Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
hanswil
ook krijg ik nu automatisch windows update
Ga naar Start - Uitvoeren en geef het volgende in:
Combofix /u
Dit zal combofix deïnstalleren.
Download LopSD naar je Bureaublad.
Dubbelklik om het te starten, typ N (voor Nederlands), Enter, en typ vervolgens 2 om CID te verwijderen
En een log van Hijack This
nu via de besmette computer dee logfileLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:15, on 12-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Radek Tiny Software\Windows Communicator\Communicator.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: “C:\Program Files\Windows Media Connect 2\WMCCFG.exe” /StartQuiet
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\iso loud test bolt\sign cdrom.exe
O4 - HKLM\..\Run: C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKCU\..\Run: “C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Communicator.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hans\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131620512647
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Communicator server (WinComServer) - Radek Tiny Software - C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
–
End of file - 14267 bytes
en lopr file
——————–\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 1700MHz )
BIOS : Award Medallion BIOS v6.0
USER : Hans ( Administrator )
BOOT : Normal boot
Antivirus : NOD32 antivirus systeem 2.50 2.50 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:53 Go (Free:2 Go)
D:\ (Local Disk) - FAT32 - Total:38 Go (Free:30 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:18 Go (Free:14 Go)
H:\ (Local Disk) - FAT32 - Total:22 Go (Free:5 Go)
I:\ (USB) - FAT32 - Total:7683 Mo (Free:3 Go)
“C:\Lop SD” ( MAJ : 19-12-2008|23:40 )
Option : ( ma 12-01-2009|20:14 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL
Verwijderd ! - C:\WINDOWS\Tasks\ABF43AB5918BB019.job
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\EGGS WAIT.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\Objdent32.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\ciddpxvp.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\qupkxqiz.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\yvphlmwj.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\hoejvndr.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\quqvqgvt.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\dyjcwimf.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\pznolwiu.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\lpktsnaa.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\prnjswhl.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\xefxvdye.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\uwrsunsd.exe
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1\vfafanuq.exe
Verwijderd ! - C:\DOCUME~1\Hans\MENUST~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk
Verwijderd ! - C:\DOCUME~1\HANS\APPLIC~1\regsba~1
Verwijderd ! - C:\Program Files\regsba~1
Verwijderd ! - C:\DOCUME~1\Hans\MENUST~1\PROGRA~1\BitDownload
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
——————–\\ Beschrijving van mappen in APPLIC~1
C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
C:\DOCUME~1\ALLUSE~1\APPLIC~1\iso loud test bolt
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Postbank
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wanadoo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar
C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar
C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
C:\DOCUME~1\LOCALS~1\APPLIC~1\HPAppData
C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
C:\DOCUME~1\LOCALS~1\APPLIC~1\Wanadoo
C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar
C:\DOCUME~1\HANS\APPLIC~1\Adobe
C:\DOCUME~1\HANS\APPLIC~1\AdobeUM
C:\DOCUME~1\HANS\APPLIC~1\Ahead
C:\DOCUME~1\HANS\APPLIC~1\Apple Computer
C:\DOCUME~1\HANS\APPLIC~1\Canon
C:\DOCUME~1\HANS\APPLIC~1\CyberLink
C:\DOCUME~1\HANS\APPLIC~1\Google
C:\DOCUME~1\HANS\APPLIC~1\Help
C:\DOCUME~1\HANS\APPLIC~1\HP
C:\DOCUME~1\HANS\APPLIC~1\HPAppData
C:\DOCUME~1\HANS\APPLIC~1\Identities
C:\DOCUME~1\HANS\APPLIC~1\Jasc
C:\DOCUME~1\HANS\APPLIC~1\Jasc Software Inc
C:\DOCUME~1\HANS\APPLIC~1\Lavasoft
C:\DOCUME~1\HANS\APPLIC~1\Leadertech
C:\DOCUME~1\HANS\APPLIC~1\Macromedia
C:\DOCUME~1\HANS\APPLIC~1\Malwarebytes
C:\DOCUME~1\HANS\APPLIC~1\Microsoft
C:\DOCUME~1\HANS\APPLIC~1\Motive
C:\DOCUME~1\HANS\APPLIC~1\MSN6
C:\DOCUME~1\HANS\APPLIC~1\PC Tools
C:\DOCUME~1\HANS\APPLIC~1\PlayFirst
C:\DOCUME~1\HANS\APPLIC~1\Roxio
C:\DOCUME~1\HANS\APPLIC~1\Skype
C:\DOCUME~1\HANS\APPLIC~1\Sun
C:\DOCUME~1\HANS\APPLIC~1\SUPERAntiSpyware.com
C:\DOCUME~1\HANS\APPLIC~1\Symantec
C:\DOCUME~1\HANS\APPLIC~1\uTorrent
C:\DOCUME~1\HANS\APPLIC~1\Wanadoo
C:\DOCUME~1\HANS\APPLIC~1\Webroot
C:\DOCUME~1\HANS\APPLIC~1\Windows Live Safety Center
C:\DOCUME~1\HANS\APPLIC~1\ZoomBrowser EX
C:\DOCUME~1\HANS\APPLIC~1\Zylom
C:\DOCUME~1\HANS\APPLIC~1\bytes
C:\DOCUME~1\HANS\APPLIC~1\bytes beschikbaar
C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar
——————–\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks
C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini
——————–\\ Beschrijving van mappen in C:\Program Files
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Arcade!
C:\Program Files\BitLord
C:\Program Files\Bullfrog
C:\Program Files\Canon
C:\Program Files\CleanUp!
