Mededeling

Collapse
No announcement yet.

Partypoker en andere onhebbelijkheden

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Partypoker en andere onhebbelijkheden

    Hoe ik het binnengehaald heb weet ik niet maar recent wordt ik regelmatig geconfronteerd met een spontaan opnenende browser op www.partypoker.com (en ook andere sites)

    Mijn log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:17, on 10-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Citrix\ICA Client\Wfcrun32.exe
    C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0413&s=search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe
    O4 - HKLM\..\Run: [ADSLSYSTEMTRAY] C:\PROGRA~1\ADSLMO~1\Systemtray.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
    O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
    O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115572382923
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://collaboration.fbk.eur.nl/Livelink92support/exppro/isetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://collaboration.fbk.eur.nl/Livelink92support/webedit/lledit.cab
    O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\OLAFBI~1\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 12608 bytes

    Groeten,
    obiemond

  • #2
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hierbij de DSS textfile.
      Naast partypoker komen er ook andere popups van bijv. 888.com en zojuist een belgische site.

      Ik heb overigens naast Spybot en Ad-Aware ook AVG antispyware gedraaid.



      Deckard's System Scanner v20071014.68
      Run by Olaf Biemond on 2008-04-10 18:00:17
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      14: 2008-04-10 16:00:32 UTC - RP798 - Deckard's System Scanner Restore Point
      13: 2008-04-08 17:10:08 UTC - RP797 - Software Distribution Service 3.0
      12: 2008-04-07 17:14:50 UTC - RP796 - Controlepunt van systeem
      11: 2008-04-06 13:47:10 UTC - RP795 - Controlepunt van systeem
      10: 2008-04-04 17:06:43 UTC - RP794 - Controlepunt van systeem


      -- First Restore Point --
      1: 2008-03-22 12:37:18 UTC - RP785 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Olaf Biemond.exe) ----------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:08:03, on 10-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
      C:\WINDOWS\System32\CTsvcCDA.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
      C:\COMPAQ\CPQINET\CPQInet.exe
      C:\Compaq\EAKDRV\EAUSBKBD.EXE
      C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Documents and Settings\Olaf Biemond\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Olaf Biemond.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0413&s=search&ap=b204
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
      O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
      O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
      O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
      O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe
      O4 - HKLM\..\Run: [ADSLSYSTEMTRAY] C:\PROGRA~1\ADSLMO~1\Systemtray.exe
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
      O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
      O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
      O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
      O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115572382923
      O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://collaboration.fbk.eur.nl/Livelink92support/exppro/isetup.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
      O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://collaboration.fbk.eur.nl/Livelink92support/webedit/lledit.cab
      O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\OLAFBI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 12321 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing)
      S1 EAWDMFD - c:\windows\system32\drivers\eawdmfd.sys (file missing)
      S3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
      S3 basic2 - c:\windows\system32\drivers\hsf_bsc2.sys (file missing)
      S3 CnxTrUsb (Conexant USB Network Interface Device Driver) - c:\windows\system32\drivers\cnxtrusb.sys <Not Verified; Conexant; Conexant USB Network Device>
      S3 EU3_USB (WLAN miniUSB Driver) - c:\windows\system32\drivers\eu3usb.sys <Not Verified; Intersil Americas Inc.; 802.11 Wireless LAN>
      S3 hsf_msft - c:\windows\system32\drivers\hsf_msft.sys (file missing)
      S3 Rksample - c:\windows\system32\drivers\hsf_samp.sys (file missing)
      S3 SANDRA - c:\program files\sisoftware\sisoftware sandra professional 2005.sr1\sandra.sys (file missing)
      S3 WNCPKT (WNCPKT Protocol Driver) - c:\windows\system32\drivers\wncpkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

      S2 hpdj - c:\docume~1\olafbi~1\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product= (file missing)


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: Intel(R) PRO/100 VM Network Connection
      Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_00120E11&REV_03\4&122329E2&0&40F0
      Manufacturer: Compaq
      Name: Intel(R) PRO/100 VM Network Connection
      PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_00120E11&REV_03\4&122329E2&0&40F0
      Service: E100B

      Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
      Description: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
      Device ID: ACPI\PNP0303\4&163C0F35&0
      Manufacturer: (standaardtoetsenbord)
      Name: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
      PNP Device ID: ACPI\PNP0303\4&163C0F35&0
      Service: i8042prt


