Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

gzmrotate.dll

juisterr
13 antwoorden
  • Na wat te hebben gegoogeld en een aantal onderwerpen gelezen te hebben op diverse fora, is het mij duidelijk geworden dat ik last heb van 'spyware' op mijn pc.

    Het gaat om de volgende melding die sinds een paar dagen verschijnt als ik mijn pc opstart:

    "cannot run C:\WINDOWS\system32\gzmrotate.dll"

    Ik ben echter niet zo thuis in het verwijderen hiervan en hoop daarom ook dat 1 van jullie mij daarmee kan helpen.

    Greetz Bart
  • Plaats even een hijackthis log.
  • Heb HijackThis gedownload en na scannen verscheen het volgende file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:52:34, on 22-9-2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'anne')
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1001\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'anne')
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1001\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (User 'anne')
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'jill')
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1002\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0 (User 'jill')
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'annely')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/VistaMSNPUpldnl-nl.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 12295 bytes


  • Hallo, ik zie hem niet terug in het logje.

    Schakel [b:1f72eef0e3]Spybot's TeaTimer[/b:1f72eef0e3] even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident [b:1f72eef0e3]TeaTimer[/b:1f72eef0e3] en klik OK
    - Herstart de computer
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:7bc4dc1137]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKUS\S-1-5-21-762539904-387184959-3005005315-1001\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'anne')

    [/b:7bc4dc1137]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:7bc4dc1137]Combofix[/b:7bc4dc1137]

    naar je Bureaublad.
    Dubbelklik [b:7bc4dc1137]Combofix.exe[/b:7bc4dc1137]
    Volg de instructies, aanvaard de disclaimer door [b:7bc4dc1137]1[/b:7bc4dc1137] (continue) te typen gevolgd door [b:7bc4dc1137]ENTER[/b:7bc4dc1137].Tijdens het runnen van de fix, [b:7bc4dc1137]NIET[/b:7bc4dc1137] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:7bc4dc1137]combofix.txt[/b:7bc4dc1137] openen.
    Plaats dit log in je volgende post aan het einde van de fix. <<<<

    Plaats ook een nieuw HijackThis logje aub.


    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Alles uitgevoerd zoals hierboven beschreven.
    Mijn ComboFix txt log ziet er als volgt uit:

    ComboFix 07-09-21.2 - "Bart" 2007-09-22 21:51:37.1 - NTFSx86
    Microsoft© Windows VistaT Home Premium 6.0.6000.0.1252.1.1043.18.325 [GMT 2:00]
    De uitvoeringstijd is overschreden voor script C:\ComboFix\restore_pt.vbs.
    De uitvoering van het script is be‰indigd.
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\x64

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-22 to 2007-09-22 ))))))))))))))))))))))))))))))
    .

