Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

desktop veranderd

None
14 antwoorden
  • via een rare site heb ik allemaal virussen en trojans opgelopen, hele pc sloeg op hol, nu is mijn desktop anders en kan mijn virus scanner niks vinden, ook met spybot en adware helpt het niet,

    zit met een rare witte vlek op mijn desktop, als ik er op rechtsklik geeft hij aan dat het een html document is
    iemand bekend met het probleem?
  • Het zou een variant van smitfraud kunnen zijn, dit is namelijk een veel voorkomende desktophijacker.

    Het beste kan je even een log van HijackThis plaatsen, dat geeft namelijk meer informatie over wat er allemaal op je systeem mis is.

    Lees even in de FAQ Spyware hoe dit moet :wink:
  • ik heb de logfile ermaar even bij gedaan, ziet iemand iets verdachts waardoor mijn desktop veranderd is?

    Logfile of HijackThis v1.99.1
    Scan saved at 9:08:25 AM, on 9/30/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
    C:\PROGRA~1\MICROS~2\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\slrundll.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\WINDOWS\System32\wpabaln.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Documents and Settings\snuffel\My Documents\hijackthis\hijackthis-1\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm#IDxMS;230905;
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupsNuker:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNACLE\PPE\ppe.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WheelsMouse] "C:\DOCUME~1\snuffel\LOCALS~1\Temp\E.scr" /S
    O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXUS_ZSzeb029
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O15 - Trusted Zone: http://www.2fast4ucomputers.nl
    O15 - Trusted Zone: http://www.adslpostcodecheck.nl
    O15 - Trusted Zone: http://www.allebatterijen.nl
    O15 - Trusted Zone: http://www.tickets.athens2004.com
    O15 - Trusted Zone: http:/
    eiseauskunft.bahn.de
    O15 - Trusted Zone: http://www.bmw.be
    O15 - Trusted Zone: http://www.bmw.nl
    O15 - Trusted Zone: http://ecom.bmwgroup.com
    O15 - Trusted Zone: http://www.computertotaal.nl
    O15 - Trusted Zone: http://www.debeurs.nl
    O15 - Trusted Zone: http://mail.easy.com
    O15 - Trusted Zone: http://cgi.ebay.nl
    O15 - Trusted Zone: http://cgi3.ebay.nl
    O15 - Trusted Zone: http://cgi5.ebay.nl
    O15 - Trusted Zone: http://messenger.msn.nl
    O15 - Trusted Zone: http://www.nokia.com
    O15 - Trusted Zone: http://www.nrc.nl
    O15 - Trusted Zone: http://www.online.o2.nl
    O15 - Trusted Zone: http://antivirus.pagina.nl
    O15 - Trusted Zone: http://coffeeshop.pagina.nl
    O15 - Trusted Zone: http://divx.pagina.nl
    O15 - Trusted Zone: http://*.www.ad.nl
    O15 - Trusted Zone: http://*.www.di.fm
    O15 - Trusted Zone: http://www.xquis.com
    O15 - Trusted Zone: http://www.zonnet.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/HOL
    undum.6.5.0.11.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
    O20 - Winlogon Notify: style2 - C:\WINDOWS\q287102_disk.dll
    O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\bgjgjmqq.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


  • Waarschijnlijk is dit -C:\WINDOWS\system32\lsass.exe- het probleem.

    kijk hier eens voor informatie:

    http://www.computing.net/windowsnt/wwwboard/forum/22203.html

    http://www.liutilities.com/products/wintaskspro/processlibrary/isass/
  • [quote:e29c27f85e="Rinetteke"]Waarschijnlijk is dit -C:\WINDOWS\system32\lsass.exe- het probleem.

    kijk hier eens voor informatie:

    http://www.computing.net/windowsnt/wwwboard/forum/22203.html

    http://www.liutilities.com/products/wintaskspro/processlibrary/isass/[/quote:e29c27f85e]Nee dat is niet het probleem, er staat namelijk geen issas.exe met de hoofdletter "I" maar lssas.exe met de kleine variant van de letter "L" :wink:
    Dit proces is dus legitiem:[quote:e29c27f85e]Description:
    lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies.[/quote:e29c27f85e]Doe het volgende maar eens:

    Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
    Plaats het op je bureaublad en dubbelklik op win32delfkil.exe om het te installeren.
    Er wordt een map op je bureaublad geplaatst: win32delfkil.
    sluit alle open vensters en alle bestanden die open staan.
    Open de map win32delfkil en dubbelklik op fix.bat.
    De computer zal herstarten.

