Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

gidvnprs.dll

None
28 antwoorden
  • In de afgelopen tijd nogal wat problemen gehad. Diverse malen computer moeten herinrichten enz.

    Laatste grote probleem: malware, zoals Vundo, errosafe en downloader, die regelmatig terugkeerden, maar wel werden gevonden door Norton. Na gebruik van o.a hitmanpro lijkt mijn computer nu vrij van deze troep. Ze komen tenminste niet meer naar voren.

    Blijft er nog een probleempje over. Krijg bij het opstarten de melding, dat het bestand [u:ea6b6ef5d5][b:ea6b6ef5d5]gidvnprs.dll [/b:ea6b6ef5d5][/u:ea6b6ef5d5]niet gevonden wordt en dus niet kan worden opgestart. Heb gezocht naar de naam van dit bestand, maar kom het nergens tegen. Geprobeerd om het uit het register te verwijderen, zowel handmatig als m.b.v. cccleaner, maar het komt steeds weer terug.

    Heeft iemand een idee hoe ik dit laatste probleempje ook kan oplossen?

    Bij voorbaat dank

    Peter
  • Kijk eens met startupcpl. http://www.mlin.net/StartupCPL.shtml
  • [quote:d5d2cb2add]Kijk eens met startupcpl. http://www.mlin.net/StartupCPL.shtml[/quote:d5d2cb2add]

    Dank je voor de tip. Helaas werkt dit niet. Vrijwel onmiddellijk, nadat ik de verwijzing heb verwijderd of uitgeschakeld, staat hij er weer opnieuw in.

    Het gaat overigens om de volgende verwijzing:
    [quote:d5d2cb2add]rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow[/quote:d5d2cb2add]
  • Dan is er nog iets anders actief. Denk dat je het beste even een hijackthis log kunt plaatsen.
  • Bij deze het logfile van HjackThis. Suggesties zijn van harte welkom!

    Logfile of HijackThis v1.99.1
    Scan saved at 19:15:23, on 8-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    C:\PROGRA~1\RVS\WCOM\SYSTEM\ADBSERV.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\RVSRmd.exe
    C:\Program Files\RVS\WCOM\SYSTEM\CCSRV.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Downloads\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.petersantbergen.tk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {ACAC634E-01B0-4355-82E4-3CF94474CE17} - C:\WINDOWS\system32\ddcca.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ilbqxqtj.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKCU\..\RunOnce: [CommCenter] "C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NU.nl Nieuwslezer.lnk = H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    O23 - Service: RvscomSv - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Wacht even op een specialist, maar volgens mij zie ik zo al een vundo infectie.
    http://www.spywaredata.com/spyware/malware/ddcca.dll.php
    Deze vertrouw ik ook niet: ilbqxqtj.dll
  • Hallo Peter,

    Vundo is inderdaad nog actief.
    Probeer dit even:
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Alvast bedankt voor je reactie.

    ComboFix 07-08-09.3 - "Peter Santbergen" 2007-08-09 16:34:08.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.348 [GMT 2:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\accdd.bak1
    C:\WINDOWS\system32\accdd.bak2
    C:\WINDOWS\system32\accdd.ini
    C:\WINDOWS\system32\accdd.ini2
    C:\WINDOWS\system32\accdd.tmp
    C:\WINDOWS\system32\ilbqxqtj.dll
    C:\WINDOWS\system32\system
    C:\WINDOWS\system32\system\msxml4.dll
    C:\WINDOWS\system32\system\msxml4r.dll


    ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


    2007-08-09 16:33 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-08 22:09 159,744 –a—— C:\WINDOWS\system32\hasher.dll
    2007-08-08 22:09 <DIR> d——– C:\Program Files\Trisnap Technologies
    2007-08-08 16:36 <DIR> dr-h—– C:\DOCUME~1\PETERS~1\Onlangs geopend
    2007-08-08 16:33 <DIR> d——– C:\Program Files\CCleaner
    2007-08-07 21:06 <DIR> d——– C:\DOCUME~1\PETERS~1\Phone Browser
    2007-08-07 17:24 22,080 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-08-07 17:24 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-08-07 17:24 20,544 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-08-07 17:24 144,960 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-08-07 17:24 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
    2007-08-07 17:23 164 –a—— C:\install.dat
    2007-08-07 17:23 <DIR> d——– C:\Program Files\Webroot
    2007-08-07 17:23 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-08-07 17:23 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Webroot
    2007-08-07 17:23 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
    2007-08-07 16:24 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-08-07 16:23 <DIR> d——– C:\Program Files\Hitman Pro
    2007-08-07 14:33 <DIR> d——– C:\WINDOWS\pss
    2007-08-06 21:34 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Verzendmap van Share-to-Web
    2007-08-06 20:40 <DIR> d——– C:\Program Files\Windows Defender
    2007-08-06 17:23 574,508 –a—— C:\WINDOWS\system32\trdrwlub.exe
    2007-08-06 16:24 <DIR> dr-h—– C:\DOCUME~1\LOCALS~1\Onlangs geopend
    2007-08-06 16:23 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-07-30 12:17 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-07-30 10:29 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-30 09:48 <DIR> d——– C:\Program Files\Lavasoft
    2007-07-30 09:48 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Lavasoft
    2007-07-29 23:54 <DIR> d——– C:\Program Files\Microsoft Works
    2007-07-29 23:53 <DIR> d——– C:\WINDOWS\SHELLNEW
    2007-07-29 23:53 <DIR> d——– C:\Program Files\Microsoft.NET
    2007-07-29 21:07 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    2007-07-29 21:06 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-07-28 20:49 <DIR> d——– C:\DOCUME~1\PETERS~1\Contacts
    2007-07-28 20:47 <DIR> d——– C:\Program Files\MSN Messenger
    2007-07-28 17:42 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Nokia Multimedia Player
    2007-07-28 17:39 4,194,304 –a—— C:\DOCUME~1\PETERS~1
    tuser.dat
    2007-07-28 17:39 1,310,720 –a—— C:\DOCUME~1\LOCALS~1
    tuser.dat
    2007-07-28 17:26 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Nokia
    2007-07-28 17:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    2007-07-28 17:25 90,624 –a—— C:\WINDOWS\system32
    mwcdcls.dll
    2007-07-28 17:25 <DIR> d——– C:\Program Files\PC Connectivity Solution
    2007-07-28 17:25 <DIR> d——– C:\Program Files\Nokia
    2007-07-28 17:25 <DIR> d——– C:\Program Files\DIFX
    2007-07-28 17:25 <DIR> d——– C:\Program Files\Common Files\PCSuite
    2007-07-28 17:25 <DIR> d——– C:\Program Files\Common Files\Nokia
    2007-07-28 17:25 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\PC Suite
    2007-07-28 17:24 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    2007-07-28 17:23 8,192 –a–c— C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-07-28 17:23 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-07-28 17:23 28,160 –a–c— C:\WINDOWS\system32\dllcache\irmon.dll
    2007-07-28 17:23 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-07-28 17:23 154,112 –a–c— C:\WINDOWS\system32\dllcache\irftp.exe
    2007-07-28 17:23 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-07-28 11:46 53,760 –a—— C:\WINDOWS\system32\drivers\i8042prt.sys
    2007-07-27 12:08 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    2007-07-27 12:08 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Verzendmap van Share-to-Web
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\TMF
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Nu.nl
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
    2007-07-27 11:16 1,048,576 –ah—– C:\DOCUME~1\ADMINI~1
    tuser.dat
    2007-07-27 11:16 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-07-27 11:16 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-07-27 11:16 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-07-27 11:16 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
    2007-07-27 11:16 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-07-27 11:16 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-07-27 11:16 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-07-26 18:50 <DIR> d——– C:\Program Files\UniPrint
    2007-07-26 18:45 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\ICAClient
    2007-07-26 18:44 <DIR> d——– C:\Program Files\Citrix
    2007-07-26 09:49 54,784 –a—— C:\WINDOWS\system32\INETWH32.DLL
    2007-07-26 09:49 37,136 –a—— C:\WINDOWS\system32\MSJINT35.DLL
    2007-07-26 09:49 368,912 –a—— C:\WINDOWS\system32\VBAR332.DLL
    2007-07-26 09:49 251,664 –a—— C:\WINDOWS\system32\MSRD2X35.DLL
    2007-07-26 09:49 24,336 –a—— C:\WINDOWS\system32\MSJTER35.DLL
    2007-07-26 09:49 233,472 –a—— C:\WINDOWS\system32\ILDA32.DLL
    2007-07-26 09:49 22,528 –a—— C:\WINDOWS\system32\WSC32.DLL
    2007-07-26 09:49 182,784 –a—— C:\WINDOWS\system32\DDAO35.DLL
    2007-07-26 09:49 17,408 –a—— C:\WINDOWS\system32\MIO32.DLL
    2007-07-26 09:49 1,045,776 –a—— C:\WINDOWS\system32\MSJET35.DLL
    2007-07-26 09:49 <DIR> d——– C:\Program Files\Davilex
    2007-07-26 09:49 <DIR> d——– C:\Program Files\Borland
    2007-07-26 09:45 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-26 09:30 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-07-26 08:43 208,896 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-07-26 08:41 750,080 –a—— C:\WINDOWS\system32
    usaver.scr
    2007-07-25 20:59 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\WinRAR
    2007-07-25 20:59 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\GrabIt
    2007-07-25 20:37 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-07-25 20:37 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-07-25 19:43 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Ahead
    2007-07-25 19:42 <DIR> d——– C:\Program Files\Nero
    2007-07-25 19:42 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-07-25 19:11 <DIR> d——– C:\Program Files\FTDv3.7.3
    2007-07-25 18:56 <DIR> d——– C:\WINDOWS\A5W_DATA
    2007-07-25 17:56 <DIR> d——– C:\Program Files\Palm Inc
    2007-07-25 17:40 <DIR> d——– C:\Program Files\Documents To Go


