Hier zijn ze!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:18, on 2-11-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\CYBERL~1\SHARED~1\RICHVI~1.EXE
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: “C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe”
O4 - HKLM\..\Run: Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: “C:\Windows\system32\jureg.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe” -startup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F “C:\Windows\TEMP\E_SACC2.tmp” /EF “HKLM”
O4 - HKLM\..\Run: “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe”
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe” /Startup
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\HOMERunner.exe”
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (upload toepassing Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
–
End of file - 10617 bytes
ComboFix 08-11-09.04 - Kirsten 2008-11-10 15:45:49.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2066
Gestart vanuit: c:\users\Kirsten\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))
.
2008-11-09 15:55 . 2008-11-09 15:55 d——– c:\program files\CleanUp!
2008-11-09 15:52 . 2008-11-09 16:20 d——– c:\users\All Users\Spybot - Search & Destroy
2008-11-09 15:52 . 2008-11-09 16:20 d——– c:\programdata\Spybot - Search & Destroy
2008-11-09 15:52 . 2008-11-09 15:52 d——– c:\program files\Spybot - Search & Destroy
2008-11-07 14:54 . 2008-11-07 15:22 d——– c:\program files\Nero
2008-11-02 18:12 . 2008-08-05 10:49 428,544 –a—— c:\windows\System32\EncDec.dll
2008-11-02 18:12 . 2008-08-05 10:49 293,376 –a—— c:\windows\System32\psisdecd.dll
2008-11-02 18:12 . 2008-08-05 10:48 217,088 –a—— c:\windows\System32\psisrndr.ax
2008-11-02 18:12 . 2008-08-05 10:48 177,664 –a—— c:\windows\System32\mpg2splt.ax
2008-11-02 18:12 . 2008-08-05 10:48 80,896 –a—— c:\windows\System32\MSNP.ax
2008-11-02 17:37 . 2008-11-02 17:39 d——– c:\users\All Users\Lavasoft
2008-11-02 17:37 . 2008-11-02 17:39 d——– c:\programdata\Lavasoft
2008-11-02 17:37 . 2008-11-02 17:37 d——– c:\program files\Lavasoft
2008-11-02 17:37 . 2008-11-02 17:37 d——– c:\program files\Common Files\Wise Installation Wizard
2008-11-02 17:33 . 2008-11-02 17:33 d——– c:\program files\Trend Micro
2008-11-02 09:53 . 2008-11-02 09:53 d——– c:\users\Kirsten\AppData\Roaming\Malwarebytes
2008-11-02 09:53 . 2008-11-02 09:53 d——– c:\users\All Users\Malwarebytes
2008-11-02 09:53 . 2008-11-02 09:53 d——– c:\programdata\Malwarebytes
2008-11-02 09:53 . 2008-11-07 07:36 d——– c:\program files\Malwarebytes' Anti-Malware
2008-11-02 09:53 . 2008-10-22 16:10 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-02 09:53 . 2008-10-22 16:10 15,504 –a—— c:\windows\System32\drivers\mbam.sys
2008-11-01 16:19 . 2008-11-01 16:19 d——– C:\VundoFix Backups
2008-11-01 12:16 . 2008-11-02 09:36 d-a—— c:\users\All Users\TEMP
2008-11-01 12:16 . 2008-11-02 09:36 d-a—— c:\programdata\TEMP
2008-11-01 12:00 . 2008-11-01 12:00 d——– c:\users\All Users\Google
2008-11-01 12:00 . 2008-11-01 12:00 d——– c:\program files\Google
2008-11-01 10:31 . 2008-06-24 12:45 1,414,440 –a—— c:\windows\System32\ShellManager310E2D762.dll
2008-11-01 10:31 . 2008-06-23 16:36 773,120 –a—— c:\windows\System32\NEROINSTAEC43759.DB
2008-10-29 16:34 . 2008-08-12 04:39 443,392 –a—— c:\windows\System32\win32spl.dll
2008-10-29 16:34 . 2008-09-18 05:56 147,456 –a—— c:\windows\System32\Faultrep.dll
2008-10-29 16:34 . 2008-09-18 05:56 125,952 –a—— c:\windows\System32\wersvc.dll
2008-10-22 11:28 . 2008-11-07 15:24 4,767 –a—— c:\windows\Irremote.ini
2008-10-16 17:23 . 2008-10-16 17:23 d——– c:\program files\Windows Media Components
2008-10-15 17:41 . 2008-10-15 17:42 d——– c:\users\Kirsten\AppData\Roaming\NCH Software
2008-10-15 17:41 . 2008-10-15 17:41 d——– c:\users\All Users\NCH Software
