antivirus.startpagina.nl

surfesave.exe

  • Anonymous avatar

    Piet

    Resume.

    Juiste HJT downloaden en gebruiken.

    Plaats dan nogmaals een logje ter controle.

    Stukje uit de handleiding.

    >>6. Download HijackThis.

    Windows XP gebruikers:

    - Dubbelklik op HJTInstall.

    - Hijackthis versie (2.0.4) wordt nu op de PCgeïnstalleerd, een snelkoppeling wordt op het bureaublad geplaatst.

    - Dubbelklik op het Icoontje van Hijackthis om het programma te starten.

    - Klik op “Do a systemscan and save a logfile”.

    - Er opent een Kladblok venster, houd gelijktijdig de CTRL en A toets ingedrukt, nu is alles geselecteerd.

    - Houd gelijktijdig de CTRL en C toets ingedrukt, nu is alles gekopieerd.<<

  • Anonymous avatar

    fazantje

    Hoi Kale Roy,

    De nieuwste versie van HijackThis vind je in de volgende link, punt 6:

    http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317

    Ik ben op het moment de enigste helper op dit prikbord, i.v.m. vakanties.

    Aangezien ik nog niet alles van combofix eruit kan halen, moet je even geduld hebben tot zaterdag, want dan heb ik weer ondersteuning om jou goed verder te helpen.

    Ik zie al wel delen van surfsave in combo dus even geduld graag.

    Groetjes Huib:)

  • Anonymous avatar

    kale_roy

    Ik vind het frapant Huib maar als ik op het instalatiebestandje van hj ga staan en rechtermuisknop doe dan krijg ik niet in het menu open als administrator vreemd ….

  • Anonymous avatar

    fazantje

    Hoi Roy,

    Probeer hem eens gewoon te installeren, als dit is gebeurt, dan ga je naar: Deze computer (of C schijf) - dan open de map Program files - dan open je de map Trend Micro.

    Nu zie je weer het HijackThis Icoontje. Klik met de rechtermuisknop hierop en dan uitvoeren als administrator.

    Succes,

    Huib:)

  • Anonymous avatar

    kale_roy

    EUREKA ja nu werkt hij die vervelende surfesave is nu wel weg uit mijn opstart lijst bij processen mijn laptop is weer lekker snel .bij deze het hj log ik reageer vamiddag wel even ik moet nu aan mijn werk

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 8:53:36, on 5-8-2010

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.18928)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Windows\Help32\safesurf.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Windows Live\Toolbar\wltuser.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

    O4 - HKLM\..\Run: C:\Windows\Help32\safesurf.exe

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

    End of file - 4690 bytes

  • Anonymous avatar

    fazantje

    Hoi Roy,

    Wees nog niet TE blij;)

    Savesurf is nog zeker aanwezig, zie o.a.:

    O4 - HKLM\..\Run: C:\Windows\Help32\safesurf.exe

    En in combofix zie ik ook nog delen van combofix zitten.

    Zoals ik al zei, heb even geduld tot zaterdag.

    Groetjes Huib:)

  • Anonymous avatar

    kale_roy

    Zal ik zeker doen Huib maar heb hem wel in msconfig opstarten uitgeschakeld.

  • Anonymous avatar

    Killerbee

    Even geduld zal er straks naar kijken.

  • Anonymous avatar

    fazantje

    Hoi Roy,

    Het heeft iets langer geduurd, maar hier dan toch het vervolg van Combofix.

    Doe het volgende:

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

    • File::

      c:\windows\help32\safesurf.exe

      “jsafesurf”=“c:\windows\Help32\safesurf.exe”

    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

    Dit zal ComboFix doen herstarten.

    Start opnieuw op als daarom gevraagd wordt,

    en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes,

    Huib:)

  • Anonymous avatar

    kale_roy

    Bij deze de logs huis heb alles uitgevoerd waar je om vroeg

    ComboFix 10-08-08.03 - Beheerder 09-08-2010 21:34:38.2.1 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.413

    Gestart vanuit: c:\users\Beheerder\Desktop\ComboFix.exe

    gebruikte Opdracht switches :: c:\users\Beheerder\Desktop\CFScript.exe

    AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    * Aanwezig AV is actief

    FILE ::

    “c:\windows\help32\safesurf.exe”

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\windows\help32\safesurf.exe

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-09 to 2010-08-09 ))))))))))))))))))))))))))))))

    .