    Plaats HijackThis.exe in een eigen map. Bijvoorbeeld in C:\HijackThis
    Start HijackThis vanuit die map en maak een nieuwe log en plaats die in een nieuw bericht(er zitten namelijk nog meer problemen in je log)

    Groeten smeenk :wink:
  • bij deze, echter desktop is nog steeds vreemd
    zie
    http://www.jeroenjonker.nl/desktop.JPG

    Logfile of HijackThis v1.99.1


    Scan saved at 12:47:53 PM, on 9/30/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\DOCUME~1\snuffel\LOCALS~1\Temp\E.scr
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\MICROS~2\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\slrundll.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Documents and Settings\snuffel\My Documents\hijackthis\hijackthis-1\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ed.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupsNuker:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNACLE\PPE\ppe.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WheelsMouse] "C:\DOCUME~1\snuffel\LOCALS~1\Temp\E.scr" /S
    O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXUS_ZSzeb029
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O15 - Trusted Zone: http://www.2fast4ucomputers.nl
    O15 - Trusted Zone: http://www.adslpostcodecheck.nl
    O15 - Trusted Zone: http://www.allebatterijen.nl
    O15 - Trusted Zone: http://www.tickets.athens2004.com
    O15 - Trusted Zone: http:/
    eiseauskunft.bahn.de
    O15 - Trusted Zone: http://www.bmw.be
    O15 - Trusted Zone: http://www.bmw.nl
    O15 - Trusted Zone: http://ecom.bmwgroup.com
    O15 - Trusted Zone: http://www.computertotaal.nl
    O15 - Trusted Zone: http://www.debeurs.nl
    O15 - Trusted Zone: http://mail.easy.com
    O15 - Trusted Zone: http://cgi.ebay.nl
    O15 - Trusted Zone: http://cgi3.ebay.nl
    O15 - Trusted Zone: http://cgi5.ebay.nl
    O15 - Trusted Zone: http://pages.ebay.nl
    O15 - Trusted Zone: http://signin.ebay.nl
    O15 - Trusted Zone: http://*.go.to
    O15 - Trusted Zone: http://www.hslzuid.nl
    O15 - Trusted Zone: http://www.huurautos.nl
    O15 - Trusted Zone: http://bloomingdale.id-t.com
    O15 - Trusted Zone: http://www.interngeheugen.com
    O15 - Trusted Zone: http://www.iwannadate.nl
    O15 - Trusted Zone: http://www.klm.com
    O15 - Trusted Zone: http://www.lets-get-stoned.nl
    O15 - Trusted Zone: http://www.map24.com
    O15 - Trusted Zone: http://www.marijuana.nl
    O15 - Trusted Zone: http://us.mcafee.com
    O15 - Trusted Zone: http://www.mordax.nl
    O15 - Trusted Zone: http://messenger.msn.nl
    O15 - Trusted Zone: http://www.nokia.com
    O15 - Trusted Zone: http://www.nrc.nl
    O15 - Trusted Zone: http://www.online.o2.nl
    O15 - Trusted Zone: http://antivirus.pagina.nl
    O15 - Trusted Zone: http://coffeeshop.pagina.nl
    O15 - Trusted Zone: http://divx.pagina.nl
    O15 - Trusted Zone: http://oekraine.pagina.nl
    O15 - Trusted Zone: http://startpagina3.pagina.nl
    O15 - Trusted Zone: http://www.raptile.net
    O15 - Trusted Zone: http://www.shoutcast.com
    O15 - Trusted Zone: http://www.speedsuite.net
    O15 - Trusted Zone: gsm.stichtinginternetverkopen.nl
    O15 - Trusted Zone: http://gsm.stichtinginternetverkopen.nl
    O15 - Trusted Zone: http://java.sun.com
    O15 - Trusted Zone: http://www.t-mobile.nl
    O15 - Trusted Zone: http://www.viavia.nl
    O15 - Trusted Zone: http://www.virgin-atlantic.com
    O15 - Trusted Zone: http://www.vliegwinkel.nl
    O15 - Trusted Zone: http://www.worldwinner.com
    O15 - Trusted Zone: http://*.www.ad.nl
    O15 - Trusted Zone: http://*.www.di.fm
    O15 - Trusted Zone: http://www.xquis.com
    O15 - Trusted Zone: http://www.zonnet.nl
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/HOL
    undum.6.5.0.11.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
    O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\bgjgjmqq.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe



  • Wat mij opvalt, is dat het aantal sites in de trusted zone gegroeid is sinds de vorige keer. Mogelijk is er iets helemaal mis met de beveiligingsinstellingen van MSIE.
  • ik heb wat meuk weggegooid maar t helpt nog niet veel 8-(

    Logfile of HijackThis v1.99.1
    Scan saved at 1:02:50 PM, on 9/30/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\DOCUME~1\snuffel\LOCALS~1\Temp\E.scr
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\MICROS~2\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\slrundll.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\snuffel\My Documents\hijackthis\hijackthis-1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupsNuker:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNACLE\PPE\ppe.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WheelsMouse] "C:\DOCUME~1\snuffel\LOCALS~1\Temp\E.scr" /S
    O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O15 - Trusted Zone: http://*.go.to
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
    O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\bgjgjmqq.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • Heb je al gedaan wat smeenk je aanraadde? In het wilde weg zomaar dingen gaan weggooien is nooit een goed idee.
  • Ik heb het niet gecontroleerd wat je allemaal gefixt hebt, ik neem aan dat je niets legitiems verwijderd hebt?
    Als je in het wilde weg gaat fixen valt dat gelukkig niet onder mijn verantwoording.

    1. Download smitRem.exe.
    Pak alle bestanden uit op je bureaublad.

    2. Download, installeer en update de free trial versie van Ewido Security Suite.

    Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
    Als je Ewido voor de eerste keer start, zal je een foutmelding krijgen "Database could not be found!". Deze melding is normaal. Klik op "OK".
    In het hoofdscherm van Ewido, klik je op "Update" in het linkse menu, en vervolgens op de knop "Start update".
    Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
    Sluit Ewido. Laat het nog [b:ebf65c7ab7]niet[/b:ebf65c7ab7] scannen.


    3. Start je computer op in veilige modus. Kijk hier hoe dat moet.

    4. Run HijackThis nog een keer en plaats een vinkje bij de volgende items:
    [b:ebf65c7ab7]R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [WheelsMouse] "C:\DOCUME~1\snuffel\LOCALS~1\Temp\E.scr" /S
    O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
    O15 - Trusted Zone: http://*.go.to
    O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\bgjgjmqq.dll[/b:ebf65c7ab7]
    Sluit alle open vensters(behalve HijackThis)
    Klik daarna op "Fix checked" en sluit HijackThis af.


    5. Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
    Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
    Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.
    Nadien zal je Windows uiterlijk waarschijnlijk veranderd zijn in de zogenaamde "Klassieke stijl". Dit kan je zelf weer terug veranderen naar de "XP-stijl".

    6. Open Ewido Security Suite.
    klik op "Scanner".
    Klik op "complete system scan".
    Laat het programma je pc scannen.

    Tijdens de scan zal je gevraagd worden of je de gevonden bestanden wil verwijderen. Klik dan op "OK".
    Als de scan beëindigd is, zal je een knop zien "Bewaar rapport".
    Klik op Bewaar rapport en sla het rapport op, op je bureaublad.
    Sluit Ewido af.

    7. Ga naar Start - Configuratiescherm - Beeldscherm - tabblad Bureaublad - klik op de knop "Bureaublad aanpassen" - tabblad Website. Haal indien nog aanwezig het vinkje weg bij "Security Info".

    8. Herstel je webinstellingen: Ga naar Configuratiescherm –> Internetopties –> tabblad Programma's.
    Klik op de "Webinstellingen herstellen".

