Hallo,

weet iemand hoe ik dit virus kan verwijderen?
Het is de Trojan.Startpage en het volgende bestandje is geinfecteerd: mleefa.dll
Dit bestandje bevind zich in de System32 folder…
Met Norton Antivirus en in veilige modus verwijderen wil ook niet lukken.

Iemand een idee, ik hoor het graag

alvast bedankt,

Bart

Dit is mijn Hijack Log:

Logfile of HijackThis v1.99.0
Scan saved at 14:01:16, on 6-2-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\byvcxhrv.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\otvrhi.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\temp\salm.exe
C:\Program Files\Tevp\Jofbx.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.swrlytwwntpdrvyzycrdvf.com/3mjv_fDUOVWvejvmqF2rXSIJgB/VtghfLrG8hSb4es3Zwwt9retf0t1BYxdYRvPh.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\EXPERT~1.TEW\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {2DC39E9A-1494-61F5-2011-E389146CF004} - C:\DOCUME~1\EXPERT~1.TEW\APPLIC~1\POKELI~1\shim 4.exe
O2 - BHO: (no name) - {32F144C7-7504-420F-A9FD-C29D403C9AB8} - C:\WINDOWS\System32\mleefa.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pinkfqkeishh] C:\WINDOWS\System32\byvcxhrv.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CO2vdym] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [ajercv] C:\WINDOWS\ajercv.exe
O4 - HKLM\..\Run: [CO2vdymú"ü‰üžigÝY] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [Swrswf] C:\Program Files\Tevp\Jofbx.exe
O4 - HKLM\..\Run: [¢‰¸K0¨4W
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [one bat bias support] C:\Documents and Settings\All Users\Application Data\Nurb Team One Bat\Mess Bash.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [amen new] C:\DOCUME~1\EXPERT~1.TEW\APPLIC~1\THATBU~1\junkproc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx3.advnt01.com/dialer/olanda_ver3.CAB
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
O18 - Filter: text/html - {65ABE7A8-88AC-4D49-BD29-02C74EC22900} - C:\WINDOWS\System32\mleefa.dll
O18 - Filter: text/plain - {65ABE7A8-88AC-4D49-BD29-02C74EC22900} - C:\WINDOWS\System32\mleefa.dll
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Zorg dat alle verborgen bestanden weergegeven worden.

Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
Web_rebates
Spyware Vanisher
Messengerplus


Start de computer in veilige modus.

Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
[b:1c5452c6f0]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.swrlytwwntpdrvyzycrdvf.com/3mjv_fDUOVWvejvmqF2rXSIJgB/VtghfLrG8hSb4es3Zwwt9retf0t1BYxdYRvPh.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\EXPERT~1.TEW\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {2DC39E9A-1494-61F5-2011-E389146CF004} - C:\DOCUME~1\EXPERT~1.TEW\APPLIC~1\POKELI~1\shim 4.exe
O2 - BHO: (no name) - {32F144C7-7504-420F-A9FD-C29D403C9AB8} - C:\WINDOWS\System32\mleefa.dll

O4 - HKLM\..\Run: [pinkfqkeishh] C:\WINDOWS\System32\byvcxhrv.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CO2vdym] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [ajercv] C:\WINDOWS\ajercv.exe
O4 - HKLM\..\Run: [CO2vdymú"ü‰üžigÝY] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [Swrswf] C:\Program Files\Tevp\Jofbx.exe
O4 - HKLM\..\Run: [¢‰¸K0¨4W
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [one bat bias support] C:\Documents and Settings\All Users\Application Data\Nurb Team One Bat\Mess Bash.exe

O4 - HKCU\..\Run: [amen new] C:\DOCUME~1\EXPERT~1.TEW\APPLIC~1\THATBU~1\junkproc.exe

O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx3.advnt01.com/dialer/olanda_ver3.CAB
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab

O18 - Filter: text/html - {65ABE7A8-88AC-4D49-BD29-02C74EC22900} - C:\WINDOWS\System32\mleefa.dll
O18 - Filter: text/plain - {65ABE7A8-88AC-4D49-BD29-02C74EC22900} - C:\WINDOWS\System32\mleefa.dll