    2007-09-22 21:49 51,200 –a—— C:\Windows\NirCmd.exe
    2007-09-20 21:21 <DIR> d——– C:\Users\ALLUSE~1\Lavasoft
    2007-09-20 21:21 <DIR> d——– C:\Program Files\Lavasoft
    2007-09-20 21:21 <DIR> d——– C:\PROGRA~2\Lavasoft
    2007-09-20 21:20 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-20 20:46 <DIR> d——– C:\Users\Bart\AppData\Roaming\.BitTornado
    2007-09-20 20:23 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-20 19:35 <DIR> d——– C:\Users\ALLUSE~1\Spybot - Search & Destroy
    2007-09-20 19:35 <DIR> d——– C:\PROGRA~2\Spybot - Search & Destroy
    2007-09-18 14:43 43,696 –a—— C:\Windows\System32\drivers\srtspx.sys
    2007-09-18 14:43 317,616 –a—— C:\Windows\System32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\Windows\System32\drivers\srtsp.sys
    2007-09-18 10:27 <DIR> d——– C:\Users\ALLUSE~1\Ulead Systems
    2007-09-18 10:27 <DIR> d——– C:\PROGRA~2\Ulead Systems
    2007-09-18 10:04 7,420 –a—— C:\Windows\UA000028.DLL
    2007-09-18 10:04 7,420 –a—— C:\Windows\UA000023.DLL
    2007-09-18 10:04 7,420 –a—— C:\Windows\UA000022.DLL
    2007-09-16 20:26 44,544 –a—— C:\Windows\System32\msxml4a.dll
    2007-09-16 20:24 <DIR> d——– C:\Program Files\Common Files\MAGIX Shared
    2007-09-16 20:23 85,504 –a—— C:\Windows\System32\HtmlWH.dll
    2007-09-16 20:23 634,880 –a—— C:\Windows\System32\mgxoschk.dll
    2007-09-16 20:23 49,152 ——— C:\Windows\System32\INETWH32.dll
    2007-09-16 20:23 1,089,536 –a—— C:\Windows\System32\ROBOEX32.DLL
    2007-09-16 20:23 <DIR> d——– C:\Windows\System32\MAGIX
    2007-09-16 20:23 <DIR> d——– C:\MAGIX
    2007-09-14 20:28 <DIR> d——– C:\Users\Bart\AppData\Roaming\DivX
    2007-09-14 20:26 <DIR> d——– C:\Program Files\DivX
    2007-09-12 21:54 <DIR> d——– C:\Program Files\iPod
    2007-09-12 21:53 <DIR> d——– C:\Program Files\iTunes
    2007-09-12 21:49 <DIR> d——– C:\Program Files\Apple Software Update
    2007-09-03 17:45 <DIR> d——– C:\Users\jill\AppData\Roaming\AdobeUM
    2007-08-30 10:00 704,000 –a—— C:\Windows\System32\PhotoScreensaver.scr
    2007-08-29 15:37 <DIR> d——– C:\Users\Bart\Res
    2007-08-25 00:54 8,147,968 –a—— C:\Windows\System32\wmploc.DLL
    2007-08-25 00:54 7,680 –a—— C:\Windows\System32\spwmp.dll
    2007-08-25 00:54 4,096 –a—— C:\Windows\System32\dxmasf.dll
    2007-08-25 00:53 2,048 –a—— C:\Windows\System32\msxml3r.dll
    2007-08-25 00:53 1,191,936 –a—— C:\Windows\System32\msxml3.dll
    2007-08-25 00:52 2,048 –a—— C:\Windows\System32\msxml6r.dll
    2007-08-25 00:52 1,335,296 –a—— C:\Windows\System32\msxml6.dll
    2007-08-24 21:52 186,256 –a—— C:\Windows\System32\SymNPPWA.dll
    2007-08-24 21:51 53,080 –a—— C:\Windows\System32\wuauclt.exe
    2007-08-24 21:51 43,352 –a—— C:\Windows\System32\wups2.dll
    2007-08-24 21:51 1,712,984 –a—— C:\Windows\System32\wuaueng.dll
    2007-08-24 21:51 1,524,224 –a—— C:\Windows\System32\wucltux.dll
    2007-08-24 21:50 80,896 –a—— C:\Windows\System32\wudriver.dll
    2007-08-24 21:50 549,720 –a—— C:\Windows\System32\wuapi.dll
    2007-08-24 21:50 33,624 –a—— C:\Windows\System32\wups.dll
    2007-08-24 21:49 31,232 –a—— C:\Windows\System32\wuapp.exe
    2007-08-24 21:49 163,000 –a—— C:\Windows\System32\wuwebv.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-21 08:14 ——— d——– C:\PROGRA~2\Symantec
    2007-09-20 21:05 805 –a—— C:\Windows\system32\drivers\SYMEVENT.INF
    2007-09-20 21:05 123952 –a—— C:\Windows\system32\drivers\SYMEVENT.SYS
    2007-09-20 21:05 10676 –a—— C:\Windows\system32\drivers\SYMEVENT.CAT
    2007-09-20 21:05 ——— d——– C:\Program Files\Symantec
    2007-09-20 20:46 ——— d——– C:\Users\Bart\AppData\Roaming\.BitTornado
    2007-09-20 15:21 ——— d——– C:\Users\Bart\AppData\Roaming\LimeWire
    2007-09-19 10:25 ——— d——– C:\Program Files\Common Files\PX Storage Engine
    2007-09-19 10:25 ——— d——– C:\Program Files\Common Files\LogiShrd
    2007-09-19 10:24 ——— d——– C:\Program Files\Windows Mail
    2007-09-19 10:24 ——— d——– C:\Program Files\Disk Cleaner
    2007-09-19 10:24 ——— d——– C:\PROGRA~2\LogiShrd
    2007-09-18 14:44 1430 –a—— C:\Windows\system32\drivers\srtspl.inf
    2007-09-18 14:44 1421 –a—— C:\Windows\system32\drivers\srtspx.inf
    2007-09-18 14:44 1415 –a—— C:\Windows\system32\drivers\srtsp.inf
    2007-09-18 14:44 10662 –a—— C:\Windows\system32\drivers\srtspx.cat
    2007-09-18 14:44 10662 –a—— C:\Windows\system32\drivers\srtspl.cat
    2007-09-18 14:44 10658 –a—— C:\Windows\system32\drivers\srtsp.cat
    2007-09-18 10:57 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-16 20:24 4608 –a—— C:\Windows\System32\w95inf32.dll
    2007-09-08 09:42 ——— d——– C:\Users\anne\AppData\Roaming\LimeWire
    2007-09-06 20:30 ——— d——– C:\Program Files\Logitech
    2007-09-03 20:54 ——— d——– C:\Program Files\Norton 360
    2007-08-31 13:52 174 –ahs—- C:\Program Files\desktop.ini
    2007-08-30 09:59 88576 –a—— C:\Windows\System32\avifil32.dll
    2007-08-30 09:59 82944 –a—— C:\Windows\System32\mciavi32.dll
    2007-08-30 09:59 8138240 –a—— C:\Windows\System32\ssBranded.scr
    2007-08-30 09:59 712192 –a—— C:\Windows\System32\WindowsCodecs.dll
    2007-08-30 09:59 69632 –a—— C:\Windows\System32\sendmail.dll
    2007-08-30 09:59 65024 –a—— C:\Windows\System32\avicap32.dll
    2007-08-30 09:59 61440 –a—— C:\Windows\System32
    tprint.exe
    2007-08-30 09:59 3504824 –a—— C:\Windows\System32
    tkrnlpa.exe
    2007-08-30 09:59 3470008 –a—— C:\Windows\System32
    toskrnl.exe
    2007-08-30 09:59 31232 –a—— C:\Windows\System32\msvidc32.dll
    2007-08-30 09:59 269824 –a—— C:\Windows\System32\schannel.dll
