Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO verwijderen.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

hoi,

ComboFix 08-03-07.1 - Eigenaar 2008-03-07 18:35:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.354 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar.VICOMPUTER\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))
.

2008-03-06 18:49 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\825051.dll
2008-03-06 18:49 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\6961c60.dll
2008-03-06 17:29 . 2008-03-06 17:29 <DIR> d--hs---- C:\found.000
2008-03-05 14:56 . 2008-03-05 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 12:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-29 12:21 . 2008-02-29 12:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 12:09 . 2008-03-06 19:22 <DIR> d-------- C:\Program Files\Windows Live
2008-02-29 12:09 . 2008-02-29 12:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 12:09 . 2008-02-29 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 19:06 . 2003-07-20 19:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-25 19:06 . 2005-01-04 10:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-25 19:05 . 2008-02-25 19:05 <DIR> d-------- C:\Nexon
2008-02-25 19:05 . 2008-02-25 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-02-25 17:38 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\67f52be.dll
2008-02-25 17:38 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\147ac8e0.dll
2008-02-24 16:14 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\2dda49b.dll
2008-02-24 16:14 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\1f81e02c.dll
2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\b2970f0.dll
2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\98e029a.dll
2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\18c2b920.dll
2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\13f9c6a7.dll
2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\2b322ce8.dll
2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\2a4c0e9.dll
2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\1a0f96d9.dll
2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\198dffd0.dll
2008-02-22 20:42 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\b19efcd.dll
2008-02-22 20:42 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\2bb04000.dll
2008-02-10 18:22 . 2008-02-10 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-02-10 18:20 . 2008-02-10 18:20 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-02-10 18:20 . 2008-02-10 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-10 18:19 . 2008-02-10 18:19 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-10 18:15 . 2008-02-10 18:16 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-10 18:14 . 2008-02-10 18:14 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-10 18:03 . 2008-02-10 18:24 90,186 --a------ C:\WINDOWS\hpoins06.dat
2008-02-10 18:03 . 2005-06-03 06:53 5,389 --------- C:\WINDOWS\hpomdl06.dat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 14:04 --------- d-----w C:\Program Files\Catan
2008-03-05 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 17:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 13:45 --------- d-----w C:\Program Files\EA GAMES
2008-02-11 14:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 18:36 --------- d-----w C:\Documents and Settings\Eigenaar.VICOMPUTER\Application Data\HP
2008-02-10 17:22 --------- d-----w C:\Program Files\HP
2008-02-01 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-21 19:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-10-23 01:30 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 17:32 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-10-23 01:30 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-07 03:18 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Eigenaar.VICOMPUTER\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-30 10:39:34 557568]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 10:10:19 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Nexon\\KartRider\\NMService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2006-02-26 16:21]

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-06 15:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-03-03 20:23:36 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - Eigenaar.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 18:39:11
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-03-07 18:39:42
ComboFix-quarantined-files.txt 2008-03-07 17:39:39
.
2008-03-01 21:52:28 --- E O F ---

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.


@ECHO OFF
IF EXIST log.txt DEL log.txt
ATTRIB -r -s -h C:\found.000
rd /s /q C:\found.000
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\825051.dll
C:\WINDOWS\system32\6961c60.dll
C:\found.000
C:\WINDOWS\system32\67f52be.dll
C:\WINDOWS\system32\147ac8e0.dll
C:\WINDOWS\system32\2dda49b.dll
C:\WINDOWS\system32\1f81e02c.dll
C:\WINDOWS\system32\b2970f0.dll
C:\WINDOWS\system32\98e029a.dll
C:\WINDOWS\system32\18c2b920.dll
C:\WINDOWS\system32\13f9c6a7.dll
C:\WINDOWS\system32\2b322ce8.dll
C:\WINDOWS\system32\2a4c0e9.dll
C:\WINDOWS\system32\1a0f96d9.dll
C:\WINDOWS\system32\198dffd0.dll
C:\WINDOWS\system32\b19efcd.dll
C:\WINDOWS\system32\2bb04000.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Meldt of er nog problemen zijn.

Deleting files
C:\WINDOWS\system32\825051.dll deleted
C:\WINDOWS\system32\6961c60.dll deleted
C:\found.000 not found
C:\WINDOWS\system32\67f52be.dll deleted
C:\WINDOWS\system32\147ac8e0.dll deleted
C:\WINDOWS\system32\2dda49b.dll deleted
C:\WINDOWS\system32\1f81e02c.dll deleted
C:\WINDOWS\system32\b2970f0.dll deleted
C:\WINDOWS\system32\98e029a.dll deleted
C:\WINDOWS\system32\18c2b920.dll deleted
C:\WINDOWS\system32\13f9c6a7.dll deleted
C:\WINDOWS\system32\2b322ce8.dll deleted
C:\WINDOWS\system32\2a4c0e9.dll deleted
C:\WINDOWS\system32\1a0f96d9.dll deleted
C:\WINDOWS\system32\198dffd0.dll deleted
C:\WINDOWS\system32\b19efcd.dll deleted
C:\WINDOWS\system32\2bb04000.dll deleted

Ik heb de pop-ups niet vaak, maar af en toe, dus ik kan niet snel checken of ze weg zijn, maar ik denk het wel dus heel erg bedankt!

Doe dit nog:

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Post als laatste nog een nieuw logje van Hijackthis ter controle

heel erg bedankt en altjeblieft, hier is het logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:37, on 7-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9028 bytes

Graag gedaan hoor

Je logje ziet er ook weer prima uit