2008-10-15 17:41 . 2008-10-15 17:41 d——– c:\programdata\NCH Software
2008-10-15 17:41 . 2008-10-15 17:41 d——– c:\program files\NCH Software
2008-10-15 05:46 . 2008-09-18 06:09 3,601,464 –a—— c:\windows\System32\ntkrnlpa.exe
2008-10-15 05:46 . 2008-09-18 06:09 3,549,240 –a—— c:\windows\System32\ntoskrnl.exe
2008-10-15 05:46 . 2008-09-18 03:16 2,032,640 –a—— c:\windows\System32\win32k.sys
2008-10-15 05:46 . 2008-10-02 02:32 1,383,424 –a—— c:\windows\System32\mshtml.tlb
2008-10-15 05:46 . 2008-10-02 04:49 827,392 –a—— c:\windows\System32\wininet.dll
2008-10-15 05:46 . 2008-08-27 02:06 288,768 –a—— c:\windows\System32\drivers\srv.sys
2008-10-13 18:07 . 2008-10-13 18:07 d——– c:\users\Kirsten\K3 de wereld rond
2008-10-13 17:56 . 2008-10-13 17:56 d——– C:\K3_DE_WERELD_ROND
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 11:01 4,076 –sha-w c:\windows\System32\KGyGaAvL.sys
2008-11-09 20:16 ——— d—–w c:\users\Kirsten\AppData\Roaming\LimeWire
2008-11-07 14:47 ——— d—–w c:\program files\Common Files\Nero
2008-11-07 14:11 ——— d—–w c:\programdata\Nero
2008-11-07 13:52 ——— d—a-w c:\program files\Common Files\LightScribe
2008-11-03 09:22 ——— d—–w c:\program files\LimeWire
2008-11-01 00:53 ——— d—–w c:\program files\McAfee
2008-10-22 10:31 ——— d—–w c:\program files\Microsoft Silverlight
2008-10-16 05:38 ——— d—–w c:\program files\Windows Mail
2008-10-13 17:06 ——— d—–w c:\programdata\DVD Shrink
2008-10-11 04:36 ——— d—–w c:\programdata\McAfee
2008-10-02 01:32 ——— d—–w c:\programdata\SiteAdvisor
2008-09-28 17:03 ——— d–h–w c:\program files\InstallShield Installation Information
2008-09-28 16:55 ——— d—–w c:\program files\Common Files\Adobe
2008-09-28 16:53 20,640 ——w c:\windows\system32\drivers\PxHelp20.sys
2008-09-28 16:53 109,568 ——w c:\windows\System32\pxinsi64.exe
2008-09-28 16:53 108,544 ——w c:\windows\System32\pxcpyi64.exe
2008-09-28 16:19 ——— d—–w c:\users\Kirsten\AppData\Roaming\TomTom
2008-09-28 16:19 ——— d—–w c:\programdata\TomTom
2008-09-28 16:19 ——— d—–w c:\program files\TomTom HOME 2
2008-09-28 16:18 ——— d—–w c:\program files\TomTom HOME
2008-09-28 16:14 ——— d—–w c:\program files\TomTom DesktopSuite
2008-09-17 06:14 ——— d—–w c:\program files\CoffeeCup Software
2008-09-16 21:03 319,456 —-a-w c:\windows\DIFxAPI.dll
2008-09-16 21:03 315,392 —-a-w c:\windows\HideWin.exe
2008-09-16 21:03 ——— d—–w c:\program files\Realtek
2008-08-10 18:29 174 –sha-w c:\program files\desktop.ini
2008-08-10 17:37 82,432 —-a-w c:\windows\System32\axaltocm.dll
2008-08-10 17:37 101,888 —-a-w c:\windows\System32\ifxcardm.dll
2008-07-14 08:55 308,600 —-a-w c:\users\All Users\NortonProtectionMemo.exe
2008-07-14 08:55 308,600 —-a-w c:\programdata\NortonProtectionMemo.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-10_12.14.02,84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-10 08:36:08 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-10 14:05:25 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-10 08:36:08 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-10 14:05:25 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-10 08:38:00 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 14:06:37 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 14:06:37 262,144 —ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-10 08:37:24 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 14:07:16 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 14:07:16 262,144 —ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-10 08:38:51 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-10 14:08:03 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-10 08:38:51 81,920 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-10 14:08:03 81,920 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-10 08:38:51 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-10 14:08:03 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-10 11:02:24 5,214 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\0394E569A53F319730D48EB1EEE6A76CC1D4066B\0394E569A53F319730D48EB1EEE6A76CC1D4066B\Data.dat