    2007-08-30 09:59 220160 –a—— C:\Windows\System32
    tprint.dll
    2007-08-30 09:59 1984512 –a—— C:\Windows\System32\authui.dll
    2007-08-30 09:59 12800 –a—— C:\Windows\System32\msrle32.dll
    2007-08-30 09:59 123904 –a—— C:\Windows\System32\msvfw32.dll
    2007-08-30 09:59 120320 –a—— C:\Windows\System32\dhcpcsvc6.dll
    2007-08-30 09:59 10240 –a—— C:\Windows\System32\dhcpcmonitor.dll
    2007-08-29 15:12 ——— d——– C:\Program Files\Windows Calendar
    2007-08-29 15:08 8192 –a—— C:\Windows\System32\riched32.dll
    2007-08-29 15:08 77824 –a—— C:\Windows\System32\rascfg.dll
    2007-08-29 15:08 750080 –a—— C:\Windows\System32\qmgr.dll
    2007-08-29 15:08 70144 –a—— C:\Windows\system32\drivers\pacer.sys
    2007-08-29 15:08 694784 –a—— C:\Windows\System32\localspl.dll
    2007-08-29 15:08 61952 –a—— C:\Windows\system32\drivers\wanarp.sys
    2007-08-29 15:08 619008 –a—— C:\Windows\system32\drivers\dxgkrnl.sys
    2007-08-29 15:08 52736 –a—— C:\Windows\System32\rasdiag.dll
    2007-08-29 15:08 48640 –a—— C:\Windows\system32\drivers
    dproxy.sys
    2007-08-29 15:08 384000 –a—— C:\Windows\System32
    etcfgx.dll
    2007-08-29 15:08 36864 –a—— C:\Windows\System32\cdd.dll
    2007-08-29 15:08 33280 –a—— C:\Windows\System32\traffic.dll
    2007-08-29 15:08 32768 –a—— C:\Windows\System32\rasmxs.dll
    2007-08-29 15:08 286208 –a—— C:\Windows\System32\ipnathlp.dll
    2007-08-29 15:08 22016 –a—— C:\Windows\System32\rasser.dll
    2007-08-29 15:08 20480 –a—— C:\Windows\system32\drivers
    distapi.sys
    2007-08-29 15:08 15360 –a—— C:\Windows\System32\pacerprf.dll
    2007-08-29 15:08 13824 –a—— C:\Windows\System32\wshqos.dll
    2007-08-29 15:08 13824 –a—— C:\Windows\System32\icsunattend.exe
    2007-08-29 15:08 134656 –a—— C:\Windows\System32\dps.dll
    2007-08-29 14:50 ——— d——– C:\Program Files\Sony
    2007-08-25 00:51 56320 –a—— C:\Windows\System32\iesetup.dll
    2007-08-25 00:51 52736 –a—— C:\Windows\AppPatch\iebrshim.dll
    2007-08-25 00:51 26624 –a—— C:\Windows\System32\ieUnatt.exe
    2007-08-21 02:26 81920 –a—— C:\Windows\System32\dpl100.dll
    2007-08-21 02:26 196608 –a—— C:\Windows\System32\dtu100.dll
    2007-08-16 00:33 524288 –a—— C:\Windows\System32\DivXsm.exe
    2007-08-16 00:33 3596288 –a—— C:\Windows\System32\qt-dx331.dll
    2007-08-16 00:33 200704 –a—— C:\Windows\System32\ssldivx.dll
    2007-08-16 00:33 144704 –a—— C:\Windows\System32\DivXCodecVersionChecker.exe
    2007-08-16 00:33 129784 ——— C:\Windows\System32\PxAFS.DLL
    2007-08-16 00:33 120056 ——— C:\Windows\System32\pxcpyi64.exe
    2007-08-16 00:33 118520 ——— C:\Windows\System32\pxinsi64.exe
    2007-08-16 00:33 1044480 –a—— C:\Windows\System32\libdivx.dll
    2007-08-16 00:31 593920 –a—— C:\Windows\System32\dpuGUI11.dll
    2007-08-16 00:31 57344 –a—— C:\Windows\System32\dpv11.dll
    2007-08-16 00:31 53248 –a—— C:\Windows\System32\dpuGUI10.dll
    2007-08-16 00:31 344064 –a—— C:\Windows\System32\dpus11.dll
    2007-08-16 00:31 294912 –a—— C:\Windows\System32\dpu11.dll
    2007-08-16 00:31 294912 –a—— C:\Windows\System32\dpu10.dll
    2007-08-16 00:30 823296 –a—— C:\Windows\System32\divx_xx0c.dll
    2007-08-16 00:30 823296 –a—— C:\Windows\System32\divx_xx07.dll
    2007-08-16 00:30 802816 –a—— C:\Windows\System32\divx_xx11.dll
    2007-08-16 00:30 740442 –a—— C:\Windows\System32\DivX.dll
    2007-08-16 00:30 12288 –a—— C:\Windows\System32\DivXWMPExtType.dll
    2007-08-10 16:51 ——— d——– C:\Users\anne\AppData\Roaming\Sony Corporation
    2007-08-10 11:36 ——— d——– C:\Users\Bart\AppData\Roaming\Sony Corporation
    2007-08-10 11:36 ——— d——– C:\PROGRA~2\Sony Corporation
    2007-08-10 11:36 ——— d——– C:\PROGRA~2\SonicStage
    2007-08-10 11:26 ——— d——– C:\Program Files\Common Files\Sony Shared
    2007-08-10 10:54 ——— d——– C:\Program Files\directx
    2007-08-09 12:47 ——— d——– C:\Program Files\MSECache
    2007-08-08 16:00 ——— d——– C:\Users\anne\AppData\Roaming\Nikon
    2007-08-07 13:58 8320 –a—— C:\Windows\system32\drivers\AWRTRD.sys
    2007-08-07 13:56 9344 –a—— C:\Windows\system32\drivers\NSDriver.sys
    2007-08-06 23:40 ——— d——– C:\Program Files\MSN Messenger
    2007-08-06 09:25 ——— d——– C:\PROGRA~2\Logitech
    2007-08-01 21:41 ——— d——– C:\Program Files\Pixia
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-30 13:17]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 13:39]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 C:\Windows\RtHDVCpl.exe]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-30 15:27]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-30 15:27]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-30 15:27]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
    "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
    "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
    "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
    "RegistryMechanic"="" []
    "hid_start"="C:\Windows\system32\gzmrotate.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-06 09:10:12]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-18 13:36:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"=2 (0x2)
    "DontDisplayLogonHoursWarnings"=1 (0x1)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070921.001\IDSvix86.sys
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS
    etr73.sys
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-22 21:55:12
    Windows 6.0.6000 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-22 21:57:00