C:\Program Files\CoffeeCup Software
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CyberLink
C:\Program Files\CyberQix
C:\Program Files\directx
C:\Program Files\Eset
C:\Program Files\Fisher
C:\Program Files\FontsPsP
C:\Program Files\Freeze.com
C:\Program Files\FTDv3.7.3
C:\Program Files\Google
C:\Program Files\GrabIt
C:\Program Files\hans cd
C:\Program Files\Hema Album Software
C:\Program Files\Hewlett-Packard
C:\Program Files\HighMAT CD Writing Wizard
C:\Program Files\hijack this
C:\Program Files\HP
C:\Program Files\Hyves Kwekker
C:\Program Files\Incomplete
C:\Program Files\Infogrames
C:\Program Files\InstallShield Installation Information
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\Iomega
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Jasc Software Inc
C:\Program Files\Java
C:\Program Files\Kodak
C:\Program Files\Lavasoft
C:\Program Files\Lavasoft(2)
C:\Program Files\LimeWire
C:\Program Files\LWLente
C:\Program Files\Macrogaming
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Mattel Interactive
C:\Program Files\Messenger
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Mindscape
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MP3 Player Utilities 3.78
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSPress
C:\Program Files\MSXML 4.0
C:\Program Files\Neckermann Fotoservice
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\NewsLeecher
C:\Program Files\NickOnline
C:\Program Files\Norman
C:\Program Files\OfficeUpdate11
C:\Program Files\Online Services
C:\Program Files\Outlook Express
C:\Program Files\Picasa2
C:\Program Files\Postbank Blue World Sjoelspel
C:\Program Files\QuickPar
C:\Program Files\QuickTime
C:\Program Files\Radek Tiny Software
C:\Program Files\RegCleaner
C:\Program Files\Roxio
C:\Program Files\SAGEM
C:\Program Files\Samsung
C:\Program Files\Skype
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Spyware Doctor
C:\Program Files\SpywareBlaster
C:\Program Files\SUPERAntiSpyware
C:\Program Files\SweetIM
C:\Program Files\Thuishelp
C:\Program Files\ToniArts
C:\Program Files\Trend Micro
C:\Program Files\Uninstall Information
C:\Program Files\Wanadoo
C:\Program Files\Webroot
C:\Program Files\WIDCOMM
C:\Program Files\Winamp
C:\Program Files\Windows Live
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WindowsUpdate
C:\Program Files\WinRAR
C:\Program Files\WinZip
C:\Program Files\xerox
C:\Program Files\Yahoo!
C:\Program Files\Zwijsen
C:\Program Files\Zylom Games
C:\Program Files\bytes
C:\Program Files\bytes beschikbaar
——————–\\ Beschrijving van mappen in C:\Program Files\Common Files
C:\Program Files\Common Files\Adobe
C:\Program Files\Common Files\Ahead
C:\Program Files\Common Files\Canon
C:\Program Files\Common Files\Designer
C:\Program Files\Common Files\Hewlett-Packard
C:\Program Files\Common Files\HP
C:\Program Files\Common Files\InstallShield
C:\Program Files\Common Files\Java
C:\Program Files\Common Files\Kodak
C:\Program Files\Common Files\Microsoft Shared
C:\Program Files\Common Files\Motive
C:\Program Files\Common Files\MSSoap
C:\Program Files\Common Files\Nero
C:\Program Files\Common Files\ODBC
C:\Program Files\Common Files\Roxio Shared
C:\Program Files\Common Files\Services
C:\Program Files\Common Files\Skype
C:\Program Files\Common Files\SpeechEngines
C:\Program Files\Common Files\SWF Studio
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\System
C:\Program Files\Common Files\Wise Installation Wizard
C:\Program Files\Common Files\bytes
C:\Program Files\Common Files\bytes beschikbaar
——————–\\ Process
( 62 Processes )
… OK !
——————–\\ Zoeken met S_Lop
Geen Lop mappen gevonden !
——————–\\ Zoeken naar Lop Bestanden - Mappen
Geen Lop mappen gevonden !
——————–\\ Zoeken doorheen het Register
….. OK !
——————–\\ Nazicht van het Hosts bestand
Hosts bestand IN ORDE
——————–\\ Zoeken naar verborgen bestanden met Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 20:21:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden files: 0
——————–\\ Zoeken naar andere infecties
Geen andere infecties gevonden !
-> C:\DOCUME~1\Hans\LOCALS~1\Temp
-> C:\DOCUME~1\Hans\Cookies
-> C:\DOCUME~1\Hans\LOCALS~1\TEMPOR~1\content.IE5
-> C:\Recycled
1 - “C:\Lop SD\LopR_1.txt” - ma 12-01-2009|20:23 - Option :
——————–\\ Scan voltooid om 20:23:15
Sluit alle vensters en start Hijack This
Klik: Do a Systemscan only
Zet een hekje in het hokje voor:
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\iso loud test bolt\sign cdrom.exe
klik: Fix checked
Internet Explorer moet gesloten zijn als je Fix Checked klikt
Verborgen bestanden weergeven http://users.pandora.be/marcvn/spyware/1117602.htm
Verwijder
C:\Documents and Settings\All Users\Application Data\ iso loud test bolt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:42, on 13-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Radek Tiny Software\Windows Communicator\Communicator.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: “C:\Program Files\Windows Media Connect 2\WMCCFG.exe” /StartQuiet
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKCU\..\Run: “C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Communicator.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hans\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131620512647
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Communicator server (WinComServer) - Radek Tiny Software - C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
–
End of file - 13808 bytes
nieuwe logfile nadat ik alles volgens lijst heb verwijderd .