[/b:1c5452c6f0]

Verwijder de volgende bestanden indien aanwezig:
C:\WINDOWS\System32\byvcxhrv.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\otvrhi.exe
c:\temp\salm.exe
C:\WINDOWS\System32\mleefa.dll

Verwijder de volgende mappen indien aanwezig:
C:\DOCUME~1\EXPERT~1.TEW\APPLIC~1\POKELI~1
C:\Program Files\Web_Rebates
C:\Program Files\Tevp
C:\Program Files\ISTsvc
C:\DOCUME~1\EXPERT~1.TEW\APPLIC~1\THATBU~1
C:\Program Files\DeskAd Service
C:\spywarevanisher-free
Reboot de computer, run HijackThis opnieuw en post een nieuwe log.

Download vindjob.zip: http://users.telenet.be/marcvn/tools/vindjob.zip
Unzip het naar je bureaublad, dubbelklik op vindjob.bat.
Er opent een kladblokbestand. Post de inhoud van dit bestand ook.

Alvast bedankt voor zover

Mijn Hijack log:

Logfile of HijackThis v1.99.0
Scan saved at 16:20:55, on 6-2-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {32F144C7-7504-420F-A9FD-C29D403C9AB8} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otvrhi.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

En dan nog de log van vindjob:

De volumenaam van station C is ACER
Het volumenummer is 0614-15F2

Map van C:\WINDOWS\tasks

11-06-2003 23:32 <DIR> .
11-06-2003 23:32 <DIR> ..
07-09-2001 20:00 65 desktop.ini
06-02-2005 16:19 6 SA.DAT
06-02-2005 15:00 260 AA844D1E9183C146.job
03-02-2005 04:39 392 Symantec NetDetect.job
31-01-2005 20:21 444 Norton SystemWorks One Button Checkup.job
31-01-2005 20:39 508 Norton AntiVirus - Mijn computer scannen.job
06-02-2005 15:00 304 A8D70D28919C8364.job
7 bestand(en) 1.979 bytes

Map van C:\Documents and Settings\Expert H. te Winkel\Bureaublad

Messengerplus heb je niet gedeïnstalleerd?
Dit doe je best eerst.

Open een kladblokbestand. Kopieer onderstaande code in dit kladblokbestand en sla het op als deljob.bat

[code:1:d180db2278]
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h AA844D1E9183C146.job
del AA844D1E9183C146.job
[/code:1:d180db2278]
Start de computer in veilige modus.
Dubbelklik op deljob.bat

Start Hijackthis en fix deze:
[b:d180db2278]
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {32F144C7-7504-420F-A9FD-C29D403C9AB8} - (no file)
[/b:d180db2278]
Start de computer in normale modus.
Ga naar start - Uitvoeren.
Geef in (gebruik best de copy/paste functie):
[code:1:d180db2278]
regedit /e c:\hklmkey.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"[/code:1:d180db2278]
Klik op OK.

Zoek het volgende bestand: c:\hklmkey.reg
Mail me dat bestand door: marckieATbluemedicine.be (AT vervang je door @)
Zet in je mail een link naar dit topic.

oke, heb alles gedaan.

ready for the next step

Downloaden en unzippen: http://users.telenet.be/marcvn/temp/fixbart.zip

Start de computer in veilige modus, dubbelklikken op bartfix.reg en de wijzigen laten toevoegen aan je register.
Herstarten in normale modus, maak een nieuwe hijackthislog en post deze.

De nieuwe log:

Logfile of HijackThis v1.99.0
Scan saved at 20:51:51, on 6-2-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Deze nog fixen:
[b:3efa45d5e9]O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab[/b:3efa45d5e9]

Als alle problemen opgelost zijn doe je het volgende:

Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%.
Selecteer alle bestanden in deze map en verwijder ze.

Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.

Maak je Prullenbak leeg.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Systeemherstel uitschakelen.

Bezoek regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

Installeer ook SpywareBlaster en Spywareguard.
Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

prima, hartstikke bedankt!

groeten,

Bart