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 21:01 90206 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-08-07 21:01 506504 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-25 10:14 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-07-25 10:14 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-07-25 10:14 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2007-07-03 18:43 132904 –a—— C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-07-03 18:43 11304 –a—— C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-06-27 19:05 972072 –a—— C:\WINDOWS\UNNeroMediaHome.exe
    2007-06-26 14:12 972072 –a—— C:\WINDOWS\UNNeroVision.exe
    2007-06-08 08:11 831048 –a—— C:\WINDOWS\system32\WudfUpdate_01005.dll
    2007-05-16 17:19 86528 —–c— C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 17:19 85504 —–c— C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 17:19 683520 —–c— C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 17:19 510976 —–c— C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 17:19 1314816 —–c— C:\WINDOWS\system32\dllcache\msoe.dll
    2007-05-16 09:18 95864 –a—— C:\WINDOWS\system32\NeroCo.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAC634E-01B0-4355-82E4-3CF94474CE17}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-04-01 02:46]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-11 04:15]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-13 22:39 C:\WINDOWS\SOUNDMAN.EXE]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
    "AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-03-03 16:49]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
    "UniPrint"="C:\Program Files\UniPrint\Client\SetDfltSettings.exe" [2006-08-23 17:26]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "NWEReboot"="" []
    "MemoryManager"="C:\WINDOWS\system32\gidvnprs.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 12:12]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "CommCenter"="C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\Peter Santbergen\Menu Start\Programma's\Opstarten\
    HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-25 10:14:04]
    NU.nl Nieuwslezer.lnk - H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe [2006-11-10 12:30:02]
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-07-25 10:05:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ddcca]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS
    R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
    R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
    R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys
    R2 rvsport;RVS Virtual COM Port;C:\WINDOWS\system32\drivers\rvsport.sys
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
    R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys
    S3 BTHMODEM;Communicatiestuurprogramma voor Bluetooth-modem;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    S3 LMouKE;SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    S3 RvscomSv;RvscomSv;C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bbd6ad6-3b4a-11dc-89d9-487444737531}]
    AutoRun\command- setup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-08-09 07:38:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
    2007-08-07 22:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job
    2007-08-09 07:50:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBF09104-3509-4B8B-8679-0A6355097348}.job - C:\WINDOWS\system32\msfeedssync.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-09 16:37:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-09 16:39:20 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-09 16:39