  • En vervolgens het nieuwe HijackThis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:10, on 2007-09-22
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/VistaMSNPUpldnl-nl.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 11067 bytes


  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:0bb79ecb50][b:0bb79ecb50]
  • Goedemiddag Juisterr,

    heb alles gedaan zoals je hierboven hebt beschreven.
    Windows startte na het uitvoeren van ComboFix tot 2 maal toe opnieuw op, waarbij bij de 2de keer de melding verscheen:

    [b:a8ce45db43]"Windows is hersteld van een onverwachte afsluiting"[/b:a8ce45db43]

    Tevens verscheen nog steeds hetzelfde schermpje met de mededeling:

    [b:a8ce45db43]"Er is een fout opgetreden tijdend het laden van
    C:\ Windows\system32\gzmrotate.dll
    Kan opgegeven module niet vinden"[/b:a8ce45db43]

    Het nieuwe ComboFix txt file ziet er nu als volgt uit:

    ComboFix 07-09-21.2 - "Bart" 2007-09-23 13:46:10.2 - NTFSx86
    Microsoft© Windows VistaT Home Premium 6.0.6000.0.1252.1.1043.18.311 [GMT 2:00]
    De uitvoeringstijd is overschreden voor script C:\ComboFix\restore_pt.vbs.
    De uitvoering van het script is be‰indigd.

    FILE::
    C:\Windows\system32\gzmrotate.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\UA000022.DLL\
    C:\Windows\UA000023.DLL\
    C:\Windows\UA000028.DLL\

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-23 to 2007-09-23 ))))))))))))))))))))))))))))))
    .