    2010-08-09 19:42 . 2010-08-09 19:42 ——– d—–w- c:\users\Beheerder\AppData\Local\temp

    2010-08-09 19:42 . 2010-08-09 19:42 ——– d—–w- c:\users\Public\AppData\Local\temp

    2010-08-09 19:42 . 2010-08-09 19:42 ——– d—–w- c:\users\Default\AppData\Local\temp

    2010-08-07 18:45 . 2010-08-07 18:45 5642000 —-a-w- c:\users\Beheerder\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

    2010-08-05 15:21 . 2010-08-08 09:24 ——– d—–w- c:\program files\WhatsRunning

    2010-08-02 17:42 . 2010-08-02 20:22 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware

    2010-08-02 17:02 . 2009-10-09 21:56 2048 —-a-w- c:\windows\system32\winrsmgr.dll

    2010-08-02 17:00 . 2010-08-02 17:00 ——– d—–w- c:\program files\Synaptics

    2010-08-02 15:09 . 2010-08-02 15:09 22 –sha-w- c:\windows\Sys3390 SettingsCollection.bin

    2010-08-02 15:09 . 2010-08-02 15:09 22 –sha-w- c:\users\Beheerder\AppData\Roaming\Sys6925.Config Collection.sys

    2010-07-29 19:55 . 2010-07-29 19:55 ——– d—–w- c:\users\Beheerder\AppData\Roaming\YoudaGames

    2010-07-29 19:55 . 2010-08-09 19:41 ——– d—–w- c:\windows\Help32

    2010-07-29 19:55 . 2010-07-29 19:55 ——– d—–w- c:\windows\system32\weber

    2010-07-29 19:55 . 2010-07-29 19:55 ——– d—–w- c:\program files\Youda Games

    2010-07-22 19:53 . 2010-07-23 08:33 ——– d—–w- c:\windows\Governor of Poker

    2010-07-22 19:53 . 2010-07-22 19:53 ——– d—–w- c:\program files\Governor of Poker

    2010-07-22 15:57 . 2010-07-22 15:57 ——– d—–w- c:\program files\DVD Shrink

    2010-07-20 21:05 . 2010-07-20 21:05 ——– d—–w- c:\programdata\Dekovir

    2010-07-20 13:11 . 2010-07-20 13:18 ——– d—–w- c:\program files\DirectVobSub

    2010-07-20 12:51 . 2010-07-20 12:51 ——– d—–w- c:\windows\Downloaded Installations

    2010-07-16 11:50 . 2009-09-02 14:41 102439 —-a-w- c:\windows\system32\sipr3260.dll

    2010-07-16 11:50 . 2009-09-02 14:41 65602 —-a-w- c:\windows\system32\cook3260.dll

    2010-07-16 11:50 . 2009-09-02 14:41 626688 —-a-w- c:\windows\system32\vp7vfw.dll

    2010-07-16 11:50 . 2009-09-02 14:41 217127 —-a-w- c:\windows\system32\drv43260.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-08-09 17:00 . 2010-05-14 15:58 ——– d—–w- c:\users\Beheerder\AppData\Roaming\vlc

    2010-08-09 16:29 . 2009-01-24 15:14 ——– d—–w- c:\users\Beheerder\AppData\Roaming\GrabIt

    2010-08-08 01:16 . 2009-10-22 19:32 ——– d—–w- c:\users\Beheerder\AppData\Roaming\dvdcss

    2010-08-07 17:52 . 2008-01-21 06:47 677188 —-a-w- c:\windows\system32\perfh013.dat

    2010-08-07 17:52 . 2008-01-21 06:47 130186 —-a-w- c:\windows\system32\perfc013.dat

    2010-08-03 14:36 . 2010-01-03 09:58 ——– d—–w- c:\program files\BearShare Applications

    2010-08-03 12:58 . 2010-05-23 09:32 ——– d—–w- c:\users\Beheerder\AppData\Roaming\Winamp

    2010-08-02 17:34 . 2006-05-09 16:24 103573 —ha-w- c:\users\Beheerder\AppData\Roaming\Beheerderlog.dat

    2010-08-02 17:00 . 2010-08-02 17:00 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

    2010-07-27 21:50 . 2009-02-13 18:53 ——– d—–w- c:\programdata\DVD Shrink

    2010-07-16 12:58 . 2010-07-13 19:59 ——– d—–w- c:\users\Beheerder\AppData\Roaming\Vso

    2010-07-16 11:51 . 2010-07-13 19:59 47360 —-a-w- c:\users\Beheerder\AppData\Roaming\pcouffin.sys