    — E O F —

    ogfile of HijackThis v1.99.1
    Scan saved at 16:41:38, on 9-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    C:\PROGRA~1\RVS\WCOM\SYSTEM\ADBSERV.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\RVSRmd.exe
    C:\Program Files\RVS\WCOM\SYSTEM\CCSRV.EXE
    C:\WINDOWS\system32\wuauclt.exe
    H:\Downloads\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.petersantbergen.tk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {ACAC634E-01B0-4355-82E4-3CF94474CE17} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKCU\..\RunOnce: [CommCenter] "C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NU.nl Nieuwslezer.lnk = H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: ddcca - C:\WINDOWS\
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    O23 - Service: RvscomSv - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:b78f5aa388]O2 - BHO: (no name) - {ACAC634E-01B0-4355-82E4-3CF94474CE17} - (no file)
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow
    O20 - Winlogon Notify: ddcca - C:\WINDOWS\[/b:b78f5aa388]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Daarna doe je dit:
    Opruiming van cookies en tijdelijke internetbestanden:
    Sluit alle open vensters van Internet Explorer.
    Ga naar Start en klik op "Configuratiescherm" en dubbelklik op "Internet-opties".
    Het venster "Eigenschappen voor Internet" zal openen.
    Ga naar het tabblad "Algemeen".
    Bij "Browsergeschiedenis" klik je op de knop "Verwijderen".
    Een nieuw venster zal open: Browsergeschiedenis verwijderen.
    Klik onderaan op de knop "Alles verwijderen". In het venster dat nu opent plaats je een vinkje bij "Ook bestanden en instellingen die door invoegtoepassingen zijn opgeslagen, verwijderen".
    Klik op Ja.
    Dit verwijdert de tijdelijke internetbestanden, de cookies, de surfgeschiedenis, de opgeslagen informatie die je in formulieren hebt opgegeven en de opgeslagen wachtwoorden die automatisch worden ingevuld als je je aanmeldt bij een website die je eerder hebt bezocht.
    Indien je deze laatste 2 (formuliergegevens en wachtwoorden) liever niet verwijderd, dan klik je niet op alles verwijderen maar enkel op deze:
    - bij Tijdelijke internetbestanden op Bestanden verwijderen.
    - bij Cookies op Cookies verwijderen.
    - bij Geschiedenis op Geschiedenis verwijderen.

    Blokkeer ook nog de indirecte of third party cookies:
    Op het tabblad Privacy klik je op de knop geavanceerd.
    Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
    Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
    Bij Indirecte cookies kies je voor "Blokkeren".
    Klik op OK.
    Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".

    Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
    Sluit alle open vensters.
    Ga naar Start, kies Uitvoeren en tik in: cleanmgr
    Druk daarna op OK en Schijfopruiming zal gestart worden.
    Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is.
    Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
    Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
    - Tijdelijke internetbestanden
    - Prullenbak
    - Tijdelijke bestanden
    Klik daarna op OK.