    2007-09-22 21:49 51,200 –a—— C:\Windows\NirCmd.exe
    2007-09-20 21:21 <DIR> d——– C:\Users\ALLUSE~1\Lavasoft
    2007-09-20 21:21 <DIR> d——– C:\Program Files\Lavasoft
    2007-09-20 21:21 <DIR> d——– C:\PROGRA~2\Lavasoft
    2007-09-20 21:20 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-20 20:46 <DIR> d——– C:\Users\Bart\AppData\Roaming\.BitTornado
    2007-09-20 20:23 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-20 19:35 <DIR> d——– C:\Users\ALLUSE~1\Spybot - Search & Destroy
    2007-09-20 19:35 <DIR> d——– C:\PROGRA~2\Spybot - Search & Destroy
    2007-09-18 14:43 43,696 –a—— C:\Windows\System32\drivers\srtspx.sys
    2007-09-18 14:43 317,616 –a—— C:\Windows\System32\drivers\srtspl.sys
    2007-09-18 14:43 278,576 –a—— C:\Windows\System32\drivers\srtsp.sys
    2007-09-18 10:27 <DIR> d——– C:\Users\ALLUSE~1\Ulead Systems
    2007-09-18 10:27 <DIR> d——– C:\PROGRA~2\Ulead Systems
    2007-09-18 10:04 7,420 –a—— C:\Windows\UA000028.DLL
    2007-09-18 10:04 7,420 –a—— C:\Windows\UA000023.DLL
    2007-09-18 10:04 7,420 –a—— C:\Windows\UA000022.DLL
    2007-09-16 20:26 44,544 –a—— C:\Windows\System32\msxml4a.dll
    2007-09-16 20:24 <DIR> d——– C:\Program Files\Common Files\MAGIX Shared
    2007-09-16 20:23 85,504 –a—— C:\Windows\System32\HtmlWH.dll
    2007-09-16 20:23 634,880 –a—— C:\Windows\System32\mgxoschk.dll
    2007-09-16 20:23 49,152 ——— C:\Windows\System32\INETWH32.dll
    2007-09-16 20:23 1,089,536 –a—— C:\Windows\System32\ROBOEX32.DLL
    2007-09-16 20:23 <DIR> d——– C:\Windows\System32\MAGIX
    2007-09-16 20:23 <DIR> d——– C:\MAGIX
    2007-09-14 20:28 <DIR> d——– C:\Users\Bart\AppData\Roaming\DivX
    2007-09-14 20:26 <DIR> d——– C:\Program Files\DivX
    2007-09-12 21:54 <DIR> d——– C:\Program Files\iPod
    2007-09-12 21:53 <DIR> d——– C:\Program Files\iTunes
    2007-09-12 21:49 <DIR> d——– C:\Program Files\Apple Software Update
    2007-09-03 17:45 <DIR> d——– C:\Users\jill\AppData\Roaming\AdobeUM
    2007-08-30 10:00 704,000 –a—— C:\Windows\System32\PhotoScreensaver.scr
    2007-08-29 15:37 <DIR> d——– C:\Users\Bart\Res
    2007-08-25 00:54 8,147,968 –a—— C:\Windows\System32\wmploc.DLL
    2007-08-25 00:54 7,680 –a—— C:\Windows\System32\spwmp.dll
    2007-08-25 00:54 4,096 –a—— C:\Windows\System32\dxmasf.dll
    2007-08-25 00:53 2,048 –a—— C:\Windows\System32\msxml3r.dll
    2007-08-25 00:53 1,191,936 –a—— C:\Windows\System32\msxml3.dll
    2007-08-25 00:52 2,048 –a—— C:\Windows\System32\msxml6r.dll
    2007-08-25 00:52 1,335,296 –a—— C:\Windows\System32\msxml6.dll
    2007-08-24 21:52 186,256 –a—— C:\Windows\System32\SymNPPWA.dll
    2007-08-24 21:51 53,080 –a—— C:\Windows\System32\wuauclt.exe
    2007-08-24 21:51 43,352 –a—— C:\Windows\System32\wups2.dll
    2007-08-24 21:51 1,712,984 –a—— C:\Windows\System32\wuaueng.dll
    2007-08-24 21:51 1,524,224 –a—— C:\Windows\System32\wucltux.dll
    2007-08-24 21:50 80,896 –a—— C:\Windows\System32\wudriver.dll
    2007-08-24 21:50 549,720 –a—— C:\Windows\System32\wuapi.dll
    2007-08-24 21:50 33,624 –a—— C:\Windows\System32\wups.dll
    2007-08-24 21:49 31,232 –a—— C:\Windows\System32\wuapp.exe
    2007-08-24 21:49 163,000 –a—— C:\Windows\System32\wuwebv.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-21 08:14 ——— d——– C:\PROGRA~2\Symantec
    2007-09-20 21:05 805 –a—— C:\Windows\system32\drivers\SYMEVENT.INF
    2007-09-20 21:05 123952 –a—— C:\Windows\system32\drivers\SYMEVENT.SYS
    2007-09-20 21:05 10676 –a—— C:\Windows\system32\drivers\SYMEVENT.CAT
    2007-09-20 21:05 ——— d——– C:\Program Files\Symantec
    2007-09-20 20:46 ——— d——– C:\Users\Bart\AppData\Roaming\.BitTornado
    2007-09-20 15:21 ——— d——– C:\Users\Bart\AppData\Roaming\LimeWire
    2007-09-19 10:25 ——— d——– C:\Program Files\Common Files\PX Storage Engine
    2007-09-19 10:25 ——— d——– C:\Program Files\Common Files\LogiShrd
    2007-09-19 10:24 ——— d——– C:\Program Files\Windows Mail
    2007-09-19 10:24 ——— d——– C:\Program Files\Disk Cleaner
    2007-09-19 10:24 ——— d——– C:\PROGRA~2\LogiShrd
    2007-09-18 14:44 1430 –a—— C:\Windows\system32\drivers\srtspl.inf
    2007-09-18 14:44 1421 –a—— C:\Windows\system32\drivers\srtspx.inf
    2007-09-18 14:44 1415 –a—— C:\Windows\system32\drivers\srtsp.inf
    2007-09-18 14:44 10662 –a—— C:\Windows\system32\drivers\srtspx.cat
    2007-09-18 14:44 10662 –a—— C:\Windows\system32\drivers\srtspl.cat
    2007-09-18 14:44 10658 –a—— C:\Windows\system32\drivers\srtsp.cat
    2007-09-18 10:57 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-16 20:24 4608 –a—— C:\Windows\System32\w95inf32.dll
