Hallo kwakkel01,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: mysidesearch browser optimizer - {4a7cd4b7-242c-2462-32a3-607be24b6c3a} - C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll
O4 - HKLM\..\Run: [{0c5f3623-8c4f-ffae-3c4f-c89ed7e374b2}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll" DllInit
O4 - HKLM\..\Run: [903efc2a] rundll32.exe "C:\WINDOWS\system32\iqijvawn.dll",b
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

Klik daarna op "Fix checked" en sluit HijackThis af.


Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

ok, heb een nieuw sp gedownload, gesleept over combofix, en het log staat hieronder; daarna HJT gedraaid, met onderstaand resultaat:

did it work??!?

ComboFix 08-05-15.3 - hans 2008-05-17 12:13:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.539 [GMT 2:00]
Gestart vanuit: C:\downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Gast\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\CSC2.5U-EN-690-F.sbr.sgn
C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\ENCSC-Download.com.2.5.1040.0.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\IA
C:\WINDOWS\system32\adeLonmp.ini
C:\WINDOWS\system32\adeLonmp.ini2
C:\WINDOWS\system32\dFrnx05
C:\WINDOWS\system32\dFrnx05\dFrnx051080.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nwavjiqi.ini
C:\WINDOWS\system32\pac.txt
D:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))
.

2008-05-17 10:49 . 2008-05-17 10:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 04:49 . 2008-05-17 04:49 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-17 03:56 . 2008-05-17 03:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-05-17 02:41 . 2008-05-17 03:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 02:41 . 2008-05-17 02:41 <DIR> d-------- C:\Documents and Settings\hans\Application Data\SUPERAntiSpyware.com
2008-05-17 02:41 . 2008-05-17 02:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 01:23 . 2008-05-17 01:23 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-17 01:22 . 2008-05-17 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-17 01:20 . 2008-05-17 01:20 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-17 01:16 . 2008-05-17 01:16 10,240 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-05-17 00:30 . 2008-05-17 00:30 93,696 --a------ C:\WINDOWS\system32\iqijvawn.dll
2008-05-17 00:18 . 2008-05-17 00:18 95,833 --a------ C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe
2008-05-17 00:18 . 2008-05-17 00:18 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-17 00:17 . 2008-05-17 00:17 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-17 00:13 . 2008-05-17 00:13 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-17 00:08 . 2008-05-17 00:08 63,902 --a------ C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe
2008-05-17 00:07 . 2008-05-17 00:07 <DIR> d--hs---- C:\Documents and Settings\hans\!
2008-05-17 00:07 . 2008-05-17 00:07 401,972 --a------ C:\WINDOWS\system32\g54.exe
2008-05-17 00:06 . 2008-05-17 03:22 <DIR> d-------- C:\WINDOWS\system32\rDA
2008-05-17 00:06 . 2008-05-17 00:06 <DIR> d-------- C:\WINDOWS\system32\emL1
2008-05-17 00:06 . 2008-05-17 00:06 <DIR> d-------- C:\WINDOWS\system32\dbW
2008-05-17 00:06 . 2008-05-17 03:22 <DIR> d-------- C:\WINDOWS\system32\3056v
2008-05-17 00:06 . 2008-05-17 00:52 <DIR> d-------- C:\Program Files\winvi
2008-05-17 00:05 . 2008-05-17 00:06 <DIR> d-------- C:\temp\tmpvc14
2008-05-09 00:36 . 2008-05-15 01:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-09 00:36 . 2008-05-09 00:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 01:24 45,604 ----a-w C:\Documents and Settings\hans\Application Data\wklnhst.dat
2008-05-17 00:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 22:30 --------- d-----w C:\Program Files\KCeasy
2008-05-15 17:15 --------- d-----w C:\Program Files\PokerStars
2008-05-14 18:36 --------- d-----w C:\Documents and Settings\hans\Application Data\Hamachi
2008-03-31 22:05 --------- d-----w C:\Documents and Settings\hans\Application Data\CoreFTP
2008-03-31 20:39 --------- d-----w C:\Program Files\Belastingdienst
2008-03-19 20:13 --------- d-----w C:\Program Files\Java
2007-11-20 22:52 72,736 ----a-w C:\Documents and Settings\hans\Application Data\GDIPFONTCACHEV1.DAT
2006-09-16 09:59 4,584 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-09-16 05:33 71 ----a-w C:\Documents and Settings\HP_Administrator\chars.dat
2006-09-16 05:33 28 ----a-w C:\Documents and Settings\HP_Administrator\settings.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 23:06 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 06:40 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 15:35 7634944]
"nwiz"="nwiz.exe" [2006-10-31 15:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 19:53 15969280 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 10:01 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"PCDrProfiler"=""
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 02:29 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-16 22:41 185896]
"CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 17:50 229376]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 19:55 339968]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

C:\Documents and Settings\Gast\Menu Start\Programma's\Opstarten\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-01 15:49:13 27136]

