Kunnen jullie dit even nakijken? Is een logje van de pc van m'n zus...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:57, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Babs\Mijn documenten\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [1c341909] rundll32.exe "C:\WINDOWS\system32\jayrasay.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?5f0f2de9635842a4892e54e395e0b35a
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?5f0f2de9635842a4892e54e395e0b35a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Babs\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6152 bytes

en nog een logje van AVG antispyware ...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:18:18 2/10/2007
+ Scan result:

C:\WINDOWS\system32\qwlrorrf.exe -> Adware.180Solutions : Cleaned.
C:\WINDOWS\system32\uztkfpst.exe -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\HbTools\HbTools\Mail -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\HbTools\HbTools\Upgrade -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\Common -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\Common\Updates -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\EUI -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Mail -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\PI -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample\Hist\sg976 -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample\Hist\sg978 -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample\Hist\sg989 -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample\Hist\sg990 -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\Sample\Hist\sg991 -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\dynamicFail -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\links -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\options -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HbTools\updates -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HostOI -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HostOI\Updates -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HostOL -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\HostOL\Updates -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\Time -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\Time\HostIE -> Adware.HotBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\HbTools\Time\HostIE\updates -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\YourSiteBar -> Adware.ISTBar : Cleaned.
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Cleaned.
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Cleaned.
HKLM\SOFTWARE\YourSiteBar\Historymusic_keyword -> Adware.ISTBar : Cleaned.
HKU\S-1-5-21-839522115-2052111302-2147125571-1003\Software\IST -> Adware.ISTBar : Cleaned.
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Adware.YourSiteBar : Cleaned.
HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Adware.YourSiteBar : Cleaned.
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Adware.YourSiteBar : Cleaned.
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Adware.YourSiteBar : Cleaned.
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ice.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@sonyeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@stepstone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ads46.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wamicidpikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wbkiemdpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wfkiepczoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wfl4qoczecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wfliekc5ieq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wgkicidpwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@e-2dj6wjk4olcjwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-accuweather.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-associatednewmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-edgebe.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-philipsvheusen.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-wssuk.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@profiles.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@games.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Babs\Cookies\babs@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
YourSiteBar

Herstart je PC.

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad

Dubbelklik op combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Bewaar dit logje.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.

Pim

EDIT:
Kheb gezien dat java een update had, dit ben ik nu aan het doen maar khad de hijackthislog al gemaakt ;)

-------------------------------------------------------------------------------------