    2007-09-08 09:42 ——— d——– C:\Users\anne\AppData\Roaming\LimeWire
    2007-09-06 20:30 ——— d——– C:\Program Files\Logitech
    2007-09-03 20:54 ——— d——– C:\Program Files\Norton 360
    2007-08-31 13:52 174 –ahs—- C:\Program Files\desktop.ini
    2007-08-30 09:59 88576 –a—— C:\Windows\System32\avifil32.dll
    2007-08-30 09:59 82944 –a—— C:\Windows\System32\mciavi32.dll
    2007-08-30 09:59 8138240 –a—— C:\Windows\System32\ssBranded.scr
    2007-08-30 09:59 712192 –a—— C:\Windows\System32\WindowsCodecs.dll
    2007-08-30 09:59 69632 –a—— C:\Windows\System32\sendmail.dll
    2007-08-30 09:59 65024 –a—— C:\Windows\System32\avicap32.dll
    2007-08-30 09:59 61440 –a—— C:\Windows\System32
    tprint.exe
    2007-08-30 09:59 3504824 –a—— C:\Windows\System32
    tkrnlpa.exe
    2007-08-30 09:59 3470008 –a—— C:\Windows\System32
    toskrnl.exe
    2007-08-30 09:59 31232 –a—— C:\Windows\System32\msvidc32.dll
    2007-08-30 09:59 269824 –a—— C:\Windows\System32\schannel.dll
    2007-08-30 09:59 220160 –a—— C:\Windows\System32
    tprint.dll
    2007-08-30 09:59 1984512 –a—— C:\Windows\System32\authui.dll
    2007-08-30 09:59 12800 –a—— C:\Windows\System32\msrle32.dll
    2007-08-30 09:59 123904 –a—— C:\Windows\System32\msvfw32.dll
    2007-08-30 09:59 120320 –a—— C:\Windows\System32\dhcpcsvc6.dll
    2007-08-30 09:59 10240 –a—— C:\Windows\System32\dhcpcmonitor.dll
    2007-08-29 15:12 ——— d——– C:\Program Files\Windows Calendar
    2007-08-29 15:08 8192 –a—— C:\Windows\System32\riched32.dll
    2007-08-29 15:08 77824 –a—— C:\Windows\System32\rascfg.dll
    2007-08-29 15:08 750080 –a—— C:\Windows\System32\qmgr.dll
    2007-08-29 15:08 70144 –a—— C:\Windows\system32\drivers\pacer.sys
    2007-08-29 15:08 694784 –a—— C:\Windows\System32\localspl.dll
    2007-08-29 15:08 61952 –a—— C:\Windows\system32\drivers\wanarp.sys
    2007-08-29 15:08 619008 –a—— C:\Windows\system32\drivers\dxgkrnl.sys
    2007-08-29 15:08 52736 –a—— C:\Windows\System32\rasdiag.dll
    2007-08-29 15:08 48640 –a—— C:\Windows\system32\drivers
    dproxy.sys
    2007-08-29 15:08 384000 –a—— C:\Windows\System32
    etcfgx.dll
    2007-08-29 15:08 36864 –a—— C:\Windows\System32\cdd.dll
    2007-08-29 15:08 33280 –a—— C:\Windows\System32\traffic.dll
    2007-08-29 15:08 32768 –a—— C:\Windows\System32\rasmxs.dll
    2007-08-29 15:08 286208 –a—— C:\Windows\System32\ipnathlp.dll
    2007-08-29 15:08 22016 –a—— C:\Windows\System32\rasser.dll
    2007-08-29 15:08 20480 –a—— C:\Windows\system32\drivers
    distapi.sys
    2007-08-29 15:08 15360 –a—— C:\Windows\System32\pacerprf.dll
    2007-08-29 15:08 13824 –a—— C:\Windows\System32\wshqos.dll
    2007-08-29 15:08 13824 –a—— C:\Windows\System32\icsunattend.exe
    2007-08-29 15:08 134656 –a—— C:\Windows\System32\dps.dll
    2007-08-29 14:50 ——— d——– C:\Program Files\Sony
    2007-08-25 00:51 56320 –a—— C:\Windows\System32\iesetup.dll
    2007-08-25 00:51 52736 –a—— C:\Windows\AppPatch\iebrshim.dll
    2007-08-25 00:51 26624 –a—— C:\Windows\System32\ieUnatt.exe
    2007-08-21 02:26 81920 –a—— C:\Windows\System32\dpl100.dll
    2007-08-21 02:26 196608 –a—— C:\Windows\System32\dtu100.dll
    2007-08-16 00:33 524288 –a—— C:\Windows\System32\DivXsm.exe
    2007-08-16 00:33 3596288 –a—— C:\Windows\System32\qt-dx331.dll
    2007-08-16 00:33 200704 –a—— C:\Windows\System32\ssldivx.dll
    2007-08-16 00:33 144704 –a—— C:\Windows\System32\DivXCodecVersionChecker.exe
    2007-08-16 00:33 129784 ——— C:\Windows\System32\PxAFS.DLL
    2007-08-16 00:33 120056 ——— C:\Windows\System32\pxcpyi64.exe
    2007-08-16 00:33 118520 ——— C:\Windows\System32\pxinsi64.exe
    2007-08-16 00:33 1044480 –a—— C:\Windows\System32\libdivx.dll
    2007-08-16 00:31 593920 –a—— C:\Windows\System32\dpuGUI11.dll
    2007-08-16 00:31 57344 –a—— C:\Windows\System32\dpv11.dll
    2007-08-16 00:31 53248 –a—— C:\Windows\System32\dpuGUI10.dll
    2007-08-16 00:31 344064 –a—— C:\Windows\System32\dpus11.dll
    2007-08-16 00:31 294912 –a—— C:\Windows\System32\dpu11.dll
    2007-08-16 00:31 294912 –a—— C:\Windows\System32\dpu10.dll
    2007-08-16 00:30 823296 –a—— C:\Windows\System32\divx_xx0c.dll
    2007-08-16 00:30 823296 –a—— C:\Windows\System32\divx_xx07.dll
    2007-08-16 00:30 802816 –a—— C:\Windows\System32\divx_xx11.dll
    2007-08-16 00:30 740442 –a—— C:\Windows\System32\DivX.dll
    2007-08-16 00:30 12288 –a—— C:\Windows\System32\DivXWMPExtType.dll
    2007-08-10 16:51 ——— d——– C:\Users\anne\AppData\Roaming\Sony Corporation
