Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Wie wil mijn log even checken...

None
13 antwoorden
  • Computer loopt af en toe vast, ben zelf niet zo'n whizzkid.. Heb tevens last van Spyware..

    Logfile of HijackThis v1.99.1
    Scan saved at 10:25:43, on 16-1-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\FaxTalk Communicator\FTCtrl32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\WINDOWS\system32\ghkpqfi.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\f54b3l5x\f54b3l5x.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\f54b3l5x\11742800.exe
    C:\Program Files\f54b3l5x\f54b3l5x.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Bart Boots\Local Settings\Temporary Internet Files\Content.IE5\0DEFC1UN\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cyboknwwgpitgzvn.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw1Vm_BqHriqK64noeayoPdz.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eidgqtqxgtsmsilipdt.com/1UJXaGae9QHZKQGRJq3oZV7ouyXXuGj0Zx9mt0jdfic.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000000-0000-4B48-91C8-0C66E254216D} - C:\Program Files\f54b3l5x\f54b3l5x.dll
    O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe
    O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
    O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"
    O4 - HKLM\..\Run: [mlrkaq] C:\WINDOWS\system32\ghkpqfi.exe r
    O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe
    O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ContextUninstall] C:\WINDOWS\STUninstall.exe
    O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe







  • Er is nogal wat mis :roll:

    Plaats HijackThis even in een eigen map, bijvoorbeeld C:\HijackThis
    Het programma maakt namelijk backups en die kunnen gemakkelijk verloren gaan als je het programma rechtstreeks vanuit de download start.

    Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer [b:3e94b4582e]Messenger plus[/b:3e94b4582e]. Deze is namelijk verantwoordelijk voor de LOP-infectie(Later kan je deze terug installeren, maar kies dan voor een installatie [b:3e94b4582e]zonder sponsors[/b:3e94b4582e].)
    Tijdens het deïnstallatieprocess wordt er gevraagd om een securitycode in te geven. Doe dit.

    Probeer ook via configuratiescherm – Software de volgende programma's te deïnstalleren:
    [b:3e94b4582e]P2P Networking
    AltnetPointsManager
    Altnet
    EbatesMoeMoneyMaker
    ErrorSafe[/b:3e94b4582e]

    Herstart de computer. Maak een nieuw HijackThislog en post deze.

    Doe daarna ook nog even dit:
    Open een klablokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: vindjob.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:3e94b4582e]dir %Windir%\tasks /a:h > files.txt
    notepad files.txt[/code:1:3e94b4582e]
    Dubbelklik op vindjob.bat.
    Er opent een kladblokbestand. Post de inhoud van dit kladblokbestand

    vr.gr.smeenk :wink:
  • Logfile of HijackThis v1.99.1
    Scan saved at 11:58:41, on 16-1-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\FaxTalk Communicator\FTCtrl32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\f54b3l5x\f54b3l5x.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\f54b3l5x\11742800.exe
    C:\Program Files\f54b3l5x\f54b3l5x.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6pPtgq4noeayoPdz.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jongeren.volendam.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
    O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe
    O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"
    O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe







  • Het volume in station C heeft geen naam.
    Het volumenummer is 087A-B63E

    Map van C:\WINDOWS\tasks

    16-01-2006 12:00 280 AC323E549181B128.job
    08-04-2003 13:00 65 desktop.ini
    16-01-2006 11:49 6 SA.DAT
    3 bestand(en) 351 bytes
    0 map(pen) 33.781.186.560 bytes beschikbaar
  • Download, installeer en update de free trial versie van Ewido Anti Malware.
    Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
    Als je Ewido voor de eerste keer start, zal je een foutmelding krijgen "Database could not be found!". Deze melding is normaal. Klik op "OK".
    In het hoofdscherm van Ewido, klik je op "Update" in het linkse menu, en vervolgens op de knop "Start update".
    Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
    Sluit Ewido. Laat het nog [b:39e88399d9]niet[/b:39e88399d9] scannen.