ComboFix 07-10-12.4 - Babs 2007-10-14 12:25:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.261 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Babs\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Babs\Application Data\errorsafedutchnewreleaseinstall[1].exe
C:\Documents and Settings\Babs\Application Data\HbTools
C:\Documents and Settings\Babs\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\1384133.sdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\3340762.sdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\3696057.sdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\3893245.sdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18912 0
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21235
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27505
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35006
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42707 5
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44323
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54473
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59913
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64495
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6873
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\74398
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75120 9
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79257
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79805
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\8732
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95777
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\business_promo. htm
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\cursors.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _1000.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _2000.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _3000.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _bar.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _bbar1.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _logos.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons _other.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather .res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mn u
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_categor ize.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_compari son.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROF L_CA_flow_b_IEB.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_explore r-Mails.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_explore r-people.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorit es.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mn u
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarc om.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail .mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin. mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster .mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster ie.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster uk.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsear ch.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.m nu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium .mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mn u
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_rington es.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchB oxTrapper.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchf or.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchg o.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather .mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowp ages.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\gamesmenu.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\gamesMenu.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\hb_ie_menu.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.ht m
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\ie_games_icon.r es
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\ie_video.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.t xt
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\more.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\new_games.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons .res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.r es
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\1\weathericon.res
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans .xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans 1.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business _promo.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondi r.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\cursors. xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_1000.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_2000.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_3000.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_bar.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_bbar1.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_logos.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ buttons_other.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_ weather.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default. xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\gamesmen u.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hb_ie_me nu.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_p romo.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.x ip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_games _icon.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_video .xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords .xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords 1.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.x ip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpath legal.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\more.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress .xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_ buttons.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_bu ttons.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegr oups2.txt
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegr oups2.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xi p
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.x ip
C:\Documents and Settings\Babs\Application Data\HbTools\v3.0\HbTools\static\DownLoad\weatheri con.xip
C:\Program Files\WhenUSearch
C:\Program Files\WhenUSearch\search.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\boboaqmj.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\efnknuyt.dll
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\jbyjnioh.dll
C:\WINDOWS\system32\jycepdbf.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\lapwxrta.dll
C:\WINDOWS\system32\mewitwpx.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pxuwfxft.dll
C:\WINDOWS\system32\rehyhdch.dll
C:\WINDOWS\system32\tevludpi.dll
C:\WINDOWS\system32\vcweorda.dll
C:\WINDOWS\system32\vjsahumm.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\xpkvyihn.dll
C:\WINDOWS\system32\ygbwojxy.dll
C:\WINDOWS\system32\yipfssgn.dll
C:\WINDOWS\system32\yrijjikl.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))
.
2007-10-14 12:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 00:01 83,008 --a------ C:\WINDOWS\system32\ipjdoibe.dll
2007-10-13 19:32 83,008 --a------ C:\WINDOWS\system32\xeotbedr.dll
2007-10-02 20:34 <DIR> d-------- C:\Documents and Settings\Babs\Application Data\Grisoft
2007-10-02 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-02 20:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 18:02 <DIR> d-------- C:\Program Files\QuickTime
2007-09-19 14:13 250,926 --a------ C:\WINDOWS\karabine.zip
2007-09-19 14:06 122,962 --a------ C:\WINDOWS\the_king_queen_font.zip
2007-09-16 01:36 23,552 --a------ C:\WINDOWS\system32\hgggefc.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-12 17:15 --------- d-----w C:\Documents and Settings\Babs\Application Data\LimeWire
2007-09-30 18:35 --------- d-----w C:\Program Files\LimeWire
2007-09-26 16:00 --------- d-----w C:\Program Files\Apple Software Update
2007-09-17 19:36 --------- d-----w C:\Program Files\Picasa2
2007-08-16 12:15 --------- d-----w C:\Program Files\Java
2007-01-20 09:42 5,297,976 ----a-w C:\Program Files\picasaweb-current-setup.exe
2006-11-02 19:27 106,464 ----a-w C:\Program Files\sinstaller2.exe
2006-10-28 14:35 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-07-14 10:59 2,874,344 ----a-w C:\Program Files\LimeWireWin-full.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"= C:\Program Files\YourSiteBar\ysb.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}]
[HKEY_CLASSES_ROOT\Ysb.YsbObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}]
[HKEY_CLASSES_ROOT\Ysb.YsbObj]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{86227D9C-0EFE-4F8A-AA55-30386A3F5686}"= C:\Program Files\YourSiteBar\ysb.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}]
[HKEY_CLASSES_ROOT\Ysb.YsbObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}]
[HKEY_CLASSES_ROOT\Ysb.YsbObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]
"nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 17:22]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15]
"Realtime Audio Engine"="mmrtkrnl.exe" [2005-01-20 13:02 C:\WINDOWS\system32\MMRTKRNL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"1c341909"="C:\WINDOWS\system32\ipjdoibe.dll" [2007-10-14 00:01]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggefc]
hgggefc.dll 2007-09-16 01:36 23552 C:\WINDOWS\system32\hgggefc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NETGEAR WG311T Wireless Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NETGEAR WG311T Wireless Assistant.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

.
Inhoud van de 'Gedeelde Taken' map
"2007-09-26 16:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-14 10:02:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 12:31:25
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
************************************************** ************************
.
Voltooingstijd: 2007-10-14 12:33:05 - machine was rebooted
.
--- E O F ---

en hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:52, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Babs\Mijn documenten\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1c341909] rundll32.exe "C:\WINDOWS\system32\ipjdoibe.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?5f0f2de9635842a4892e54e395e0b35a
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?5f0f2de9635842a4892e54e395e0b35a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Babs\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: hgggefc - C:\WINDOWS\SYSTEM32\hgggefc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6835 bytes

Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [1c341909] rundll32.exe "C:\WINDOWS\system32\ipjdoibe.dll",sitypnow
O20 - Winlogon Notify: hgggefc - C:\WINDOWS\SYSTEM32\hgggefc.dll


Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\WINDOWS\system32\ipjdoibe.dll
C:\WINDOWS\system32\xeotbedr.dll
C:\WINDOWS\system32\hgggefc.dll
C:\WINDOWS\system32\vturo.dll

Folder::
C:\Program Files\YourSiteBar

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}]
[-HKEY_CLASSES_ROOT\Ysb.YsbObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}]
[-HKEY_CLASSES_ROOT\Ysb.YsbObj]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
[-HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}]
[-HKEY_CLASSES_ROOT\Ysb.YsbObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}]
[-HKEY_CLASSES_ROOT\Ysb.YsbObj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggefc]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Pim

pComboFix 07-10-12.4 - Babs 2007-10-16 21:07:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.266 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Babs\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Babs\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE::
C:\WINDOWS\system32\hgggefc.dll
C:\WINDOWS\system32\ipjdoibe.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\xeotbedr.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\hgggefc.dll
C:\WINDOWS\system32\ipjdoibe.dll
C:\WINDOWS\system32\xeotbedr.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))
.
2007-10-14 12:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 20:34 <DIR> d-------- C:\Documents and Settings\Babs\Application Data\Grisoft
2007-10-02 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-02 20:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 18:02 <DIR> d-------- C:\Program Files\QuickTime
2007-09-19 14:13 250,926 --a------ C:\WINDOWS\karabine.zip
2007-09-19 14:06 122,962 --a------ C:\WINDOWS\the_king_queen_font.zip
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-16 18:20 --------- d-----w C:\Documents and Settings\Babs\Application Data\LimeWire
2007-10-14 10:39 --------- d-----w C:\Program Files\Java
2007-09-30 18:35 --------- d-----w C:\Program Files\LimeWire
2007-09-26 16:00 --------- d-----w C:\Program Files\Apple Software Update
2007-09-17 19:36 --------- d-----w C:\Program Files\Picasa2
2007-01-20 09:42 5,297,976 ----a-w C:\Program Files\picasaweb-current-setup.exe
2006-11-02 19:27 106,464 ----a-w C:\Program Files\sinstaller2.exe
2006-10-28 14:35 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-07-14 10:59 2,874,344 ----a-w C:\Program Files\LimeWireWin-full.exe
.
((((((((((((((((((((((((((((( snapshot@2007-10-14_12.31.39.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]
"nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 17:22]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15]
"Realtime Audio Engine"="mmrtkrnl.exe" [2005-01-20 13:02 C:\WINDOWS\system32\MMRTKRNL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NETGEAR WG311T Wireless Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NETGEAR WG311T Wireless Assistant.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam raid.sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tieh dusb.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-09-26 16:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-16 19:02:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 21:10:20
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-16 21:11:30 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-14 12:33
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:24, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Babs\Mijn documenten\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?5f0f2de9635842a4892e54e395e0b35a
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?5f0f2de9635842a4892e54e395e0b35a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Babs\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6153 bytes

Mogen deze entry's ook niet weg?

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Babs\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)

en

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

mvg
Robbe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Babs\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)


Deze is volkomen legiem en in dit geval is de (file missing) een 'foutje' van Hijackthis.



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


Deze is ook normaal, sweetim is bij mij gewoon een zoekmachine, indien je een
andere startpagina wil kan je deze het beste veranderen via extra --> internet opties.

Kan je dit bestand eens uploaden bij Jotti: C:\WINDOWS\system32\drivers\tieh dusb.sys
http://virusscan.jotti.org

Plaats de uitslag in je volgende post.