    2007-08-10 11:36 ——— d——– C:\Users\Bart\AppData\Roaming\Sony Corporation
    2007-08-10 11:36 ——— d——– C:\PROGRA~2\Sony Corporation
    2007-08-10 11:36 ——— d——– C:\PROGRA~2\SonicStage
    2007-08-10 11:26 ——— d——– C:\Program Files\Common Files\Sony Shared
    2007-08-10 10:54 ——— d——– C:\Program Files\directx
    2007-08-09 12:47 ——— d——– C:\Program Files\MSECache
    2007-08-08 16:00 ——— d——– C:\Users\anne\AppData\Roaming\Nikon
    2007-08-07 13:58 8320 –a—— C:\Windows\system32\drivers\AWRTRD.sys
    2007-08-07 13:56 9344 –a—— C:\Windows\system32\drivers\NSDriver.sys
    2007-08-06 23:40 ——— d——– C:\Program Files\MSN Messenger
    2007-08-06 09:25 ——— d——– C:\PROGRA~2\Logitech
    2007-08-01 21:41 ——— d——– C:\Program Files\Pixia
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-22_215602,72 )))))))))))))))))))))))))))))))))))))))))
    .
    –s-a-w 67,584 2007-09-23 11:51:01 C:\Windows\bootstat.dat
    –sha-w 262,144 2007-09-23 11:51:48 C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    —-a-w 262,144 2007-09-23 07:40:22 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    –sha-w 262,144 2007-09-23 11:51:48 C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    —-a-w 262,144 2007-09-23 07:40:22 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    —-a-w 262,144 2007-09-23 11:44:56 C:\Windows\System32\config\systemprofile
    tuser.dat
    –sha-w 16,384 2007-09-23 11:13:10 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    –sha-w 32,768 2007-09-23 11:13:10 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    –sha-w 32,768 2007-09-23 11:13:10 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    —-a-w 49,044 2007-09-23 08:09:36 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    —-a-w 44,408 2007-09-23 08:09:33 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    —-a-w 8,546 2007-09-22 20:00:35 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762539904-387184959-3005005315-1000_UserData.bin
    —-a-w 5,348 2007-09-23 08:09:36 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762539904-387184959-3005005315-1003_UserData.bin
    .
    –s-a-w 67,584 2007-09-22 19:39:04 C:\Windows\bootstat.dat
    –sha-w 262,144 2007-09-22 19:40:45 C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    —-a-w 262,144 2007-09-20 12:23:16 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    –sha-w 262,144 2007-09-22 19:40:40 C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    —-a-w 262,144 2007-09-20 12:23:17 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    —-a-w 262,144 2007-09-22 19:49:48 C:\Windows\System32\config\systemprofile
    tuser.dat
    –sha-w 16,384 2007-09-22 19:48:15 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    –sha-w 32,768 2007-09-22 19:48:15 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    –sha-w 32,768 2007-09-22 19:48:15 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    —-a-w 49,044 2007-09-22 19:41:00 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    —-a-w 44,384 2007-09-22 19:40:57 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    —-a-w 8,546 2007-09-22 19:41:00 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762539904-387184959-3005005315-1000_UserData.bin
    —-a-w 5,324 2007-09-20 15:05:17 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762539904-387184959-3005005315-1003_UserData.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-30 13:17]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 13:39]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 C:\Windows\RtHDVCpl.exe]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-30 15:27]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-30 15:27]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-30 15:27]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
    "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
    "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
    "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
    "RegistryMechanic"="" []
    "hid_start"="C:\Windows\system32\gzmrotate.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-06 09:10:12]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-18 13:36:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"=2 (0x2)
    "DontDisplayLogonHoursWarnings"=1 (0x1)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070921.001\IDSvix86.sys
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS
    etr73.sys
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-23 13:51:51
    Windows 6.0.6000 NTFS


