Vraag & Antwoord

Beveiliging & privacy

Wie wil mijn log even checken...

13 antwoorden
  • Computer loopt af en toe vast, ben zelf niet zo'n whizzkid.. Heb tevens last van Spyware.. Logfile of HijackThis v1.99.1 Scan saved at 10:25:43, on 16-1-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\FaxTalk Communicator\FTCtrl32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\WINDOWS\system32\ghkpqfi.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\f54b3l5x\f54b3l5x.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\gearsec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\f54b3l5x\11742800.exe C:\Program Files\f54b3l5x\f54b3l5x.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Bart Boots\Local Settings\Temporary Internet Files\Content.IE5\0DEFC1UN\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cyboknwwgpitgzvn.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw1Vm_BqHriqK64noeayoPdz.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eidgqtqxgtsmsilipdt.com/1UJXaGae9QHZKQGRJq3oZV7ouyXXuGj0Zx9mt0jdfic.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {00000000-0000-4B48-91C8-0C66E254216D} - C:\Program Files\f54b3l5x\f54b3l5x.dll O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKLM\..\Run: [mlrkaq] C:\WINDOWS\system32\ghkpqfi.exe r O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ContextUninstall] C:\WINDOWS\STUninstall.exe O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/ O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Er is nogal wat mis :roll: Plaats HijackThis even in een eigen map, bijvoorbeeld C:\HijackThis Het programma maakt namelijk backups en die kunnen gemakkelijk verloren gaan als je het programma rechtstreeks vanuit de download start. Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer [b:3e94b4582e]Messenger plus[/b:3e94b4582e]. Deze is namelijk verantwoordelijk voor de LOP-infectie(Later kan je deze terug installeren, maar kies dan voor een installatie [b:3e94b4582e]zonder sponsors[/b:3e94b4582e].) Tijdens het deïnstallatieprocess wordt er gevraagd om een securitycode in te geven. Doe dit. Probeer ook via configuratiescherm -- Software de volgende programma's te deïnstalleren: [b:3e94b4582e]P2P Networking AltnetPointsManager Altnet EbatesMoeMoneyMaker ErrorSafe[/b:3e94b4582e] Herstart de computer. Maak een nieuw HijackThislog en post deze. Doe daarna ook nog even dit: Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: vindjob.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:3e94b4582e]dir %Windir%\tasks /a:h > files.txt notepad files.txt[/code:1:3e94b4582e] Dubbelklik op vindjob.bat. Er opent een kladblokbestand. Post de inhoud van dit kladblokbestand vr.gr.smeenk :wink:
  • Logfile of HijackThis v1.99.1 Scan saved at 11:58:41, on 16-1-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\gearsec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\FaxTalk Communicator\FTCtrl32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\f54b3l5x\f54b3l5x.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\f54b3l5x\11742800.exe C:\Program Files\f54b3l5x\f54b3l5x.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6pPtgq4noeayoPdz.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jongeren.volendam.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing) O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/ O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Het volume in station C heeft geen naam. Het volumenummer is 087A-B63E Map van C:\WINDOWS\tasks 16-01-2006 12:00 280 AC323E549181B128.job 08-04-2003 13:00 65 desktop.ini 16-01-2006 11:49 6 SA.DAT 3 bestand(en) 351 bytes 0 map(pen) 33.781.186.560 bytes beschikbaar
  • Download, installeer en update de free trial versie van [url=http://www.ewido.net/en/download/]Ewido Anti Malware[/url]. Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu". Als je Ewido voor de eerste keer start, zal je een foutmelding krijgen "Database could not be found!". Deze melding is normaal. Klik op "OK". In het hoofdscherm van Ewido, klik je op "Update" in het linkse menu, en vervolgens op de knop "Start update". Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan. Sluit Ewido. Laat het nog [b:39e88399d9]niet[/b:39e88399d9] scannen. Start de computer in [url=http://users.telenet.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Start hijackthis en fix deze sleutels indien nog aanwezig: [b:39e88399d9]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6pPtgq4noeayoPdz.html R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing) O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing) O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab [/b:39e88399d9] Open de Ewido Anti Malware. klik op "Scanner". Klik op "complete system scan". Laat het programma je pc scannen. Tijdens de scan zal je gevraagd worden of je de gevonden bestanden wil verwijderen. Klik dan op "OK". Als de scan beëindigd is, zal je een knop zien "Bewaar rapport". Klik op Bewaar rapport en sla het rapport op, op je bureaublad. Sluit Ewido af. Herstart de computer in normale modus en post een nieuwe Hijackthislog en de log van Ewido.
