-07-07 19:56 . 2009-07-07 19:56 -------- d-----w- c:\program files\NortonInstaller
2009-07-07 17:51 . 2009-07-07 17:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-07 17:51 . 2009-07-07 19:21 -------- d-----w- c:\users\monne\AppData\Roaming\SUPERAntiSpyware.co m
2009-07-07 17:51 . 2009-07-07 19:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-07 14:12 . 2009-07-07 14:12 -------- d-----w- c:\windows\MSSecurityNS
2009-07-07 14:12 . 2009-07-07 14:12 -------- d-----w- c:\windows\MSSecurityNi
2009-07-07 13:46 . 2009-07-07 13:48 -------- d-----w- c:\program files\QuickTime
2009-07-07 13:46 . 2009-07-07 13:46 -------- d-----w- c:\programdata\Apple Computer
2009-07-07 13:45 . 2009-07-07 13:45 -------- d-----w- c:\users\monne\AppData\Local\Apple
2009-07-07 13:45 . 2009-07-07 13:45 -------- d-----w- c:\program files\Apple Software Update
2009-07-07 13:45 . 2009-07-07 13:45 -------- d-----w- c:\programdata\Apple
2009-07-07 10:46 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-07-07 10:46 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-07-07 08:00 . 2009-07-07 08:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\NAVENG.SYS
2009-07-07 08:00 . 2009-07-07 08:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\NAVEX15.SYS
2009-07-07 08:00 . 2009-07-07 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\EECTRL.SYS
2009-07-07 08:00 . 2009-07-07 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\ECMSVR32.DLL
2009-07-07 08:00 . 2009-07-07 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\CCERASER.DLL
2009-07-07 08:00 . 2009-07-07 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\NAVENG32.DLL
2009-07-07 08:00 . 2009-07-07 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\NAVEX32A.DLL
2009-07-07 08:00 . 2009-07-07 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 7.003\ERASER.SYS
2009-07-06 21:18 . 2009-07-06 21:18 -------- d-----w- c:\users\monne\AppData\Roaming\GrabIt
2009-07-06 16:19 . 2009-07-06 17:42 -------- d-----w- c:\users\monne\adobe
2009-07-06 15:20 . 2009-07-06 15:20 -------- d-----w- c:\program files\Jalbum
2009-07-06 14:48 . 2009-07-06 14:48 -------- d-----w- c:\program files\DeskPins
2009-07-06 14:43 . 2009-07-06 14:43 -------- d-----w- c:\users\monne\AppData\Roaming\Anthropics
2009-07-06 14:43 . 2009-07-06 14:43 -------- d-----w- c:\program files\Portrait Professional Max 6
2009-07-06 12:20 . 2009-07-07 14:50 -------- d-----w- c:\programdata\FLEXnet
2009-07-06 12:12 . 2009-07-06 12:12 -------- d-----w- c:\program files\Common Files\Micro Application Shared
2009-07-06 12:10 . 2009-07-06 12:10 45056 ----a-r- c:\users\monne\AppData\Roaming\Microsoft\Installer \{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2009-07-06 12:07 . 2009-07-06 12:07 -------- d-----w- c:\users\monne\AppData\Local\Micro Application
2009-07-06 12:05 . 2009-07-06 12:05 8854 ----a-r- c:\users\monne\AppData\Roaming\Microsoft\Installer \{98E691C8-A4FD-4770-983A-0F0603F0C37E}\UNINST_Uninstall_P_98E691C8A4FD47709 83A0F0603F0C37E.exe
2009-07-06 12:05 . 2009-07-06 12:05 57344 ----a-r- c:\users\monne\AppData\Roaming\Microsoft\Installer \{98E691C8-A4FD-4770-983A-0F0603F0C37E}\NewShortcut11_98E691C8A4FD4770983A0F 0603F0C37E.exe
2009-07-06 12:05 . 2009-07-06 12:05 57344 ----a-r- c:\users\monne\AppData\Roaming\Microsoft\Installer \{98E691C8-A4FD-4770-983A-0F0603F0C37E}\NewShortcut1_98E691C8A4FD4770983A0F0 603F0C37E.exe
2009-07-06 12:05 . 2009-07-06 12:05 10134 ----a-r- c:\users\monne\AppData\Roaming\Microsoft\Installer \{98E691C8-A4FD-4770-983A-0F0603F0C37E}\ARPPRODUCTICON.exe
2009-07-06 12:01 . 2009-07-06 12:12 -------- d-----w- c:\program files\Easy Computing
2009-07-06 11:43 . 2009-07-06 11:43 -------- d-----w- c:\users\monne\AppData\Roaming\VanDale
2009-07-06 10:37 . 2009-07-06 10:37 -------- d-----w- c:\programdata\ALM
2009-07-06 10:18 . 2009-07-06 10:18 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-06 09:10 . 2002-02-28 13:51 92208 ----a-w- c:\windows\system32\WING.DLL
2009-07-06 09:10 . 2002-02-28 13:51 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2009-07-06 09:10 . 2002-02-28 13:51 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2009-07-06 09:10 . 2009-07-06 11:41 -------- d-----w- C:\DFH
2009-07-06 09:01 . 2009-07-06 09:01 -------- d-----w- C:\VanDale
2009-07-06 08:58 . 1997-05-29 14:25 315904 ----a-w- c:\windows\IsUn0413.exe
2009-07-06 08:50 . 2008-08-06 01:50 614400 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresNLD.dll