    Start de computer in veilige modus.

    Start hijackthis en fix deze sleutels indien nog aanwezig:
    [b:39e88399d9]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6pPtgq4noeayoPdz.html
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
    O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe
    O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe
    O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe
    O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"
    O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe
    O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab [/b:39e88399d9]

    Open de Ewido Anti Malware.
    klik op "Scanner".
    Klik op "complete system scan".
    Laat het programma je pc scannen.
    Tijdens de scan zal je gevraagd worden of je de gevonden bestanden wil verwijderen. Klik dan op "OK".
    Als de scan beëindigd is, zal je een knop zien "Bewaar rapport".
    Klik op Bewaar rapport en sla het rapport op, op je bureaublad.
    Sluit Ewido af.
    Herstart de computer in normale modus en post een nieuwe Hijackthislog en de log van Ewido.
  • Had je zelf al een oplossing gevonden voor die nail-infectie? Ik zag deze namelijk in je eerste log staan en in je 2e log al niet meer.
    Ik had al een aantal zaken bij elkaar gezocht voor die nailfix en in de fix geplaatst, die heb ik er naderhand weer uitgehaald omdat dit niet meer nodig is.
    Mogelijk had je dat al gezien :wink:

    Open kladblok en kopieer onderstaande code in dit kladblokbestand. Sla het op als deljob.bat
    Kies voor opslaan als bestandstype: Alle bestanden(*.*)
    [code:1:0c0a6e12d0]%systemdrive%
    cd C:\WINDOWS\Tasks
    attrib -r -s -h AC323E549181B128.job
    del AC323E549181B128.job [/code:1:0c0a6e12d0]Dubbelklik op deljob.bat en voer daarna vindjob.bat nog een keer uit en post het resultaat.

    Groeten smeenk
  • Het volume in station C heeft geen naam.
    Het volumenummer is 087A-B63E

    Map van C:\WINDOWS\tasks

    08-04-2003 13:00 65 desktop.ini
    16-01-2006 16:56 6 SA.DAT
    2 bestand(en) 71 bytes
    0 map(pen) 33.774.632.960 bytes beschikbaar
  • Het vindjob logje ziet er goed uit, plaats ook de logjes van HijackThis en Ewido maar ter controle, meldt ook even of er nog problemen zijn :wink:

    Groeten smeenk
  • Logfile of HijackThis v1.99.1
    Scan saved at 18:13:13, on 16-1-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\FaxTalk Communicator\FTCtrl32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6pPtgq4noeayoPdz.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jongeren.volendam.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing)
    O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"
    O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




    EWIDO
    ———————————————————
    ewido anti-malware - Scan rapport
    ———————————————————

    + Gemaakt op: 18:08:57, 16-1-2006
    + Rapport samenvatting: 2FF4C9

    + Scan resultaten:

    C:\Documents and Settings\Bart Boots\Cookies\bart boots@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wfmygid5adq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wgkyegcpicq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wjkoqic5ecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wjkouhc5ogp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@e-2dj6wjlyclajkaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@estat[1].txt -> Spyware.Cookie.Estat : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@images.lop[1].txt -> Spyware.Cookie.Lop : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@perf.overture[1].txt -> Spyware.Cookie.Overture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@www.etracker[2].txt -> Spyware.Cookie.Etracker : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@www.lop[1].txt -> Spyware.Cookie.Lop : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Cookies\bart boots@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\D3860\boncpar.exe -> Hijacker.Small.hy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\DrTemp\mm_reco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\fSGfeSR.exe -> Downloader.IstBar : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\GVR\aurareco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\satmat.cab/satmat.exe -> Downloader.Stubby.d : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\satmat.exe -> Downloader.Stubby.d : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\ssd23.exe -> Downloader.Dluca : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI2E5D.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI2E5D.tmp\farmmext.exe -> Spyware.ConsCorr : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI4005.tmp\zserv.cab/ZServ.dll -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI4005.tmp\ZServ.dll -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\multimpp.cab/multimpp.dll -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\multimpp.cab/preInMPP.exe -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\multimpp.dll -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI5F56.tmp\preInMPP.exe -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI6537.tmp\polall1r.exe -> Downloader.Agent.ae : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\THI7BFE.tmp\polall1r.exe -> Downloader.Agent.ae : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\TMP96D.tmp -> Downloader.Agent.ae : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\TMP96E.tmp -> Downloader.Agent.ae : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\tmpD.tmp -> Downloader.Crypt : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\WZP\aurareco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temporary Internet Files\Content.IE5\WPIN4TQR\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Schoongemaakt met een backup
    C:\Documents and Settings\Bart Boots\Local Settings\Temporary Internet Files\Content.IE5\XZFJDTKE\boncpar[1].exe -> Hijacker.Small.hy : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@66.220.17[2].txt -> Spyware.Cookie.66.220.17.154 : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@image.masterstats[2].txt -> Spyware.Cookie.Masterstats : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Cookies\gast@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temp\DrTemp\aurora.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temp\DrTemp\mm_reco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temp
    siA2.exe -> Downloader.Agent.bh : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temp\ULK\aurareco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\A8E57XW0\Poller[1].exe -> Trojan.Poler.a : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\A8E57XW0\svcproc[1].exe -> Spyware.Hijacker.Generic : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\VYSBJHOX\wmf_exp[1].wmf -> Exploit.MS05-053-WMF : Schoongemaakt met een backup
    C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5\X8W3T9KD\ErrorSafeScannerInstall_nl[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Schoongemaakt met een backup
    C:\Program Files\altnet -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cran.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\dbx.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\docfile.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\html.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\java.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\jpeg.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\jpeg.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_w95.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mso.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection
    a.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection
    a.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection
    a.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection
    elf.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection
    elf.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\rup.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sdx.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sfx.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\unpack.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\unpack.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.cvd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab -> Spyware.Altnet : Schoongemaakt met een backup
    C:\Program Files\Common Files\cdardccn\catnleltaa\hrnljnnfl.exe -> Adware.Gator : Schoongemaakt met een backup
    C:\Program Files\Common Files\cdardccn\eblnanlp\ppnnjnhj.exe -> Adware.Gator : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\dp1ywmai.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\f54b3l5x1\f54b3l5x1.dll -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\f54b3l5x1\f54b3l5x1.exe -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\k93pp6e4.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\km9lqs7w.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\pv2m7fyb.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\xnqmk2tu.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\f54b3l5x\ydagjo3e.DLL -> Spyware.ClearSearch : Schoongemaakt met een backup
    C:\Program Files\Internet Explorer\iexplorer.exe -> Downloader.Crypt : Schoongemaakt met een backup
    C:\RECYCLER\S-1-5-21-1060284298-1214440339-839522115-1004\Dc21.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\WINDOWS\preInMPP.exe -> Spyware.BiSpy : Schoongemaakt met een backup
    C:\WINDOWS\system32\drivers\erssdd.sys -> Trojan.Rootkit.Agent.af : Schoongemaakt met een backup
    C:\WINDOWS\system32\egdhtml_1021.dll -> Dialer.Generic : Schoongemaakt met een backup
    C:\WINDOWS\system32\egdial.dll -> Dialer.Generic : Schoongemaakt met een backup
    C:\WINDOWS\system32\oouqkykh.exe -> Downloader.Dluca.x : Schoongemaakt met een backup
    C:\WINDOWS\system32\stmtreco.exe -> Adware.BetterInternet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Schoongemaakt met een backup
    C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Schoongemaakt met een backup


    ::Einde rapport













  • Er is al flink wat opgeruimd, al heb ik de indruk dat het nog niet helemaal goed gaat.

    1. Schakel TeaTimer eens uit, deze kan bepaalde wijzigingen die we met HijackThis doen tegenhouden/ongedan maken.

    2. Download en installeer CCleaner.
    Gebruik het programma nog niet.

    3. Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven.
    Haal ook het vinkje weg bij: "Bestandsextensies verbergen voor bekende bestandstypes". Dit bevestigen met "OK".