  • Had je zelf al een oplossing gevonden voor die nail-infectie? Ik zag deze namelijk in je eerste log staan en in je 2e log al niet meer. Ik had al een aantal zaken bij elkaar gezocht voor die nailfix en in de fix geplaatst, die heb ik er naderhand weer uitgehaald omdat dit niet meer nodig is. Mogelijk had je dat al gezien :wink: Open kladblok en kopieer onderstaande code in dit kladblokbestand. Sla het op als deljob.bat Kies voor opslaan als bestandstype: Alle bestanden(*.*) [code:1:0c0a6e12d0]%systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h AC323E549181B128.job del AC323E549181B128.job [/code:1:0c0a6e12d0]Dubbelklik op deljob.bat en voer daarna vindjob.bat nog een keer uit en post het resultaat. Groeten smeenk
  • Het volume in station C heeft geen naam. Het volumenummer is 087A-B63E Map van C:\WINDOWS\tasks 08-04-2003 13:00 65 desktop.ini 16-01-2006 16:56 6 SA.DAT 2 bestand(en) 71 bytes 0 map(pen) 33.774.632.960 bytes beschikbaar
  • Het vindjob logje ziet er goed uit, plaats ook de logjes van HijackThis en Ewido maar ter controle, meldt ook even of er nog problemen zijn :wink: Groeten smeenk
  • Logfile of HijackThis v1.99.1 Scan saved at 18:13:13, on 16-1-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\FaxTalk Communicator\FTCtrl32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\system32\gearsec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6pPtgq4noeayoPdz.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jongeren.volendam.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing) O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/ O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe EWIDO --------------------------------------------------------- ewido anti-malware - Scan rapport --------------------------------------------------------- + Gemaakt op: 18:08:57, 16-1-2006 + Rapport samenvatting: 2FF4C9 + Scan resultaten: C:\Documents and Settings\Bart Boots\Cookies\bart boots@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wfmygid5adq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wgkyegcpicq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wjkoqic5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wjkouhc5ogp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wjlyclajkaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@estat[1].txt -> Spyware.Cookie.Estat : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@images.lop[1].txt -> Spyware.Cookie.Lop : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@perf.overture[1].txt -> Spyware.Cookie.Overture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@www.etracker[2].txt -> Spyware.Cookie.Etracker : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@www.lop[1].txt -> Spyware.Cookie.Lop : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Cookies\bart boots@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\D3860\boncpar.exe -> Hijacker.Small.hy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\DrTemp\mm_reco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\fSGfeSR.exe -> Downloader.IstBar : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\GVR\aurareco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\satmat.cab/satmat.exe -> Downloader.Stubby.d : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\satmat.exe -> Downloader.Stubby.d : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\ssd23.exe -> Downloader.Dluca : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI2E5D.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI2E5D.tmp\farmmext.exe -> Spyware.ConsCorr : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI4005.tmp\zserv.cab/ZServ.dll -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI4005.tmp\ZServ.dll -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\multimpp.cab/multimpp.dll -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\multimpp.cab/preInMPP.exe -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\multimpp.dll -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\preInMPP.exe -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI6537.tmp\polall1r.exe -> Downloader.Agent.ae : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI7BFE.tmp\polall1r.exe -> Downloader.Agent.ae : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\TMP96D.tmp -> Downloader.Agent.ae : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\TMP96E.tmp -> Downloader.Agent.ae : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\tmpD.tmp -> Downloader.Crypt : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\WZP\aurareco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temporary Internet Files\Content.IE5\WPIN4TQR\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Schoongemaakt met een backup C:\Documents and Settings\Bart Boots\Local Settings\Temporary Internet Files\Content.IE5\XZFJDTKE\boncpar[1].exe -> Hijacker.Small.hy : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@66.220.17[2].txt -> Spyware.Cookie.66.220.17.154 : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@image.masterstats[2].txt -> Spyware.Cookie.Masterstats : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup C:\Documents and Settings\Gast\Cookies\gast@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temp\DrTemp\aurora.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temp\DrTemp\mm_reco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temp\nsiA2.exe -> Downloader.Agent.bh : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temp\ULK\aurareco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\A8E57XW0\Poller[1].exe -> Trojan.Poler.a : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\A8E57XW0\svcproc[1].exe -> Spyware.Hijacker.Generic : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\VYSBJHOX\wmf_exp[1].wmf -> Exploit.MS05-053-WMF : Schoongemaakt met een backup C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\X8W3T9KD\ErrorSafeScannerInstall_nl[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Schoongemaakt met een backup C:\Program Files\altnet -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cran.