2009-07-06 08:50 . 2008-08-06 01:50 614400 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresITA.dll
2009-07-06 08:50 . 2008-08-06 01:50 589824 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresJPN.dll
2009-07-06 08:50 . 2008-08-06 01:50 614400 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresFRA.dll
2009-07-06 08:50 . 2008-08-06 01:50 614400 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresESN.dll
2009-07-06 08:50 . 2008-08-06 01:50 606208 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresENU.dll
2009-07-06 08:50 . 2008-07-10 06:10 186864 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\rsl.dll
2009-07-06 08:50 . 2008-08-05 13:42 4717040 ----a-r- c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe
2009-07-06 08:50 . 2009-07-06 08:50 -------- d-----w- c:\programdata\Uninstall
2009-07-06 08:40 . 2009-07-06 08:40 -------- d-----w- c:\programdata\InstallShield
2009-07-06 08:37 . 2009-07-06 08:40 -------- d-----w- c:\programdata\Roxio
2009-07-06 08:37 . 2009-07-06 08:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-06 08:34 . 2009-07-06 08:46 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-06 08:34 . 2009-07-06 08:43 -------- d-----w- c:\program files\Roxio Creator 2009
2009-07-06 08:33 . 2009-07-06 08:33 -------- d-----w- c:\programdata\eSellerate
2009-07-06 08:33 . 2009-07-06 08:49 -------- d-----w- c:\programdata\SmartSound Software Inc
2009-07-06 08:33 . 2009-07-06 08:33 -------- d-----w- c:\program files\SmartSound Software
2009-07-06 08:31 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-07-06 08:27 . 2009-07-06 08:27 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-06 07:45 . 2009-07-06 16:16 -------- d-----w- c:\users\monne\homepage
2009-07-06 07:34 . 2009-07-06 07:34 335 ----a-w- c:\windows\mozregistry.dat
2009-07-06 07:34 . 2009-07-06 07:34 -------- d-----w- c:\users\monne\AppData\Roaming\Thunderbird
2009-07-06 07:34 . 2009-07-06 07:34 -------- d-----w- c:\program files\Qualcomm
2009-07-06 07:34 . 2009-07-06 07:34 -------- d-----w- c:\program files\Netscape
2009-07-06 07:34 . 2009-07-06 07:34 9728 ----a-w- c:\windows\system32\rnaph.dll
2009-07-06 05:18 . 2009-07-07 19:19 -------- d-----w- c:\users\monne\AppData\Roaming\FileZilla
2009-07-06 05:18 . 2009-07-06 05:18 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-06 04:56 . 2009-07-06 04:56 -------- d-----w- c:\program files\MiniMind
2009-07-06 04:55 . 2009-07-06 04:55 -------- d-----w- c:\users\monne\AppData\Roaming\vlc
2009-07-06 04:54 . 2009-07-06 04:54 -------- d-----w- c:\program files\VideoLAN
2009-07-06 04:45 . 2009-07-06 04:45 -------- d-----w- c:\users\monne\AppData\Roaming\IObit
2009-07-06 04:45 . 2009-07-06 04:45 -------- d-----w- c:\program files\IObit
2009-07-06 04:44 . 2009-07-06 04:44 -------- d-----w- c:\program files\CCleaner
2009-07-06 04:42 . 2009-07-06 04:42 -------- d-----w- c:\program files\SyncToy 2.0
2009-07-06 04:36 . 2009-07-06 14:45 -------- d-----w- c:\program files\FTDv3.8
2009-07-06 04:19 . 2009-07-06 04:29 -------- d-----w- c:\users\monne\Tracing
2009-07-06 04:15 . 2009-07-06 04:15 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-06 04:15 . 2009-02-06 16:08 55280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-07-06 04:14 . 2009-07-06 04:14 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-06 04:12 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-06 04:12 . 2009-07-06 04:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-06 04:09 . 2009-07-06 04:15 -------- d-----w- c:\program files\Microsoft
2009-07-06 04:09 . 2009-07-06 04:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-06 04:09 . 2009-07-06 04:15 -------- d-----w- c:\program files\Windows Live
2009-07-06 04:04 . 2009-07-06 04:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-06 03:56 . 2009-07-06 03:56 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-07-06 03:34 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-06 03:34 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-07-06 03:34 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-07-06 03:34 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-07-06 03:34 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-07-06 03:34 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-07-06 03:34 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2009-07-06 03:34 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2009-07-06 03:34 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2009-07-06 03:34 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-07-06 03:33 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-07-06 03:33 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-07-06 03:33 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-07-06 03:33 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-07-06 03:33 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-07-06 03:12 . 2009-07-06 03:12 -------- d-----w- C:\PerfLogs