      -- Scheduled Tasks -------------------------------------------------------------

      2008-04-10 17:52:27 330 --a------ C:\WINDOWS\Tasks\GoogleUpdateTask.job


      -- Files created between 2008-03-10 and 2008-04-10 -----------------------------

      2008-04-07 17:39:22 0 d-------- C:\Documents and Settings\Olaf Biemond\Application Data\Grisoft
      2008-04-07 17:39:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-04-02 11:31:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-02 11:30:18 0 d-------- C:\Program Files\Spyware Doctor
      2008-04-02 11:30:18 0 d-------- C:\Documents and Settings\Olaf Biemond\Application Data\PC Tools
      2008-03-27 12:40:51 0 d-------- C:\CD Afrika
      2008-03-27 01:32:50 0 d-------- C:\Program Files\Power DVD Player
      2008-03-27 01:26:45 0 d-------- C:\DigiMode


      -- Find3M Report ---------------------------------------------------------------

      2008-04-08 09:42:20 0 d-------- C:\Program Files\Trend Micro
      2008-04-02 12:07:39 442318 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-02 12:07:39 69614 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-03-31 23:26:20 0 d-------- C:\Program Files\Google
      2008-03-28 14:25:44 0 d-------- C:\Program Files\Java
      2008-03-12 01:33:51 33536 --a------ C:\Documents and Settings\Olaf Biemond\Application Data\GDIPFONTCACHEV1.DAT
      2008-03-04 22:26:15 0 d-------- C:\Documents and Settings\Olaf Biemond\Application Data\FileZilla
      2008-02-15 16:09:25 0 d-------- C:\Documents and Settings\Olaf Biemond\Application Data\Datalayer
      2008-02-07 13:51:19 119962 --a------ C:\WINDOWS\hpoins11.dat


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282C89-3BD3-4387-92D9-C76428B07E07}]
      14-03-2008 20:18 156144 --a----t- C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="NvQTwk"
      "UpdReg"="C:\WINDOWS\Updreg.exe" [11-05-2000 02:00]
      "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [28-03-2001 09:00]
      "CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [15-08-2001 11:50]
      "srmclean"="C:\Cpqs\Scom\srmclean.exe" [24-07-2001 23:34]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29-03-2008 19:37]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [11-03-2003 14:08]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [04-08-2004 10:03 C:\WINDOWS\system32\bthprops.cpl]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [13-01-2006 19:52]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08-07-2006 11:37]
      "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23-03-2007 13:20]
      "CleanRegPath"="C:\PROGRA~1\ADSLMO~1\CleanReg.exe"
      "ADSLSYSTEMTRAY"="C:\PROGRA~1\ADSLMO~1\Systemtray.exe"
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [31-10-2007 11:19]
      "eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [06-03-2007 19:21]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15-07-2005 23:48]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [19-02-2006 03:41]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 23:16]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 11:25]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 10:03]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [19-01-2005 15:25]
      "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [22-01-2008 00:43]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12-09-2007 17:12]
      "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27-03-2007 15:58]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector"
      "Power DVD Player"="C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" [06-09-2007 09:28]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

      C:\Documents and Settings\Olaf Biemond\Menu Start\Programma's\Opstarten\
      Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [24-1-2002 15:12:56]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [19-2-2006 5:21:22]
      HP Photosmart Premier Snelstart.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [10-2-2006 8:56:20]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"=0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      @=

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs BthServ




      -- End of Deckard's System Scanner: finished at 2008-04-10 18:11:17 ------------

      Comment


      • #4
        Download Malwarebytes' Anti-Malware via hier of hier.

        Dubbelklik mbam-setup.exe om het programma te installeren.
        • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
        • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
        • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
        • Het scannen kan een tijdje duren, dus wees geduldig.
        • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
        • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
        • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
        • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
        • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

        Extra Nota:
        Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

        plaats ook een nieuw HJT logje

        Comment


        • #5
          Snelle scan heeft 0 resultaten opgeleverd!
          Heb nu de uitgebreide scan gestart.

          Comment


          • #6
            Uitreide scan: ook 0 results!

            Nou moe. Het is een hardnekkige. Ook de uitgebreide scan heeft niets opgeleverd.

            Of het iets helpt weet ik niet maar dit zijn de laatste 3 URL's waarmee ik lastig gevallen ben. Na opstarten van de computer komen er altijd 1of 2 langs en later in de tijd zo af en toe nog eens....

            http://www.vueling.com/NL/?utm_source=zan&utm_medium=cpv&utm_campaign=nl&cid=188&zanpid=1095463058253292544

            http://www.partypoker.com/marketing/new_bonus14/index1_nl_30100.htm?wm=2819464

            http://www.blinko.nl/nl/pmsdata.html?target=blinko2/splash/main/splash143_html&subparam_mk=pila5



            Malwarebytes' Anti-Malware 1.11
            Database versie: 606

            Scan type: Volledige Scan (C:\|D:\|G:\|H:\|)
            Objecten gescand: 174296
            Verstreken tijd: 2 hour(s), 49 minute(s), 14 second(s)