    Eveneens zoals gevraagd een nieuw HijackThis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00, on 2007-09-23
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1
    esources/VistaMSNPUpldnl-nl.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 10968 bytes


    Ik hoop dat je er iets mee kan en wil je alvast bedanken voor de moeite.

    Greetz, Bart












  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:f96d9d3c2f]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [hid_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\gzmrotate.dll" DllVerify
    [/b:f96d9d3c2f]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download:
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:f96d9d3c2f]PC herstarten[/b:f96d9d3c2f] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:f96d9d3c2f]RVAXO-results.log[/b:f96d9d3c2f] in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Download [b:f96d9d3c2f] naar je Bureaublad:[list:f96d9d3c2f][*:f96d9d3c2f]Dubbelklik [b:f96d9d3c2f]drweb-cureit.exe[/b:f96d9d3c2f] en sta het toe om de express scan te starten.
    [*:f96d9d3c2f]Indien een popup verschijnt met het voorstel tot kopen/50% korting,
    mag je deze sluiten met het kruisje.
    [*:f96d9d3c2f]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:f96d9d3c2f]Yes to all[/b:f96d9d3c2f] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    [*:f96d9d3c2f]Kies bovenaan in het menu voor [b:f96d9d3c2f]Language/Taal[/b:f96d9d3c2f] en wijzig deze naar [b:f96d9d3c2f]Dutch (Nederlands)[/b:f96d9d3c2f] indien deze bij jou anders staat ingesteld.
    [*:f96d9d3c2f]Druk op [b:f96d9d3c2f]F9[/b:f96d9d3c2f] en kies daarna voor [b:f96d9d3c2f]Acties[/b:f96d9d3c2f] en stel daar het volgende in onder [b:f96d9d3c2f]Malware[/b:f96d9d3c2f] :[list:f96d9d3c2f]Adware: [b:f96d9d3c2f]Verplaats[/b:f96d9d3c2f]
    Dialers: [b:f96d9d3c2f]Verplaats[/b:f96d9d3c2f]
    Jokes: [b:f96d9d3c2f]Rapportage[/b:f96d9d3c2f]
    Riskware: [b:f96d9d3c2f]Rapportage[/b:f96d9d3c2f]
    Hacktools: [b:f96d9d3c2f]Verplaats[/b:f96d9d3c2f]
    Haal dan het [b:f96d9d3c2f]vinkje weg bij "Prompt bij actie"[/b:f96d9d3c2f].[/list:u:f96d9d3c2f]Druk dan op [b:f96d9d3c2f]OK[/b:f96d9d3c2f].
    [*:f96d9d3c2f]Druk op [b:f96d9d3c2f]F9[/b:f96d9d3c2f] en kies daarna voor [b:f96d9d3c2f]Scan[/b:f96d9d3c2f] en verwijder het vinkje bij [b:f96d9d3c2f]Heuristische analyse[/b:f96d9d3c2f] en klik op [b:f96d9d3c2f]OK[/b:f96d9d3c2f].
    [*:f96d9d3c2f]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
    [*:f96d9d3c2f]Selecteer hier [b:f96d9d3c2f]alle stations[/b:f96d9d3c2f]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    [*:f96d9d3c2f]Klik daarna de [b:f96d9d3c2f]groene pijl[/b:f96d9d3c2f] rechts om de scan te starten.
    [*:f96d9d3c2f]Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is.
    [*:f96d9d3c2f]Nadat de scan gedaan is, in het menu bovenaan, klik [b:f96d9d3c2f]Bestand[/b:f96d9d3c2f] en kies [b:f96d9d3c2f]Rapportage lijst opslaan[/b:f96d9d3c2f]. Bewaar het op je Bureaublad.
    [*:f96d9d3c2f]Sluit daarna Dr.Web Cureit.
    [*:f96d9d3c2f][b:f96d9d3c2f]Herstart[/b:f96d9d3c2f] je computer!! [i:f96d9d3c2f]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:f96d9d3c2f].
    [*:f96d9d3c2f]Na het herstarten, [b:f96d9d3c2f]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:f96d9d3c2f].
    [/list:u:f96d9d3c2f]
    plaats ook een nieuw HJT logje
  • Alle bovengenoemde stappen uitgevoerd.

    Hieronder de nieuwe files:

  • Nee ziet er goed uit zo, zet wel even je systeemherstel uit (klik op toepassen) en weer aan (klik weer op toepassen)
  • Okay, systeemherstel gereset en alles functioneerd weer naar behoren.

    Bij deze wil ik je hartelijk bedanken voor je hulp, tijd en moeite.
    Mocht ik in de toekomst nog eens op problemen stuiten, kom ik zeker bij je terug!

    Greetz, Bart

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.