2009-07-06 02:41 . 2008-01-19 07:42 227896 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-07-06 02:40 . 2008-01-19 07:41 24120 ----a-w- c:\windows\system32\BOOTVID.DLL
2009-07-06 02:39 . 2008-01-19 07:36 15360 ----a-w- c:\windows\system32\rasctrs.dll
2009-07-06 02:38 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-07 19:59 . 2007-09-18 13:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 19:58 . 2009-07-07 19:58 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-07 19:58 . 2009-07-07 19:58 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-07 19:58 . 2009-07-07 19:58 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-07 19:58 . 2009-07-07 19:58 -------- d-----w- c:\program files\Symantec
2009-07-07 19:58 . 2009-07-07 19:58 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-07-07 19:58 . 2009-07-07 19:58 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-07 19:58 . 2009-07-07 19:58 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-07 19:58 . 2009-07-07 19:58 546160 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn. dll
2009-07-07 19:58 . 2009-07-07 19:58 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-07 19:58 . 2009-07-07 19:58 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
2009-07-06 14:57 . 2007-09-18 21:59 667114 ----a-w- c:\windows\system32\perfh013.dat
2009-07-06 14:57 . 2007-09-18 21:59 126648 ----a-w- c:\windows\system32\perfc013.dat
2009-07-06 14:36 . 2009-07-06 14:36 -------- d-----w- c:\windows\Fonts\Fonts
2009-07-06 12:27 . 2007-09-18 13:07 -------- d-----w- c:\program files\Google
2009-07-06 12:12 . 2007-09-18 12:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 11:33 . 2007-09-18 13:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 08:47 . 2007-09-18 12:53 -------- d-----w- c:\programdata\Sonic
2009-07-06 08:44 . 2007-09-18 12:53 -------- d-----w- c:\program files\Roxio
2009-07-06 08:39 . 2007-09-18 12:53 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-06 08:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-06 08:37 . 2007-09-18 12:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-06 08:32 . 2009-07-06 08:32 10134 ----a-r- c:\users\monne\AppData\Roaming\Microsoft\Installer \{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2009-07-06 03:39 . 2007-09-18 13:02 -------- d-----w- c:\program files\Microsoft Works
2009-07-06 03:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-06 03:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-06 03:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-06 03:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-06 03:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-06 02:51 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-06 02:51 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-06 01:27 . 2009-07-06 01:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-07-06 01:06 . 2007-09-18 13:07 -------- d-----w- c:\programdata\Symantec
2009-07-06 00:06 . 2009-07-06 00:06 551424 ----a-w- c:\windows\system32\rpcss.dll
2009-07-05 23:51 . 2007-09-18 12:52 -------- d-----w- c:\programdata\HP
2009-07-05 23:01 . 2007-09-18 12:40 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-05 22:47 . 2009-07-05 22:47 -------- d-----w- c:\users\monne\AppData\Roaming\Hewlett-Packard
2009-07-05 22:46 . 2009-07-05 22:46 1889 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_GU510AA-B14 m9060.be_YC_0Pavi_QCZX740_E74NLv3PrA2_49_IBerkeley _SASUSTeK Computer INC._V1.xx_B5.08_T070816_WUH0_L413_M3071_J320_7Int el_8Core2 Quad Q6600_92.39_#071113_N8086294C_Z_G10DE0421.MRK
2009-07-05 22:42 . 2009-07-05 22:42 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-05 22:42 . 2009-07-05 22:42 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-05 22:42 . 2009-07-05 22:42 -------- d-sh--we c:\programdata\Sjablonen
2009-07-05 22:42 . 2009-07-05 22:42 -------- d-sh--we c:\programdata\Menu Start
2009-07-05 22:42 . 2009-07-05 22:42 -------- d-sh--we c:\programdata\Favorieten