    Download Dr. Web CureIt.
    Plaats het op je bureaublad.
    [list:b78f5aa388]
    [*:b78f5aa388]Dubbelklik op [b:b78f5aa388]drweb-cureit.exe[/b:b78f5aa388] en sta het programma toe om de express scan te starten. Dit is slechts een korte scan die de bestanden scant die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt zal de vraag gesteld worden 'cure it?'. Klik dan op de knop 'Yes to all'.
    [*:b78f5aa388]Klik op de knop 'Select drives' en zorg dat alle drives geselecteerd zijn om te laten scannen. De drives die gescand gaan worden zijn voorzien van een rood bolletje.
    [*:b78f5aa388]Klik aan de rechterkant op de grote knop met de groene pijl om de scan te starten.
    [*:b78f5aa388]Wanneer een geïnfecteerd bestand gevonden wordt, wordt of de vraag gesteld 'Cure It?' of 'Move?'. Klik in beide gevalle dan op de knop 'Yes to all'.
    [*:b78f5aa388]Wanneer de scan klaar is, kijk je of je het volgende icoontje kan aanklikken Dit staat naast in de onderste helft van programmavenster, links van lijstje (venster) met de geïnfecteerde bestanden. [img:b78f5aa388]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:b78f5aa388]
    [*:b78f5aa388]Indien je dit kan aanklikken, klik je erop, en daarna klik je op het icoontje er net onder en kies je [b:b78f5aa388]Move incurable[/b:b78f5aa388].
    [img:b78f5aa388]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:b78f5aa388]
    Dit zal de bestanden verplaatsen naar de map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden.
    [*:b78f5aa388]Kies in het menu File van Dr. Web CureIt voor 'Save Report List' en sla het logje op, op je bureaublad.
    [*:b78f5aa388]Sluit het programma Dr. Web CureIt af.
    [*:b78f5aa388]Herstart de computer en post het logje.
    [/list:u:b78f5aa388]
  • Hierbij het gevbraagde logje:

    C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modificatie van VBS.Petik
    C:\Program Files\Microsoft Office\OFFICE11\1043 Archief bevat geinfecteerde objecten Verplaatst.
    C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Verwijderd.
    C:\System Volume Information\_restore{1AA73300-E877-43CF-8FED-56F7176C9589}\RP2 Trojan.Virtumod Verwijderd.


    Overigens krijg ik bij het opstarten nog steeds de melding, dat het bestand gidvnprs.dll ontbreekt.

    Groet

    Peter
  • Maak een nieuwe hijackthislog en een nieuwe log met combofix.
    Post beide logjes.
  • Hierbij de gevraagde logs:

    ComboFix 07-08-09.3 - "Peter Santbergen" 2007-08-09 22:07:39.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.487 [GMT 2:00]


    ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


    2007-08-09 17:46 <DIR> d——– C:\DOCUME~1\PETERS~1\DoctorWeb
    2007-08-09 16:33 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-08 22:09 159,744 –a—— C:\WINDOWS\system32\hasher.dll
    2007-08-08 22:09 <DIR> d——– C:\Program Files\Trisnap Technologies
    2007-08-08 16:36 <DIR> dr-h—– C:\DOCUME~1\PETERS~1\Onlangs geopend
    2007-08-08 16:33 <DIR> d——– C:\Program Files\CCleaner
    2007-08-07 21:06 <DIR> d——– C:\DOCUME~1\PETERS~1\Phone Browser
    2007-08-07 17:24 22,080 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-08-07 17:24 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-08-07 17:24 20,544 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-08-07 17:24 144,960 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-08-07 17:24 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
    2007-08-07 17:23 164 –a—— C:\install.dat
    2007-08-07 17:23 <DIR> d——– C:\Program Files\Webroot
    2007-08-07 17:23 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-08-07 17:23 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Webroot
    2007-08-07 17:23 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
    2007-08-07 16:24 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-08-07 16:23 <DIR> d——– C:\Program Files\Hitman Pro
    2007-08-07 14:33 <DIR> d——– C:\WINDOWS\pss
    2007-08-06 21:34 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Verzendmap van Share-to-Web
    2007-08-06 20:40 <DIR> d——– C:\Program Files\Windows Defender
    2007-08-06 17:23 574,508 –a—— C:\WINDOWS\system32\trdrwlub.exe
    2007-08-06 16:24 <DIR> dr-h—– C:\DOCUME~1\LOCALS~1\Onlangs geopend
    2007-08-06 16:23 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-07-30 12:17 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-07-30 10:29 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-30 09:48 <DIR> d——– C:\Program Files\Lavasoft
    2007-07-30 09:48 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Lavasoft
    2007-07-29 23:54 <DIR> d——– C:\Program Files\Microsoft Works
    2007-07-29 23:53 <DIR> d——– C:\WINDOWS\SHELLNEW
    2007-07-29 23:53 <DIR> d——– C:\Program Files\Microsoft.NET
    2007-07-29 21:07 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    2007-07-29 21:06 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-07-28 20:49 <DIR> d——– C:\DOCUME~1\PETERS~1\Contacts
    2007-07-28 20:47 <DIR> d——– C:\Program Files\MSN Messenger
    2007-07-28 17:42 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Nokia Multimedia Player
    2007-07-28 17:39 4,194,304 –a—— C:\DOCUME~1\PETERS~1
    tuser.dat
    2007-07-28 17:39 1,310,720 –a—— C:\DOCUME~1\LOCALS~1
    tuser.dat
    2007-07-28 17:26 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Nokia
    2007-07-28 17:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    2007-07-28 17:25 90,624 –a—— C:\WINDOWS\system32
    mwcdcls.dll
    2007-07-28 17:25 <DIR> d——– C:\Program Files\PC Connectivity Solution
    2007-07-28 17:25 <DIR> d——– C:\Program Files\Nokia
    2007-07-28 17:25 <DIR> d——– C:\Program Files\DIFX
    2007-07-28 17:25 <DIR> d——– C:\Program Files\Common Files\PCSuite
    2007-07-28 17:25 <DIR> d——– C:\Program Files\Common Files\Nokia
    2007-07-28 17:25 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\PC Suite
    2007-07-28 17:24 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    2007-07-28 17:23 8,192 –a–c— C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-07-28 17:23 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-07-28 17:23 28,160 –a–c— C:\WINDOWS\system32\dllcache\irmon.dll
    2007-07-28 17:23 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-07-28 17:23 154,112 –a–c— C:\WINDOWS\system32\dllcache\irftp.exe
    2007-07-28 17:23 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-07-28 11:46 53,760 –a—— C:\WINDOWS\system32\drivers\i8042prt.sys
    2007-07-27 12:08 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    2007-07-27 12:08 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Verzendmap van Share-to-Web
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\TMF
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Nu.nl
    2007-07-27 12:01 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
    2007-07-27 11:16 1,048,576 –ah—– C:\DOCUME~1\ADMINI~1
    tuser.dat
    2007-07-27 11:16 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-07-27 11:16 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-07-27 11:16 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-07-27 11:16 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
    2007-07-27 11:16 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-07-27 11:16 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-07-27 11:16 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-07-26 18:50 <DIR> d——– C:\Program Files\UniPrint
    2007-07-26 18:45 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\ICAClient
    2007-07-26 18:44 <DIR> d——– C:\Program Files\Citrix
    2007-07-26 09:49 54,784 –a—— C:\WINDOWS\system32\INETWH32.DLL
    2007-07-26 09:49 37,136 –a—— C:\WINDOWS\system32\MSJINT35.DLL
    2007-07-26 09:49 368,912 –a—— C:\WINDOWS\system32\VBAR332.DLL
    2007-07-26 09:49 251,664 –a—— C:\WINDOWS\system32\MSRD2X35.DLL
    2007-07-26 09:49 24,336 –a—— C:\WINDOWS\system32\MSJTER35.DLL
    2007-07-26 09:49 233,472 –a—— C:\WINDOWS\system32\ILDA32.DLL
    2007-07-26 09:49 22,528 –a—— C:\WINDOWS\system32\WSC32.DLL
    2007-07-26 09:49 182,784 –a—— C:\WINDOWS\system32\DDAO35.DLL
    2007-07-26 09:49 17,408 –a—— C:\WINDOWS\system32\MIO32.DLL
    2007-07-26 09:49 1,045,776 –a—— C:\WINDOWS\system32\MSJET35.DLL
    2007-07-26 09:49 <DIR> d——– C:\Program Files\Davilex
    2007-07-26 09:49 <DIR> d——– C:\Program Files\Borland
    2007-07-26 09:45 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-26 09:30 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-07-26 08:43 208,896 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-07-26 08:41 750,080 –a—— C:\WINDOWS\system32
    usaver.scr
    2007-07-25 20:59 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\WinRAR
    2007-07-25 20:59 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\GrabIt
    2007-07-25 20:37 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-07-25 20:37 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2007-07-25 19:43 <DIR> d——– C:\DOCUME~1\PETERS~1\APPLIC~1\Ahead
    2007-07-25 19:42 <DIR> d——– C:\Program Files\Nero
    2007-07-25 19:42 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-07-25 19:11 <DIR> d——– C:\Program Files\FTDv3.7.3
    2007-07-25 18:56 <DIR> d——– C:\WINDOWS\A5W_DATA
    2007-07-25 17:56 <DIR> d——– C:\Program Files\Palm Inc