            Geheugenprocessen geïnfecteerd: 0
            Geheugenmodulen geïnfecteerd: 0
            Registersleutels geïnfecteerd: 0
            Registerwaarden geïnfecteerd: 0
            Registerdata bestanden geïnfecteerd: 0
            Mappen geïnfecteerd: 0
            Bestanden geïnfecteerd: 0

            Geheugenprocessen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Geheugenmodulen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registersleutels geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registerwaarden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registerdata bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Mappen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Comment


            • #7
              nieuwe HJT log

              Wellicht ten overvloede nog nieuwe HJT log:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 7:58:06, on 11-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              C:\Program Files\Alwil Software\Avast4\ashServ.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              C:\WINDOWS\System32\CTsvcCDA.EXE
              C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\MsPMSPSv.exe
              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
              C:\COMPAQ\CPQINET\CPQInet.exe
              C:\Compaq\EAKDRV\EAUSBKBD.EXE
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
              C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
              C:\Program Files\Google\Gmail Notifier\gnotify.exe
              C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
              C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
              C:\Program Files\Picasa2\PicasaMediaDetector.exe
              C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
              C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
              C:\WINDOWS\System32\wbem\wmiapsrv.exe
              C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0413&s=search&ap=b204
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
              O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
              O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
              O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
              O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
              O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
              O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
              O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
              O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
              O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
              O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe
              O4 - HKLM\..\Run: [ADSLSYSTEMTRAY] C:\PROGRA~1\ADSLMO~1\Systemtray.exe
              O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
              O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
              O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
              O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
              O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
              O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
              O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
              O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
              O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
              O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
              O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
              O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115572382923
              O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://collaboration.fbk.eur.nl/Livelink92support/exppro/isetup.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
              O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://collaboration.fbk.eur.nl/Livelink92support/webedit/lledit.cab
              O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
              O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
              O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\OLAFBI~1\LOCALS~1\Temp\hpdj.exe (file missing)
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

              --
              End of file - 12063 bytes

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                SC DELETE EACMOS
                SC DELETE basic2
                SC DELETE hsf_msft
                SC DELETE Rksample
                SC DELETE SANDRA
                SC STOP WNCPKT
                SC DELETE WNCPKT
                SC DELETE hpdj
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                c:\windows\system32\drivers\wncpkt.sys) DO (
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Comment


                • #9
                  Het resultaat:

                  Deleting files
                  c:\windows\system32\drivers\wncpkt.sys deleted

                  Comment


                  • #10
                    Krijg je nog steeds popups?

                    Comment


                    • #11
                      En zojuist opnieuw opgestart en...... vooralsnog géén partypoker!
                      Totnogtoe kwam die meteen bij opstart om de hoek dus wellicht was dit de boosdoener.
                      Ik hou het nog even in de gaten (wil niet te voreg juichen)

                      Comment


                      • #12
                        Ik hoor het wel

                        Comment


                        • #13
                          Ja zeker. Ontzettend bedankt voor de snelle en deskundige hulp!

                          Uit nieuwsgierigheid: hoe kan het dat alle programma's die ik heb gedraaid deze missen?

                          Comment


                          • #14
                            Graag gedaan hoor

                            Er is zo veel malware, geen enkele scanner vindt alle infecties en dat zal ook nooit lukken, er komen dagelijks vele tientallen nieuwe varianten bij.

                            Doe dit nog maar even:

                            Download ATF cleaner (mirror)(gemaakt door Atribune)

                            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                            Dubbelklik op ATF cleaner om het programma te starten.
                            Op het tabblad "Main", plaats je een vinkje bij Select All.
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook FireFox als browser hebt:
                            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook Opera als browser hebt:
                            Klik op tabblad "Opera", plaats een vinkje bij Select All.
                            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            Klik op de knop Empty Selected.
                            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                            Kijk hier hoe je je systeemherstel moet uitschakelen.
                            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                            Zijn er nog problemen, laat het dan maar even weten

                            Comment


                            • #15
                              Ja.... te vroeg gejuicht :-(

                              Vandaag startte ik mijn PC op en kwamen er zelfs DRIE spontane browser omhoog.
                              Hierbij de respectievelijke URL's (ik weet niet of het iets helpt maar meer aanwijzingen heb ik niet:

                              http://shop.www.hi.nl/hi/mcsmambo.p?NLAffiliate=Zanox&M5Referer=zanox_gsm&UTM_medium=affiliate&PartnerID=1096481454415684608

                              http://www.partypoker.com/marketing/new_bonus14/index1_nl_30100.htm?wm=2775838

                              http://www.canbet.com/?IAT=3fbb27b8af189b403cc800f4ea2d3b1c&

                              Dus Partypoker blijft een constante.....
                              Ik ga maar weer ns Ad-Aware, Spybot, AVG etc draaien en dan meer weer ns een HJT logje posten. Iemand nog andere creatieve ideeen ondertussen?

                              obiemond.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X