2009-07-05 22:42 . 2009-07-05 22:42 -------- d-sh--we c:\programdata\Documenten
2009-07-05 22:42 . 2009-07-05 22:42 -------- d-sh--we c:\programdata\Bureaublad
2009-06-25 21:16 . 2009-07-07 19:58 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-06-25 21:16 . 2009-07-07 19:58 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-06-25 21:16 . 2009-07-07 19:58 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-06-25 21:16 . 2009-07-07 19:58 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-06-25 21:16 . 2009-07-07 19:58 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2007-11-14 14:22 . 2009-07-05 23:29 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2007-09-18 22:16 . 2007-09-18 22:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\users\monne\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2009-7-6 262144]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-528467043-2937784485-3628053106-1001]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{DE642749-01B6-4FC2-8B15-6A74F7173769}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{20AF0041-6FA3-4DE1-86BF-27F2F7FD16C4}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{DB36053B-F0BC-4179-91A0-8B755E4ECA4F}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{4E3444E5-27E9-43E7-AC6B-93F74FE6AB9C}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{13454464-D1F8-4323-9E59-314D00E502C5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{41B27A3A-8688-41DF-A757-561B4FC5574E}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{15D4E102-7FDB-4F40-829B-4652E288E46A}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{7685D255-C159-4760-8696-88B18F67B360}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{0E8F501C-C677-4F38-A4D0-BFE211C92FD0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA4D63EF-0430-4CD3-9379-81C4731D8C88}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6EA27533-2A8C-48B9-90E0-A17E9B1FC740}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{644E464F-9775-4740-85D8-74D5BD3C0377}"= UDP:5353:Adobe CSI CS4
"{99E26A73-5340-4C18-B2C2-3269D938B2D9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{91E37325-2E27-4764-A044-F1F3D42B3FA3}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{C64B6B8F-D3FB-4BE2-B343-F34A58CDD66A}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E5841286-2AEB-4242-9F70-F907F39C4B65}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{DCB81FC4-A8F4-4F73-A9FF-FEABE7B78CAE}"= UDP:c:\windows\services.exe:services.exe
"{39B41C5F-31AB-4E20-AE07-F29FA1D2CE23}"= TCP:c:\windows\services.exe:services.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000 .07D\SymEFA.sys [7/07/2009 21:58 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D \BHDrvx86.sys [7/07/2009 21:58 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.0 7D\ccHPx86.sys [7/07/2009 21:58 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707. 001\IDSvix86.sys [7/07/2009 21:59 292912]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [3/09/2006 10:32 208896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [18/09/2007 15:00 198240]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [7/07/2009 21:58 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/07/2009 10:00 101936]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [18/09/2007 14:47 968064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [26/02/2008 9:17 493568]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\ 1000000.07D\symndisv.sys [7/07/2009 21:58 40496]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 9:13 29696]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 0:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 0:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 0:24 170480]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [6/07/2009 6:15 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 0:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [14/08/2008 0:23 1124848]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-07-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-06 07:22]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://breedband.telenet.be
mWindow Title = Telenet Internet
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\monne\AppData\Roaming\Mozilla\Firefox\Pro files\511nfny2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 02:42
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Voltooingstijd: 2009-07-08 2:43
ComboFix-quarantined-files.txt 2009-07-08 00:43