    9. Doe ook het volgende eens:
    Ga naar Configuratiescherm –> Internet-opties –> kies voor de tab "Beveiliging" –> stel voor alle zones het "Standaardniveau" opnieuw in(knop "Standaardniveau" aanklikken en bevestigen met OK)

    10. Ga naar: Configuratiescherm –> Internet-opties –> Privacy en zet de schuifregelaar voor de instellingen met betrekking tot het toestaan van Cookies op "Normaal".

    11. Maak je Temp-map leeg: Start – Uitvoeren tik in: %TEMP%
    Selecteer alles wat daar staat en verwijder deze.

    12. Ledig de map met Tijdelijke internetbestanden: Ga naar Configuratiescherm – Internetopties – tabblad Algemeen – klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.

    13. Herstart daarna je computer in normale modus.

    14. Doe een online scan via Panda's online virus scan.
    Krijg je de mogelijkheid om dit logje op te slaan dan doe je dit.

    15. Herstart De computer nogmaals.
    Maak een nieuw HijackThislog en post deze.
    Post ook het rapport (logje) van Ewido.
    Zoek naar c:\smitfiles.txt en post de inhoud van dit bestand ook.
    Post ook het logje van de online-scan.
    Vertel even hoe de situatie nu is.

    Groeten smeenk :wink:
  • was een aardige klus maar is volgens mij de schoonste pc van nederland nu 8-)
    bedankt voor alle hulp!!! klasse!

    Logfile of HijackThis v1.99.1
    Scan saved at 7:29:45 PM, on 9/30/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
    C:\PROGRA~1\MICROS~2\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\WINDOWS\slrundll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wpabaln.exe
    C:\Documents and Settings\snuffel\My Documents\hijackthis\hijackthis-1\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupsNuker:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNACLE\PPE\ppe.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    ———————————————————
    ewido security suite - Scan report
    ———————————————————

    + Created on: 6:02:28 PM, 9/30/2005
    + Report-Checksum: 79E5DAAD

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/back.gif\\.Owner -> Spyware.iLookup : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/back.gif\\{99802379-7362-40E2-9D28-8A3B9AF880B7} -> Spyware.iLookup : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/version.txt\\.Owner -> Spyware.iSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/version.txt\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
    HKU\S-1-5-21-1757981266-842925246-1957994488-1003\Software\hsb -> Spyware.Hotsearchbar : Cleaned with backup
    [824] C:\WINDOWS\System32\birdihuy32.dll -> TrojanProxy.Small.ct : Cleaned with backup
    C:\WINDOWS\system32\bgjgjmqq.dll -> Worm.Prox.c : Cleaned with backup
    C:\WINDOWS\system32\birdihuy32.dll -> TrojanProxy.Small.ct : Cleaned with backup
    C:\WINDOWS\system32\birdihuy.dll -> Spyware.AdultStore : Cleaned with backup
    C:\WINDOWS\system32\ztoolb011.dll -> Spyware.Zbar : Cleaned with backup
    C:\WINDOWS\system32\checkIn.dll -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\pumba3.dll -> Spyware.AzSearch : Cleaned with backup
    C:\WINDOWS\pumba2.dll -> Spyware.AzeSearch : Cleaned with backup
    :mozilla.5:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\snuffel\Application Data\Mozilla\Profiles\default\652j4bzv.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.206:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.207:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.209:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.228:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.230:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.237:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.264:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    :mozilla.265:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.266:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.287:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.305:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.306:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.323:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.324:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.331:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.334:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.335:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.337:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.347:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.348:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.349:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.350:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.365:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.369:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.370:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.371:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.376:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.377:C:\Documents and Settings\snuffel\Application Data\Mozilla\Firefox\Profiles\default.slc\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.136:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.224:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.225:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.228:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.238:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.249:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.258:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.275:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.286:C:\Documents and Settings\snuffel\Application Data\Phoenix\Profiles\default\xeulfjqu.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP1\A0000031.exe -> TrojanDownloader.Delf.ks : Cleaned with backup
    C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP1\A0000032.exe -> Trojan.Agent.eo : Cleaned with backup
    C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0000181.dll -> Trojan.Agent.eo : Cleaned with backup
    C:\data -> TrojanDownloader.IstBar.ja : Cleaned with backup


    ::Report End
  • [quote:d26464a3e1="snuffetje"]was een aardige klus maar is volgens mij de schoonste pc van nederland nu 8-)
    bedankt voor alle hulp!!! klasse![/quote:d26464a3e1]Graag gedaan hoor, Je log ziet er goed uit :D

    Als je het logje van Panda hebt en die van Smitrem mag je die nog wel even posten.

