Update eerst je Hijackthis. Je gebruikt een oude versie.

Zorg dat alle verborgen bestanden weergegeven worden.

Start de computer in veilige modus.

Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
[b:2ca496f83b]
R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data\nerh.exe
O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe

[/b:2ca496f83b]

Verwijder de volgende bestanden indien aanwezig:
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\system32\ledldpc.exe
C:\WINDOWS\system32\mstrups.exe
C:\WINDOWS\system32\resman3.exe
C:\WINDOWS\system32\ryptbg.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\System32\tibs3.exe

Verwijder de volgende mappen indien aanwezig:
C:\Program Files\DeskAd Service


Reboot de computer, run HijackThis opnieuw en post een nieuwe log.

Wat vage problemen zoals niet af willen sluiten en een lastige bridge.dll
Vast bedankt

:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\WINDOWS\ewupdater.exe
C:\temp\salm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kees\Application Data\nerh.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\System32\?ttrib.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Utils\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data\nerh.exe
O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab

In [b:427e2300d4]veilige modus[/b:427e2300d4] scannen met een geupdate Ad-aware SE.
Instructies vind je hier: http://users.telenet.be/marcvn/spyware/1414188.htm

Rebooten en een nieuwe hijackthislog maken. Post je volledige log.

Okay bedankt ga ik morgen proberen. (is de pc van mijn buurman en die is nu weg)

[quote:aefb30424d="jgbteg"]Okay bedankt ga ik morgen proberen. (is de pc van mijn buurman en die is nu weg)[/quote:aefb30424d]

Okay opdracht uitgevoerd. en hier is de nieuwe log

Logfile of HijackThis v1.98.2
Scan saved at 16:41:11, on 20-1-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\WINDOWS\ewupdater.exe
C:\temp\salm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kees\Application Data\nerh.exe
C:\WINDOWS\System32\?ttrib.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Utils\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {72DBB5AF-D70C-6C2D-B9A1-19F8F6922590} - C:\WINDOWS\system32\ledldpc.exe (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {89514465-D8F7-A97F-D11F-8C1D8A1840C2} - C:\WINDOWS\System32\xrymcw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKLM\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKLM\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CA20BFFB] C:\WINDOWS\system32\ledldpc.exe
O4 - HKCU\..\Run: [9B713B6B] C:\WINDOWS\system32\mstrups.exe
O4 - HKCU\..\Run: [9C8B96EE] C:\WINDOWS\system32\resman3.exe
O4 - HKCU\..\Run: [F10F1AD6] C:\WINDOWS\system32\ryptbg.exe
O4 - HKCU\..\Run: [Ipoi] C:\Documents and Settings\Kees\Application Data\nerh.exe
O4 - HKCU\..\Run: [Oheg] C:\WINDOWS\System32\?ttrib.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab

Ok alles uitgevoerd en ook de nieuwe hijack gedownload en hier is de logfile
En heel erg bedankt de pc loopt gelijk een stuk sneller.


Logfile of HijackThis v1.99.0
Scan saved at 17:33:28, on 20-1-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\Kees\Local Settings\Temp\Tijdelijke map 2 voor hijackthisnew.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Deze fixen:
[b:678e88d73e]
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile

O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
[/b:678e88d73e]

Download dit regfiletje.
Unzip het, dubbelklik op navifix.reg en laat de wijzigingen aan je register toevoegen.

Verwijder in veilige modus dit bestand:
c:\windows\system32\twink64.exe

Herstart de computer en plaats een nieuwe hijackthislog.