Pre-Run: 183.521.538.048 bytes beschikbaar
Post-Run: 183.549.186.048 bytes beschikbaar

394 --- E O F --- 2009-07-07 11:36

Hoi Monne,

Ik ga je log behandelen.
Omdat ik nog in opleiding ben, zal ik eerst mijn fixes moeten laten controleren door de professionals hier ;)

Graag vraag ik je geduld hiervoor.

Mvg,
Tom

Hoi,

Ten eerste wil ik je even waarschuwen dat het zéér gevaarlijk is Combofix te gebruiken, zonder je aan de richtlijnen te houden die een helper je kan geven. Gebruik Combofix dus alleen als wij daarom vragen.

Volg even dit stappenplan om de nieuwste versie van HijackThis te installeren:


Download de HijackThis setup (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) naar je bureaublad.
Dubbelklik op het pictogram om de installatie te starten.
Zorg dat HijackThis in een eigen map wordt geïnstalleerd. Standaard is dit C:\Program Files\Trend Micro\HijackThis.
Rond de installatie af.



Start HijackThis op, en kies voor Do a system scan and save a logfile
Plaats de inhoud van de log die opent in je volgende bericht.

Mvg,
Tom

Van harte bedankt voor de snelle reactie, kan deze stap pas zondag avond uitvoeren (ben pas dan terug thuis) en plaats dan direct het HijackThis logje.

Combofix heb ik gebruikt omdat iemand met een gelijkaardig probleem ermee geholpen was,
de gebruiksaanwijzing heb ik degelijk doorgelopen en daar stond dan bij het logbestand te laten controleren wat ik dan met deze gedaan heb.

Sorry dat ik het op eigen houtje gebruikte.

Prima Monne,
Ik wacht rustig af.

Wat betreft Combofix,
Kan gebeuren. De volgende keer echter niet meer doen zonder advies van een helper.
Verkeerd gebruik kan je computer namelijk schade aanbrengen. Maargoed, voor één keer zal ik het door de vingers zien ;)

Was even thuis en heb dit verslagje :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:59, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.09/uploader2.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

--
End of file - 9853 bytes

Hoi Monne,

Maak je gebruik van een PC van het merk HP?

Mvg,
Tom

Inderdaad, het juiste type is Elite m9060

Edit:
Zie hieronder.

Hoi Monne,

Start Malwarebytes' Anti-Malware


Open het tabblad Update en klik op Controleer op updates.
Wacht tot de update voltooid is, en sluit MBAM.

Start je PC op in Veilige Modus. Lees hier (http://www.pchelper.nl/forum/index.php?showtopic=18078) hoe dat moet.

Open MBAM en doe het volgende:


Ga naar het tabblad Scanner, kies hier voor Volledige Scan
Druk vervolgens op Scannen om de scan te starten.
Het scannen kan een tijdje duren dus wees geduldig.
Wanneer de scan voltooid is klik op OK, daarna Bekijk Resultaten om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.


Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de Logs tab te klikken in het programma.
Plaats dat in je volgende bericht.

Super bedankt voor de snelle reactie, ga daar zondagavond mee aan de slag, ha ja ook bedankt dat je het door de vingers zag dat ik combomix op eigen houtje gebruikte.

Heb het bovenstaande uitgevoerd, zonder dat er iets moest verwijderd worden,
hieronder het log bestand :

Malwarebytes' Anti-Malware 1.38
Database versie: 2412
Windows 6.0.6001 Service Pack 1

12/07/2009 20:40:31
mbam-log-2009-07-12 (20-40-31).txt

Scan type: Volledige Scan (C:\|E:\|)
Objecten gescand: 406301
Verstreken tijd: 38 minute(s), 38 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Hoi Monne,

Zou je me nog een keer kunnen vertellen of je nog problemen hebt,
en zo ja, wat die problemen zijn?