    [b:d26464a3e1]Enkele tips om je systeem schoon te houden:[/b:d26464a3e1]
    Je Windows-versie is niet up to date, dit maakt je systeem extra kwetsbaar voor infecties met spyware en/of virussen. Tip: SP2 installeren.
    Bezoek daarnaast regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

    Zorg er voor dat je antivirus up to date is, doe af en toe ook een online antivirus scan.

    Installeer ook SpywareBlaster en Spywareguard.
    Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Houd ook deze progs up to date!

    Via een reg-file kun je je tegen kwaadaardige activeX-codes wapenen. Klik hier voor meer info

    vr.gr.smeenk :wink:
  • nou ja, toch een paar wormpjes denk ik 8-(
    ga maar eens flink updaten


    mvg

    Incident Status Location

    Virus:W32/Sdbot.FDF.worm Disinfected C:\WINDOWS\system32\jjj.exe
    Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
    Virus:Bck/Sdbot.FDA Disinfected C:\WINDOWS\system32\setup_62170.exe
    Virus:W32/Sdbot.FAH.worm Disinfected C:\WINDOWS\system32
    etddesrv.exe
    Adware:Adware/Startpage.AJF No disinfected C:\WINDOWS\system32\shdocnvt.dll
    Adware:adware/azesearch No disinfected C:\WINDOWS\system32\zolker011.dll
    Adware:Adware/ISearch No disinfected C:\WINDOWS\Downloaded Program Files\initial.inf
    Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
    Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\msxct1.ini
    Adware:adware program No disinfected C:\WINDOWS\flag.bla
    Adware:Adware/Look2Me No disinfected C:\Documents and Settings\snuffel\My Documents\hijackthis\hijackthis-1\backups\backup-20050930-125730-337.dll
    Adware:Adware/AzeSearch No disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0000194.dll
    Dialer:Dialer.CSO No disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0000195.dll
    Adware:Adware/AzeSearch No disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0000196.dll
    Adware:Adware/AzeSearch No disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0000197.dll
    Virus:W32/Sdbot.FDF.worm Disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0001266.exe
    Virus:Bck/Sdbot.FDA Disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0001267.exe
    Virus:W32/Sdbot.FAH.worm Disinfected C:\System Volume Information\_restore{4F6CFF8E-E729-4E60-8D97-33A7F95BDA0D}\RP3\A0001268.exe
  • Onderstaande bestandjes mag je nog even opzoeken met behulp van je verkenner,
    als je ze niet ziet moet je even zorgen dat verborgen bestanden en mappen weergegeven worden.
    Kijk hier maar even hoe dat moet.

    C:\WINDOWS\system32\[b:0ab4a74e5d]shdocnvt.dll[/b:0ab4a74e5d]
    C:\WINDOWS\system32\[b:0ab4a74e5d]zolker011.dll[/b:0ab4a74e5d]
    C:\WINDOWS\Downloaded Program Files\[b:0ab4a74e5d]initial.inf[/b:0ab4a74e5d]
    C:\WINDOWS\[b:0ab4a74e5d]smdat32m.sys[/b:0ab4a74e5d]
    C:\WINDOWS\[b:0ab4a74e5d]msxct1.ini[/b:0ab4a74e5d]
    C:\WINDOWS\[b:0ab4a74e5d]flag.bla[/b:0ab4a74e5d]
    C:\WINDOWS\system32\[b:0ab4a74e5d]svcnvt.exe[/b:0ab4a74e5d]
    C:\WINDOWS\System32\[b:0ab4a74e5d]bgjgjmqq.dll[/b:0ab4a74e5d]
    C:\WINDOWS\[b:0ab4a74e5d]q287102_disk.dll[/b:0ab4a74e5d]

    Maak nadien meteen even je prullenbak leeg :wink:

    Er zitten ook nog wat infecties in je systeemherstel, dit los je op de volgende manier op:
    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.

    Succes verder,
    Groeten smeenk :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.