    4. Start de computer in veilige modus.

    5. Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:65ce8e0e6b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eeabcbfrabivlm.com/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw26OgKg6p Ptgq4noeayoPdz.html
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing)
    O2 - BHO: JunkHoleTeam - {0BC780CE-756B-BEC5-8DA1-CC4079C3F55C} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O2 - BHO: (no name) - {5DB97883-5F4E-4FA7-A1BD-C2A1DBCED7AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {656666C2-2F31-44DD-9A50-B5FAEA7EC641} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O2 - BHO: (no name) - {955A2531-27DE-6A6B-9C98-8CF2CB3BA1A0} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing)
    O2 - BHO: (no name) - {CE99D097-BA00-6E33-CAA1-97140FEE396C} - C:\DOCUME~1\BARTBO~1\APPLIC~1\ELSEBI~1\about once.exe (file missing)
    O2 - BHO: (no name) - {FC9BFDD0-D52E-463E-A9E4-02094951280A} - C:\Program Files\CSBB\CSBB.dll (file missing)
    O3 - Toolbar: pop log cash - {4CDC16A1-C826-CF45-9BAD-067C0C352156} - C:\PROGRA~1\ELSEBI~1\Thisfirst.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm
    O4 - HKLM\..\Run: [Cdromclockroadbrowse] C:\Documents and Settings\All Users\Application Data\fork16cdromclock\CAST ELSE.exe
    O4 - HKLM\..\Run: [f54b3l5x] C:\Program Files\f54b3l5x\f54b3l5x.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] "C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"
    O4 - HKLM\..\Run: [Cdromtestwavebyte] C:\Documents and Settings\All Users\Application Data\Part show cdrom test\flaw mfcd.exe
    O4 - HKCU\..\Run: [blue dog] C:\DOCUME~1\BARTBO~1\APPLIC~1\IDOLAC~1\Softdefyknob.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
    O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab[/b:65ce8e0e6b]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    6. Zoek met je verkenner de volgende mappen en/of bestanden(vetgedrukt) en verwijder deze indien ze aanwezig zijn:
    C:\PROGRA~1\[b:65ce8e0e6b]ELSEBI~1[/b:65ce8e0e6b]\ <= deze map
    C:\Program Files\[b:65ce8e0e6b]CSBB[/b:65ce8e0e6b]\ <= deze map
    C:\DOCUME~1\BARTBO~1\APPLIC~1\[b:65ce8e0e6b]ELSEBI~1[/b:65ce8e0e6b]\ <= deze map
    C:\Program Files\Common Files\[b:65ce8e0e6b]cdardccn[/b:65ce8e0e6b]\ <= deze map
    C:\Program Files\[b:65ce8e0e6b]f54b3l5x[/b:65ce8e0e6b]\ <= deze map
    C:\WINDOWS\[b:65ce8e0e6b]Temp[/b:65ce8e0e6b]\ <= deze map niet verwijderen maar helemaal leeg maken
    C:\Program Files\Common Files\[b:65ce8e0e6b]GMT[/b:65ce8e0e6b]\ <= deze map
    c:\windows\system32\[b:65ce8e0e6b]sncntr.exe[/b:65ce8e0e6b]
    c:\windows\system32\[b:65ce8e0e6b]sp2ctr.exe[/b:65ce8e0e6b]
    C:\Program Files\[b:65ce8e0e6b]TV Media[/b:65ce8e0e6b]\ <= deze map
    c:\windows\system32\[b:65ce8e0e6b]evthtm.exe[/b:65ce8e0e6b]
    C:\Documents and Settings\All Users\Application Data\[b:65ce8e0e6b]fork16cdromclock[/b:65ce8e0e6b]\ <= deze map
    C:\Program Files\[b:65ce8e0e6b]EbatesMoeMoneyMaker4[/b:65ce8e0e6b]\ <= deze map
    C:\Documents and Settings\All Users\Application Data\[b:65ce8e0e6b]Part show cdrom test[/b:65ce8e0e6b]\ <= deze map
    C:\DOCUME~1\BARTBO~1\APPLIC~1\[b:65ce8e0e6b]IDOLAC~1[/b:65ce8e0e6b]\ <= deze map