Dit verscheen op mijn computer in een venster : "globalroot\systemroot\system32\hjgruirciypike.dll" en telkens ik het wegklikte opnieuw met weer andere letters .dll
tot wel bij de honderd keer, virusscanner liep vast en nam ineens 30 % gebruik in beslag.
Op een zeker moment zei windows dat mijn versie illegaal was, terug activeren lukte niet, office daarentegen wel.
Enfin na herhaaldelijk proberen slaagde ik erin combofix (wat ik op eigen houtje gedaan heb; sorry daarvoor) te installeren en in veilige modus te draaien, na dan terug een 100 tal keren die vensters met "globalroot\systemroot\system32\........dll" is geen geldig windows bestand weggeklikt te hebben slaagde het programma erin te scannen, vond een 4 zaken en herstelde ze.
Probleem is blijkbaar opgelost.

Ik vermoed sterk dat ik dat opgelopen heb met Nik software een plug-in voor Photoshop welke ik op een niet zo koosjer gekregen heb.
Het programma staat nog steeds in de plug-ins , het werkt, heb wel sterk de indruk dat Photoshop nu mijn foto's een pak trager laad.
Verder werkt de pc nu volledig zoals gewenst.

Ik vermoed sterk dat ik dat opgelopen heb met Nik software een plug-in voor Photoshop welke ik op een niet zo koosjer gekregen heb.
Het programma staat nog steeds in de plug-ins , het werkt, heb wel sterk de indruk dat Photoshop nu mijn foto's een pak trager laad.
Verder werkt de pc nu volledig zoals gewenst.

Verwijder dan die plug-in eens, doe een volledige scan met een geupdate MBAM en post deze log samen met een nieuw HijackTis log. Tommiiee zal deze dan analyseren voor jou.

Nu het probleem met Photoshop is opgelost- OpenGL stond ingeschakeld - heb het uitgeschakeld en Photoshop werk zoals het moet of toch zoals ik het wou.

Plaats hierbij dan nog eens een hijackthis log bestand, maar denk dat er geen probleem meer is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:19, on 13/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.09/uploader2.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

--
End of file - 9844 bytes

Hoi Monne ;)

Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator".
Kies voor 'Do a system scan only'.
Vink alleen de onderstaande, vetgedrukte items hieronder aan:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Sluit alle vensters behalve Hijackthis.
Klik op 'Fix checked' om de items te verwijderen.

Voor de rest is je log schoon :)

Lees alvast deze preventie pagina (http://users.telenet.be/bluepatchy/miekiemoes/preventie.html) met info en tips hoe dit in de toekomst te voorkomen.
En lees deze pagina (http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html) om je computer terug te optimaliseren na het verwijderen van malware.

Extra nota: Zorg ervoor dat je programma's up to date zijn - want oudere versies kunnen Security Leaks bevatten. Om na te gaan welke programma's je moet updaten, voer de Secunia Software Inspector Scan (http://secunia.com/software_inspector/) uit.

Doe ook nog het volgende:

Systeemherstelpunten verwijderen.
Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
Klik onderaan op "Systeembeveiliging".
Haal het vinkje voor "Lokaal Station" weg.
Klik "systeemherstel uitschakelen".
Start de pc opnieuw op.
Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
Klik weer op "Systeembeveiliging"
Vink het vakje voor "Lokaal Station" aan.
Klik "Toepassen".
Klik "OK".
Er is nu een nieuw schoon herstel punt aangemaakt.

Mvg,
Tom

Een paar dagjes later ... hartelijk bedankt.

Graag gedaan ;)

Doe ook nog even dit:
Ga naar start --> uitvoeren.
Typ Combofix /u.
Combofix wordt nu gedeïnstalleerd.

Mvg,
Tom

Was al gedeïnstalleerd.
Hopelijk moet ik geen beroep meer op jou doen,
ga in de toekomst wel wat beter opletten met dingen die ik krijg of te pakken kan hebben.

Nogmaals bedankt en een fijn week-einde.

Prima ;)