C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-01 15:49:13 27136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
UvA - Informatiseringscentrum CISCO VPN Client.lnk - C:\Program Files\Cisco Systems\vpngui.exe [2006-11-14 22:14:06 1445904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"C:\\games\\-backup- 2nd diablo\\Diablo II\\medion2008.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Windows Media Format SDK (VideoMail.exe)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-17 01:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 22:57]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-17 00:24]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys
S3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 12:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE

.
Inhoud van de 'Gedeelde Taken' map
"2008-05-17 10:04:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-17 10:26:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 12:24:20
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Cisco Systems\cvpnd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system\hpsysdrv.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-17 12:33:02 - machine was rebooted [hans]
ComboFix-quarantined-files.txt 2008-05-17 10:32:58

Pre-Run: 190,817,349,632 bytes beschikbaar
Post-Run: 192,669,667,328 bytes beschikbaar

221 --- E O F --- 2008-05-15 07:28:14



Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:36:02, on 17-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Cisco Systems\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CmWatch.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 10663 bytes

Ziet er al stukken beter uit.


Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\WINDOWS\system32\iqijvawn.dll"
"C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe"
"C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe"
"C:\WINDOWS\system32\gside.exe"
"C:\WINDOWS\system32\winpfz33.sys"
"C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe"
"C:\WINDOWS\system32\g54.exe") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
"C:\Documents and Settings\hans\!"
C:\WINDOWS\system32\rDA
C:\WINDOWS\system32\emL1
C:\WINDOWS\system32\dbW
C:\WINDOWS\system32\3056v) DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted successfully>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

gedaan; onderstaande log kreeg ik terug:

Deleting files
"C:\WINDOWS\system32\iqijvawn.dll" deleted successfully
"C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe" deleted successfully
"C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe" deleted successfully
"C:\WINDOWS\system32\gside.exe" deleted successfully
"C:\WINDOWS\system32\winpfz33.sys" deleted successfully
"C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe" deleted successfully
"C:\WINDOWS\system32\g54.exe" deleted successfully

Deleting folders
C:\Documents not found
and not found
Settings\hans\! not found
C:\WINDOWS\system32\rDA deleted successfully
C:\WINDOWS\system32\emL1 deleted successfully
C:\WINDOWS\system32\dbW deleted successfully
C:\WINDOWS\system32\3056v deleted successfully


c'est tout?

Thx in ieder geval zover; zonder je hulp was ik nog steeds aan het scannen geweest, met telkens hetzelfde resultaat

Zat een foutje in de batfile.
Maak del.bat even opnieuw aan (de code is aangepast), dubbelklik er op en post de inhoud van de logfile die opent.

was me niet opgevallen, dat foutje

Deleting files
"C:\WINDOWS\system32\iqijvawn.dll" not found
"C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe" not found
"C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe" not found
"C:\WINDOWS\system32\gside.exe" not found
"C:\WINDOWS\system32\winpfz33.sys" not found
"C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe" not found
"C:\WINDOWS\system32\g54.exe" not found

Deleting folders
C:\Documents not found
and not found
Settings\hans\! not found
C:\WINDOWS\system32\rDA not found
C:\WINDOWS\system32\emL1 not found
C:\WINDOWS\system32\dbW not found
C:\WINDOWS\system32\3056v not found

zo te zien staan alle files die je hebt aangegeven niet meer in de folders; opnieuw opstarten nu??

Je moet de batfile opnieuw aanmaken, en dat heb je niet gedaan.

dacht dat in de file plakken van de nieuwe text hetzelfde effect gaf

Deleting files
"C:\WINDOWS\system32\iqijvawn.dll" not found
"C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe" not found
"C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe" not found
"C:\WINDOWS\system32\gside.exe" not found
"C:\WINDOWS\system32\winpfz33.sys" not found
"C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe" not found
"C:\WINDOWS\system32\g54.exe" not found

Deleting folders
"C:\Documents and Settings\hans\!" deleted successfully
C:\WINDOWS\system32\rDA not found
C:\WINDOWS\system32\emL1 not found
C:\WINDOWS\system32\dbW not found
C:\WINDOWS\system32\3056v not found

nieuwe log ziet er nu zo uit

Dat is beter. Alle problemen zijn opgelost?

QUOTE=Marckie;344369]Dat is beter. Alle problemen zijn opgelost?[/QUOTE]

problemen met de desktop/theme zijn nu opgelost. Echter, als ik de folder C:\Documents and Settings\hans\application data\ probeer te benaderen, dan krijg ik een foutmelding van IE, en wordt de verkenner eruit gegooid. Vervolgens krijg ik een pop-up dat de internetverbinding goed werkt.

M.i. is er dus nog steeds een progje wat die folder 'beschermd' en probeert internet te bereiken als ik in de folder wil komen en en passant probeert m'n desktop weer aan te passen (wat overigens dus niet meer lukt!)...

deze file wordt aan het IE-logbestand toegevoegd op het einde van de foutmelding --> C:\DOCUME~1\hans\LOCALS~1\Temp\abe8_appcompat.txt

geen idee wat het betekend, maar misschien kun je er iets mee.