    7. [b:65ce8e0e6b]Tip bij het gebruik van Ccleaner:[/b:65ce8e0e6b]
    Ccleaner verwijdert ook cookies. Cookies zijn meestal gewoon nutteloos,
    soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites.
    Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt.
    Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte.
    Klik daarna op de knop "Opschonen".

    8. Herstart de computer in normale modus.

    9. Doe een online scan via Panda's online virus scan.
    Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

    10. Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle en post ook het logje van Panda.

    Groeten smeenk :)
  • Logfile of HijackThis v1.99.1
    Scan saved at 11:20:28, on 18-1-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\FaxTalk Communicator\FTCtrl32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org1.0.3\program\soffice.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxaggtgpyimzaei.biz/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw2eTMk4XymMTa4noeayoPdz.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jongeren.volendam.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jongeren.volendam.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001
    l\msntb.dll
    O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Program Files\OpenOffice.org1.0.3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
    pjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.jongeren.volendam.nl/
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



    Panda virus scan



    Incident Status Location

    Adware:adware/twain-tech Not disinfected C:\WINDOWS\SYSTEM32\polall1m.exe
    Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Bart Boots\Application Data\tvmcwrd.dll
    Adware:adware/ipinsight Not disinfected C:\WINDOWS\INF\polall1r.inf
    Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\satmat.inf
    Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
    Adware:adware/gator Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU START\PROGRAMMA'S\GAIN Publishing
    Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Lycos
    Spyware:spyware/dluca Not disinfected Windows Registry
    Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
    Spyware:spyware/altnet Not disinfected Windows Registry
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Bart Boots\Cookies\bart boots@stat.onestat[2].txt
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\16 memo 2 regs.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\aaulkskf.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\actqneag.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\aeuspchi.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\asepzvrn.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bdjytywo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bivvghsj.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bjjvactg.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bljpcnak.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bpjichzh.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bwlagjpe.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\bxzivjyq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ccytarjq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\clvnqvew.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\cnerrllm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\crefxvvv.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\cvnvziin.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dfwdwkgo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dmvehtux.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\drlkiied.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dvebdzpd.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dwmnotut.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\dybzbezo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ehhbcyjq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\eibfhouz.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\epkldruc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\eswyiqen.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\excqdvsj.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ezbbgeyb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\frloxunw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\fvsyynyl.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\gioejcxy.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\gurexoie.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\heqlhadf.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\hissuals.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\Hold Each Cast.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\hpxxdjui.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\hwilpvxe.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\icddyazq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ijngmntr.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ikjlnjts.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\iousuejl.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\itqcovjk.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\iyzujspt.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\jcvtxrgh.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\jjfaknei.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\jmsjvkoi.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\junqfrcw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kdujlkbp.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kpcpmrwu.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kvjnedxl.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\kzkbvxcv.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lfsgwdoy.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lhsypheb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lhxjgppm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ljywhlob.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lrqegizw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lueunvjq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\luijaohr.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lwivykzc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\lxnpnhzk.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mbrnpdfb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mctpassc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\meahzryt.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mfjpewhb.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\midnyrcp.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mkcpcqzk.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mpakqsqy.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mqdtnihl.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mqowcptv.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\mtnybtwm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active
    dpsnkhy.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active
    fzkpeaq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active
    jycbqde.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active
    xwkwexs.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\obfkwthn.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\okacxbie.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ordzxijw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\oufyykgz.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\pelrnncp.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\pjiutvhd.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qdbywagc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qidmzsfx.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qlolkfgu.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qotdzgry.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qotxzkfd.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qpmdpnpq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qqufczbo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qtmzxqhu.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qywrijxe.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\qzozgazu.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rbbvqimh.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\riscfwzq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rjschrux.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rpmmwmab.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\rszkexns.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\scgtbhvy.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\slakgcsj.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\snjsfamc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\snuyhdco.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\Softdefyknob.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\sqhomtbj.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\svuwizny.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tevvjqtm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tqvckyxn.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tqwrrxme.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tvgkjlis.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\tvilwhym.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\uadpchoc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\uvwblzud.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vafhzlxr.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vazjfvhk.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vnyobvae.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\vvjymybd.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\waqgoeyo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\wbsfguna.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\wykalbqw.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\xcybdubm.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\xjnlrrxo.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\xmumrpiq.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\ymgrmwsa.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\zdqmuzfv.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\zyafhbjp.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Bart Boots\Application Data\Idol active\zzupqikr.exe
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Bart Boots\Cookies\bart boots@stat.onestat[2].txt
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Gast\Application Data\Idol active\Hold Each Cast.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Gast\Application Data\Idol active\ryjdsufc.exe
    Adware:Adware/Lop Not disinfected C:\Documents and Settings\Gast\Application Data\Idol active\Softdefyknob.exe
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@888[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@888[2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gast\Cookies\gast@adopt.hbmediapro[2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gast\Cookies\gast@adultfriendfinder[2].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Gast\Cookies\gast@apmebf[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gast\Cookies\gast@belnk[1].txt
    Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Gast\Cookies\gast@btg.btgrab[1].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Gast\Cookies\gast@cassava[1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Gast\Cookies\gast@ccbill[1].txt
    Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Gast\Cookies\gast@cliks[1].txt
    Spyware:Cookie/Belnk Not dis