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\dbx.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\docfile.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\html.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\java.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\jpeg.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\jpeg.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_w95.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mso.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\na.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\na.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\nelf.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\rup.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sdx.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sfx.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\unpack.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\unpack.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup C:\Program Files\Common Files\cdardccn\catnleltaa\hrnljnnfl.exe -> Adware.Gator : Schoongemaakt met een backup C:\Program Files\Common Files\cdardccn\eblnanlp\ppnnjnhj.exe -> Adware.Gator : Schoongemaakt met een backup C:\Program Files\f54b3l5x\dp1ywmai.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\f54b3l5x1\f54b3l5x1.dll -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\f54b3l5x1\f54b3l5x1.exe -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\k93pp6e4.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\km9lqs7w.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\pv2m7fyb.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\xnqmk2tu.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\f54b3l5x\ydagjo3e.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup C:\Program Files\Internet Explorer\iexplorer.exe -> Downloader.Crypt : Schoongemaakt met een backup C:\RECYCLER\S-1-5-21-1060284298-1214440339-839522115-1004\Dc21.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\WINDOWS\preInMPP.exe -> Spyware.BiSpy : Schoongemaakt met een backup C:\WINDOWS\system32\drivers\erssdd.sys -> Trojan.Rootkit.Agent.af : Schoongemaakt met een backup C:\WINDOWS\system32\egdhtml_1021.dll -> Dialer.Generic : Schoongemaakt met een backup C:\WINDOWS\system32\egdial.dll -> Dialer.Generic : Schoongemaakt met een backup C:\WINDOWS\system32\oouqkykh.exe -> Downloader.Dluca.x : Schoongemaakt met een backup C:\WINDOWS\system32\stmtreco.exe -> Adware.BetterInternet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Schoongemaakt met een backup C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Schoongemaakt met een backup ::Einde rapport
  • Er is al flink wat opgeruimd, al heb ik de indruk dat het nog niet helemaal goed gaat. 1. Schakel TeaTimer eens uit, deze kan bepaalde wijzigingen die we met HijackThis doen tegenhouden/ongedan maken. 2. Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url]. Gebruik het programma nog niet. 3. Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.[url=http://users.telenet.be/marcvn/spyware/1117602.htm] Hoe verborgen bestanden en mappen weergeven[/url]. Haal ook het vinkje weg bij: "Bestandsextensies verbergen voor bekende bestandstypes". Dit bevestigen met "OK". 4. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. 5. Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels: [b:65ce8e0e6b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6p Ptgq4noeayoPdz.html R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing) O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing) O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing) O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing) O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe" O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab[/b:65ce8e0e6b] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. 6. Zoek met je verkenner de volgende mappen en/of bestanden(vetgedrukt) en verwijder deze indien ze aanwezig zijn: C:\PROGRA~1\[b:65ce8e0e6b]ELSEBI~1[/b:65ce8e0e6b]\ <= deze map C:\Program Files\[b:65ce8e0e6b]CSBB[/b:65ce8e0e6b]\ <= deze map C:\DOCUME~1\BARTBO~1\APPLIC~1\[b:65ce8e0e6b]ELSEBI~1[/b:65ce8e0e6b]\ <= deze map C:\Program Files\Common Files\[b:65ce8e0e6b]cdardccn[/b:65ce8e0e6b]\ <= deze map C:\Program Files\[b:65ce8e0e6b]f54b3l5x[/b:65ce8e0e6b]\ <= deze map C:\WINDOWS\[b:65ce8e0e6b]Temp[/b:65ce8e0e6b]\ <= deze map niet verwijderen maar helemaal leeg maken C:\Program Files\Common Files\[b:65ce8e0e6b]GMT[/b:65ce8e0e6b]\ <= deze map c:\windows\system32\[b:65ce8e0e6b]sncntr.exe[/b:65ce8e0e6b] c:\windows\system32\[b:65ce8e0e6b]sp2ctr.exe[/b:65ce8e0e6b] C:\Program Files\[b:65ce8e0e6b]TV Media[/b:65ce8e0e6b]\ <= deze map c:\windows\system32\[b:65ce8e0e6b]evthtm.exe[/b:65ce8e0e6b] C:\Documents and Settings\All Users\Application Data\[b:65ce8e0e6b]fork16cdromclock[/b:65ce8e0e6b]\ <= deze map C:\Program Files\[b:65ce8e0e6b]EbatesMoeMoneyMaker4[/b:65ce8e0e6b]\ <= deze map C:\Documents and Settings\All Users\Application Data\[b:65ce8e0e6b]Part show cdrom test[/b:65ce8e0e6b]\ <= deze map C:\DOCUME~1\BARTBO~1\APPLIC~1\[b:65ce8e0e6b]IDOLAC~1[/b:65ce8e0e6b]\ <= deze map 7. [b:65ce8e0e6b]Tip bij het gebruik van Ccleaner:[/b:65ce8e0e6b] Ccleaner verwijdert ook cookies. Cookies zijn meestal gewoon nutteloos, soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites. Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt. Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte. Klik daarna op de knop "Opschonen". 8. Herstart de computer in normale modus. 9. Doe een online scan via [url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm]Panda's online virus scan[/url]. Krijg je de mogelijkheid om een logje op te slaan dan doe je dit. 10. Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle en post ook het logje van Panda. Groeten smeenk :)