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 21:01 90206 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-08-07 21:01 506504 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-07-25 10:14 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-07-25 10:14 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-07-25 10:14 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2007-07-03 18:43 132904 –a—— C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-07-03 18:43 11304 –a—— C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-06-27 19:05 972072 –a—— C:\WINDOWS\UNNeroMediaHome.exe
    2007-06-26 14:12 972072 –a—— C:\WINDOWS\UNNeroVision.exe
    2007-06-08 08:11 831048 –a—— C:\WINDOWS\system32\WudfUpdate_01005.dll
    2007-05-16 17:19 86528 —–c— C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 17:19 85504 —–c— C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 17:19 683520 —–c— C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 17:19 510976 —–c— C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 17:19 1314816 —–c— C:\WINDOWS\system32\dllcache\msoe.dll
    2007-05-16 09:18 95864 –a—— C:\WINDOWS\system32\NeroCo.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-04-01 02:46]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-11 04:15]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-13 22:39 C:\WINDOWS\SOUNDMAN.EXE]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
    "AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-03-03 16:49]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
    "UniPrint"="C:\Program Files\UniPrint\Client\SetDfltSettings.exe" [2006-08-23 17:26]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "NWEReboot"="" []
    "MemoryManager"="C:\WINDOWS\system32\gidvnprs.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 12:12]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "CommCenter"="C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\Peter Santbergen\Menu Start\Programma's\Opstarten\
    HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-25 10:14:04]
    NU.nl Nieuwslezer.lnk - H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe [2006-11-10 12:30:02]
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-07-25 10:05:55]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS
    R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
    R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
    R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys
    R2 rvsport;RVS Virtual COM Port;C:\WINDOWS\system32\drivers\rvsport.sys
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
    R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys
    S3 BTHMODEM;Communicatiestuurprogramma voor Bluetooth-modem;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    S3 LMouKE;SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    S3 RvscomSv;RvscomSv;C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bbd6ad6-3b4a-11dc-89d9-487444737531}]
    AutoRun\command- setup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-08-09 18:03:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2007-08-07 22:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job
    2007-08-09 07:50:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBF09104-3509-4B8B-8679-0A6355097348}.job - C:\WINDOWS\system32\msfeedssync.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-09 22:08:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-09 22:09:57
    C:\ComboFix-quarantined-files.txt … 2007-08-09 22:09
    C:\ComboFix2.txt … 2007-08-09 16:39