  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxaggtgpyimzaei.biz/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw2eTMk4XymMTa4noeayoPdz.html

    je hebt waarschijnlijk msn messenger met sponsors geinstalleerd

    de lop infectie komt daar vandaan

    je hebt nog meer troep erop zitten

    laat een goed expert er verder naar kijken voor je iets doet

    de regel die ik aan gaf is niet de enige die verkeerd is
  • Het wordt al beter :)

    Zoek de volgende mappen(vetgedrukt) eens op en verwijder deze:
    C:\Documents and Settings\Bart Boots\Application Data\[b:38939ce39f]Idol active[/b:38939ce39f]\
    C:\Documents and Settings\Bart Boots\Application Data\[b:38939ce39f]Lycos[/b:38939ce39f]\
    C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU START\PROGRAMMA'S\[b:38939ce39f]GAIN Publishing[/b:38939ce39f]\


    Probeer daarna de volgende bestanden(vetgedrukt) te vinden en te verwijderen:
    C:\WINDOWS\SYSTEM32\[b:38939ce39f]polall1m.exe[/b:38939ce39f]
    C:\Documents and Settings\Bart Boots\Application Data\[b:38939ce39f]tvmcwrd.dll[/b:38939ce39f]
    C:\WINDOWS\INF\[b:38939ce39f]polall1r.inf[/b:38939ce39f]
    C:\WINDOWS\INF\[b:38939ce39f]satmat.inf[/b:38939ce39f]
    C:\WINDOWS\[b:38939ce39f]smdat32a.sys[/b:38939ce39f]

    Maak daarna je prullenbak leeg.

    Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:38939ce39f]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bxaggtgpyimzaei.biz/1UJXaGae9QHPAQdlmLDX2OJkcRptMdATEfPW3hR4hw2eTMk4XymMTa4noeayoPdz.html
    O2 - BHO: (no name) - {00000000-0000-446E-9641-1C2CB1D860DB} - C:\Program Files\f54b3l5x\f54b3l5x.dll (file missing)[/b:38939ce39f]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer, plaats een nieuw log en plaats deze ter controle.
    Doe eventueel opnieuw een Panda online scan en post dit logje ook.

    Groeten smeenk :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.