    2010-07-16 11:51 . 2010-07-13 19:59 47360 —-a-w- c:\users\Beheerder\AppData\Roaming\pcouffin.sys

    2010-07-16 11:50 . 2010-07-13 19:59 ——– d—–w- c:\program files\VSO

    2010-07-16 11:40 . 2009-02-11 21:10 ——– d—–w- c:\program files\WinAVI Video Converter

    2010-07-15 18:43 . 2010-07-15 18:43 ——– d—–w- c:\programdata\vsosdk

    2010-07-15 01:04 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail

    2010-07-13 19:59 . 2010-07-13 19:59 47360 —-a-w- c:\windows\system32\drivers\pcouffin.sys

    2010-07-10 18:56 . 2010-07-10 18:56 ——– d—–w- c:\users\Beheerder\AppData\Roaming\TikisLab

    2010-07-10 18:55 . 2010-07-10 18:55 ——– d—–w- c:\program files\Games

    2010-07-01 20:09 . 2010-07-01 20:09 ——– d—–w- c:\program files\Microsoft.NET

    2010-06-26 05:52 . 2009-08-08 20:59 ——– d—–w- c:\program files\PokerStars

    2010-05-26 17:06 . 2010-06-11 16:06 34304 —-a-w- c:\windows\system32\atmlib.dll

    2010-05-26 14:47 . 2010-06-11 16:06 289792 —-a-w- c:\windows\system32\atmfd.dll

    2010-05-21 12:14 . 2009-10-02 23:44 221568 ——w- c:\windows\system32\MpSigStub.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    “msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”

    “Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”

    “nod32kui”=“c:\program files\Eset\nod32kui.exe”

    “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”

    “EnableUIADesktopToggle”= 0 (0x0)

    @=“Service”

    2010-06-09 08:06 976832 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    2010-06-20 02:04 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    2009-11-24 21:49 1738040 —-a-w- c:\program files\CCleaner\CCleaner.exe

    2010-01-22 18:16 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe

    2009-07-26 14:44 3883856 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    2009-11-10 22:08 417792 —-a-w- c:\program files\QuickTime\QTTask.exe

    2009-01-24 17:42 136600 —-a-w- c:\program files\Java\jre6\bin\jusched.exe

    2010-05-19 14:37 37888 —-a-w- c:\program files\Winamp\winampa.exe

    “VistaSp2”=hex(b):20,55,0a,69,04,25,ca,01

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys

    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS

    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys

    S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    .

    Inhoud van de ‘Gedeelde Taken’ map

    2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe

    2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe

    .

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = hxxp://www.google.nl/

    mStart Page = hxxp://www.tinit.org/

    LSP: c:\windows\system32\imon.dll

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-08-09 21:42

    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond

    verborgen bestanden: 0

    **************************************************************************

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    “hanaglkelgmjdape”=hex:6a,61,61,61,6b,6a,6d,61,6d,6c,6e,63,6c,63,61,6d,67,6e,

    69,70,00,00

    “iapfnelhhmnpbkjjon”=hex:63,61,67,70,6a,6a,00,7f

    “iadamlgihijbidelod”=hex:6a,61,61,61,6b,6a,6d,61,6d,6c,6e,63,6c,63,61,6d,67,6e,

    69,70,00,00

    “dbfaomodopjongocomgbgkjfbaccmllphipdoagi”=hex:68,61,6b,64,6c,61,70,64,6d,6e,

    6c,62,68,69,62,6e,00,00

    “jbfaomodopjongocomgbjlkkgpchahenlcdmjlkffikmkghelcih”=hex:68,61,6b,64,6c,61,

    70,64,6d,6e,6c,62,68,69,62,6e,00,00

    “dbfaomodopjongocomgblkglhmhmkponbdogeoen”=hex:62,61,6e,63,00,67

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    Voltooingstijd: 2010-08-09 21:47:13

    ComboFix-quarantined-files.txt 2010-08-09 19:46

    ComboFix2.txt 2010-08-03 15:17

    Pre-Run: 35.869.597.696 bytes beschikbaar

    Post-Run: 35.828.420.608 bytes beschikbaar

    - - End Of File - - 38B66C1A90583C4E34F8C4F762C69E27

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 21:52:22, on 9-8-2010

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.18928)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Windows\system32\conime.exe

    C:\Windows\explorer.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Windows Live\Toolbar\wltuser.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

    End of file - 4533 bytes