    — E O F —

    Logfile of HijackThis v1.99.1
    Scan saved at 22:10:51, on 9-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\PROGRA~1\RVS\WCOM\SYSTEM\ADBSERV.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\RVSRmd.exe
    C:\Program Files\RVS\WCOM\SYSTEM\CCSRV.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    H:\Downloads\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.petersantbergen.tk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKCU\..\RunOnce: [CommCenter] "C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NU.nl Nieuwslezer.lnk = H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    O23 - Service: RvscomSv - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Deze staat er nog steeds:
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow
  • Ik was een weekje op vakantie! Daarom deze late reactie.

    [quote:d5b91f33ca]Deze staat er nog steeds:
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\gidvnprs.dll",sitypnow[/quote:d5b91f33ca]

    Het lukt me op geen enkele manier om deze regel weg te krijgen. Hij komt onmiddellijk terug. Heb het geprobeerd met o.a. Hijackthis, ccleaner, combofix en gewoon verwijderd uit het register. Onmiddellijk nadat ik de regel verwijderd heb, is hij er weer.
  • Probeer eens in veilige modus.
    Herstart de computer en maak dan een nieuwe hijackthislog. Post dat logje.
  • Hij lijkt er nu uit te zijn, na het in veilige modus geprobeerd te hebben.

    Bijgaand het log van Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 17:23:44, on 17-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    H:\Downloads\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.petersantbergen.tk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKCU\..\RunOnce: [CommCenter] "C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NU.nl Nieuwslezer.lnk = H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    O23 - Service: RvscomSv - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Dit logje is gemaakt in veilige modus.
    Ik vermoed dat Ad-watch de wijzigingen tegenhoud.
    Als na reboot in normale windowsmodus, de sleutel weer verschijnt, dan schakel je eerst Ad-Watch uit. Dan fix je de sleutel.
  • Bij de eerste keer opstarten in normale modus, ontvang ik geen melding. Nog een keer herstarten levert weer een mededeling op.
    Heb daarna ook nog geprobeerd om te fixen zondar dat adwatch draait. Dit geeft hetzelfde resultaat. Eerste keer opstarten: geen medling. Daarna weer wel!
  • Maak even een nieuwe hijackthislog en post deze.
  • Het lijkt me, dat adwatch de veroorzaker is. Wanneer ik adwatch uitschakel, lukt het me om gidvnprs.dll te verwijderen en deze keert ook na opstarten niet meer terug. Zodra ik echter adwatch weer opstart, begint het gedonder van voren af aan. (Adwatch wel zodanig ingestld, dat deae niet gelijk met windows opstart)

    Hierbij, zoals gevraagd nog een logje van hijackthis. Ik heb het gemaakt, nadat ik de melding verwijderd had en met adwatch uitgeschakeld.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:50:12, on 18-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Norton Password Manager\AcctMgr.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\PROGRA~1\RVS\WCOM\SYSTEM\ADBSERV.EXE
    C:\Program Files\RVS\WCOM\SYSTEM\RVSRmd.exe
    C:\Program Files\RVS\WCOM\SYSTEM\CCSRV.EXE
    C:\WINDOWS\system32\wuauclt.exe
    H:\Downloads\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.petersantbergen.tk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [CommCenter] "C:\Program Files\RVS\WCOM\SYSTEM\ccui.exe"
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NU.nl Nieuwslezer.lnk = H:\Programma's\NU.nl Nieuwslezer
    unwslzr.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RVS CommCenter (RvsCC) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
    O23 - Service: RvscomSv - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
    O23 - Service: RVS Installer (RVSINST) - Living Byte Software GmbH, Munchen - C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.