  • Logfile of HijackThis v1.99.1 Scan saved at 11:20:28, on 18-1-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\FaxTalk Communicator\FTCtrl32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\gearsec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxaggtgpyimzaei.biz/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw2eTMk4XymMTa4noeayoPdz.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jongeren.volendam.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/ O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Panda virus scan Incident Status Location Adware:adware/twain-tech Not disinfected C:\WINDOWS\SYSTEM32\polall1m.exe Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Bart Boots\Application Data\tvmcwrd.dll Adware:adware/ipinsight Not disinfected C:\WINDOWS\INF\polall1r.inf Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\satmat.inf Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys Adware:adware/gator Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU START\PROGRAMMA'S\GAIN Publishing Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Lycos Spyware:spyware/dluca Not disinfected Windows Registry Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} Spyware:spyware/altnet Not disinfected Windows Registry Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Bart Boots\Cookies\bart boots@stat.onestat[2].txt Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\16 memo 2 regs.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\aaulkskf.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\actqneag.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\aeuspchi.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\asepzvrn.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bdjytywo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bivvghsj.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bjjvactg.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bljpcnak.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bpjichzh.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bwlagjpe.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bxzivjyq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ccytarjq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\clvnqvew.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\cnerrllm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\crefxvvv.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\cvnvziin.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dfwdwkgo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dmvehtux.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\drlkiied.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dvebdzpd.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dwmnotut.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dybzbezo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ehhbcyjq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\eibfhouz.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\epkldruc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\eswyiqen.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\excqdvsj.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ezbbgeyb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\frloxunw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\fvsyynyl.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\gioejcxy.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\gurexoie.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\heqlhadf.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\hissuals.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\Hold Each Cast.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\hpxxdjui.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\hwilpvxe.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\icddyazq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ijngmntr.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ikjlnjts.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\iousuejl.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\itqcovjk.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\iyzujspt.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\jcvtxrgh.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\jjfaknei.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\jmsjvkoi.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\junqfrcw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kdujlkbp.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kpcpmrwu.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kvjnedxl.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kzkbvxcv.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lfsgwdoy.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lhsypheb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lhxjgppm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ljywhlob.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lrqegizw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lueunvjq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\luijaohr.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lwivykzc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lxnpnhzk.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mbrnpdfb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mctpassc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\meahzryt.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mfjpewhb.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\midnyrcp.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mkcpcqzk.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mpakqsqy.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mqdtnihl.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mqowcptv.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mtnybtwm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ndpsnkhy.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\nfzkpeaq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\njycbqde.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\nxwkwexs.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\obfkwthn.