(opnieuw opstarten heeft geen baat gehad om dit te verhelpen)

ik heb nu een full-scan van superantivirusscan lopen, en er wordt nog steeds 1 geinfecteerde file gevonden met adware (adware.unknown origin) geheugen & register zijn nu volgens de scanner wel schoon...

nog suggesties wat ik zou kunnen proberen?

Ik ben in ieder geval blij dat de verbinding met internet lijkt te mislukken. Het zou natuurlijk mooi zijn als ik alle geinfecteerde bestanden kwijt ben

Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
In het venster "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.

Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.


Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

• Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
  
• Klik vervolgens op de toets Scan Settings.
  Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
  Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
  
• Klik dan op de toets OK.
  
• Start nu het scannen door op de tekst My Computer te klikken.
  
  
  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
  
• Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

Post dit rapport in je volgende bericht.

ok, heb bovenstaande stappen gevolgd met onderstaande resultaat:

ik hoop dat je me er mee verder kan helpen.

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 17, 2008 9:34:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/05/2008
Kaspersky Anti-Virus database records: 781180


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan Statistics
Total number of scanned objects 107502
Number of viruses found 10
Number of infected objects 21
Number of suspicious objects 0
Duration of the scan process 01:33:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012007-230742.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\537B18F4.wmf Infected: Exploit.Win32.IMG-WMF.v skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\MSDVRMM_2420046981_11534336_25945 Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\MSDVRMM_2420046981_4521984_25936 Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\{76631A64-3BE7-434D-8F63-505B28E1F83A}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\{B8D99AEE-57C5-457B-80E2-BFA29B1CB25D}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\hans\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-73d916ec/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped

C:\Documents and Settings\hans\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-73d916ec ZIP: infected - 1 skipped

C:\Documents and Settings\hans\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-17-2008( 19-38-45 ).LOG Object is locked skipped

C:\Documents and Settings\hans\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{95CD1E5E-CE05-4B63-9400-C74594EE8D33} Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Geschiedenis\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Temp\_hphtra07.log Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Temp\~ROMFN_000002E0 Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\hans\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\hans\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\downloads\utilities_invdump.zip/invdump.exe Infected: Trojan-Proxy.Win32.Agent.ada skipped

C:\downloads\utilities_invdump.zip ZIP: infected - 1 skipped

C:\games\inv-dump\invdump.exe Infected: Trojan-Proxy.Win32.Agent.ada skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Interne bescherming.txt Object is locked skipped

C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll Infected: Trojan.Win32.BHO.cgy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\dFrnx05\dFrnx051080.exe.vir Infected: Trojan-Downloader.Win32.VB.ehl skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP603\A0135319.dll Infected: Trojan.Win32.BHO.cgy skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135384.exe Infected: Trojan-Downloader.Win32.VB.ehl skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135458.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.byy skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135458.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.byy skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135458.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream/data0007/stream/Script Infected: Trojan.NSIS.StartPage.c skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream/data0007/stream Infected: Trojan.NSIS.StartPage.c skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream/data0007 Infected: Trojan.NSIS.StartPage.c skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream Infected: Trojan.NSIS.StartPage.c skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135460.exe Infected: Trojan-Downloader.Win32.Small.vrq skipped

C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9ABE4A82-CED5-4902-ABF5-712BD2B12530}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_320.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\change.log Object is locked skipped

L:\games\2nd diablo\Diablo II\bncache-1412.dat Object is locked skipped

L:\games\2nd diablo\Diablo II\BnetLog.txt Object is locked skipped

L:\games\ATMA_Installer\ATMA V\Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ah skipped

L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

L:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\change.log Object is locked skipped

Scan process completed.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\downloads\utilities_invdump.zip
C:\games\inv-dump\invdump.exe
"C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm"
"C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll"
"L:\games\ATMA_Installer\ATMA V\Setup.exe"
) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
In het venster "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.

Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.

Thx; degenen die bold zijn had ik al gedelete nadat ik zag dat die voor problemen zouden kunnen zorgen (die files warer overignes niet degenen die tot de problemen leidden die ik gister had, maar dat terzijde)
de file in de HJT folder kan dus niet (meer) gevonden worden; ik heb Kaspersky gedownload (de trial-version) en die is op dit moment m'n pc binnenstebuiten aan het keren (all files ). die is dus nog wel even aan het stampen... vannacht heb ik hem de gewone scan laten doen, en toen vond ie nog 5 files die gedelete zijn... hoop dat dit de laatste stuiptrekkingen zijn van een behoorlijk iritant virus.

btw, wat zou het gevaar kunnne zijn van zo'n virus; moet ik tot nader order bv geen betalingen doen via de pc?? of is dit meer een spam-virus war hoofdzakelijk iritant is?


Deleting files
C:\downloads\utilities_invdump.zip not found
C:\games\inv-dump\invdump.exe not found
"C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm" not found"
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll" not found
"L:\games\ATMA_Installer\ATMA V\Setup.exe" deleted successfully