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\okacxbie.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ordzxijw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\oufyykgz.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\pelrnncp.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\pjiutvhd.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qdbywagc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qidmzsfx.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qlolkfgu.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qotdzgry.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qotxzkfd.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qpmdpnpq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qqufczbo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qtmzxqhu.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qywrijxe.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qzozgazu.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rbbvqimh.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\riscfwzq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rjschrux.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rpmmwmab.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rszkexns.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\scgtbhvy.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\slakgcsj.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\snjsfamc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\snuyhdco.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\Softdefyknob.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\sqhomtbj.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\svuwizny.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tevvjqtm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tqvckyxn.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tqwrrxme.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tvgkjlis.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tvilwhym.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\uadpchoc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\uvwblzud.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vafhzlxr.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vazjfvhk.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vnyobvae.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vvjymybd.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\waqgoeyo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\wbsfguna.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\wykalbqw.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\xcybdubm.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\xjnlrrxo.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\xmumrpiq.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ymgrmwsa.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\zdqmuzfv.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\zyafhbjp.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\zzupqikr.exe Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Bart Boots\Cookies\bart boots@stat.onestat[2].txt Adware:Adware/Lop Not disinfected C:\Documents and Settings\Gast\Application Data\Idol active\Hold Each Cast.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Gast\Application Data\Idol active\ryjdsufc.exe Adware:Adware/Lop Not disinfected C:\Documents and Settings\Gast\Application Data\Idol active\Softdefyknob.exe Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@888[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@888[2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gast\Cookies\gast@adopt.hbmediapro[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gast\Cookies\gast@adultfriendfinder[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Gast\Cookies\gast@apmebf[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gast\Cookies\gast@belnk[1].txt Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Gast\Cookies\gast@btg.btgrab[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Gast\Cookies\gast@cassava[1].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Gast\Cookies\gast@ccbill[1].txt Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Gast\Cookies\gast@cliks[1].txt Spyware:Cookie/Belnk Not dis
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxaggtgpyimzaei.biz/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw2eTMk4XymMTa4noeayoPdz.html je hebt waarschijnlijk msn messenger met sponsors geinstalleerd de lop infectie komt daar vandaan je hebt nog meer troep erop zitten laat een goed expert er verder naar kijken voor je iets doet de regel die ik aan gaf is niet de enige die verkeerd is
  • Het wordt al beter :) Zoek de volgende mappen(vetgedrukt) eens op en verwijder deze: C:\Documents and Settings\Bart Boots\Application Data\[b:38939ce39f]Idol active[/b:38939ce39f]\ C:\Documents and Settings\Bart Boots\Application Data\[b:38939ce39f]Lycos[/b:38939ce39f]\ C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU START\PROGRAMMA'S\[b:38939ce39f]GAIN Publishing[/b:38939ce39f]\ Probeer daarna de volgende bestanden(vetgedrukt) te vinden en te verwijderen: C:\WINDOWS\SYSTEM32\[b:38939ce39f]polall1m.exe[/b:38939ce39f] C:\Documents and Settings\Bart Boots\Application Data\[b:38939ce39f]tvmcwrd.dll[/b:38939ce39f] C:\WINDOWS\INF\[b:38939ce39f]polall1r.inf[/b:38939ce39f] C:\WINDOWS\INF\[b:38939ce39f]satmat.inf[/b:38939ce39f] C:\WINDOWS\[b:38939ce39f]smdat32a.sys[/b:38939ce39f] Maak daarna je prullenbak leeg. Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels: [b:38939ce39f]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxaggtgpyimzaei.biz/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw2eTMk4XymMTa4noeayoPdz.html O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing)[/b:38939ce39f] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer, plaats een nieuw log en plaats deze ter controle. Doe eventueel opnieuw een Panda online scan en post dit logje ook. Groeten smeenk :wink:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.