+ 2008-11-10 13:29:21 5,214 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\0394E569A53F319730D48EB1EEE6A76CC1D4066B\0394E569A53F319730D48EB1EEE6A76CC1D4066B\Data.dat
+ 2008-11-10 13:36:06 5,772 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1F312D887BCB5BE9B2384379AA9BE85CE5CA29CC\1F312D887BCB5BE9B2384379AA9BE85CE5CA29CC\Data.dat
+ 2008-11-10 13:53:52 5,776 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A4660611841BEB21D03A06027460DF767B59EEA\3A4660611841BEB21D03A06027460DF767B59EEA\Data.dat
+ 2008-11-10 13:38:59 5,754 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\9E127F040F679B189F373FFF339BB88D9FE5C5B7\9E127F040F679B189F373FFF339BB88D9FE5C5B7\Data.dat
- 2008-11-10 10:21:31 3,352 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B299C9DE9469FB5AE8BB4B4EE0C2ACAB4C81BFC0\B299C9DE9469FB5AE8BB4B4EE0C2ACAB4C81BFC0\Data.dat
+ 2008-11-10 14:42:53 3,352 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B299C9DE9469FB5AE8BB4B4EE0C2ACAB4C81BFC0\B299C9DE9469FB5AE8BB4B4EE0C2ACAB4C81BFC0\Data.dat
- 2008-11-10 09:37:08 5,408 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\2154427B84548325DEA82C3D4AF0BB28869C3408\Data.dat
+ 2008-11-10 13:55:35 5,408 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\2154427B84548325DEA82C3D4AF0BB28869C3408\Data.dat
- 2008-11-10 09:37:07 5,400 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\Data.dat
+ 2008-11-10 13:55:34 5,400 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\Data.dat
+ 2008-11-10 14:42:58 5,158 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DCE9DBE7497AF2DBA97A85B9A1FF5284527D4212\DCE9DBE7497AF2DBA97A85B9A1FF5284527D4212\Data.dat
+ 2008-11-10 13:55:39 5,124 —-a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FED57711AF7AF79A47AFFEE1D922EAEC659742E6\FED57711AF7AF79A47AFFEE1D922EAEC659742E6\Data.dat
- 2008-11-10 11:10:22 262,144 —-a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-10 14:45:38 262,144 —-a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-10 14:45:38 262,144 —ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-11-10 08:38:24 8,406 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3321829806-3849862792-602293582-1000_UserData.bin
+ 2008-11-10 14:07:37 8,422 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3321829806-3849862792-602293582-1000_UserData.bin
- 2008-11-10 08:38:24 64,586 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 14:07:36 64,672 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-10 08:38:21 50,434 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 14:07:35 50,710 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-10 11:00:36 253,488 —-a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-10 13:27:07 253,504 —-a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
– Snapshot teruggezet naar huidige datum –
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“Power2GoExpress”=“c:\program files\CyberLink\Power2Go\Power2GoExpress.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\HOMERunner.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“hpsysdrv”=“c:\hp\support\hpsysdrv.exe”
“KBD”=“c:\hp\KBD\KbdStub.EXE”
“OsdMaestro”=“c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe”
“SunJavaUpdateReg”=“c:\windows\system32\jureg.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“NvSvc”=“c:\windows\system32\nvsvc.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“Corel File Shell Monitor”=“c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe”
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“EnableUIADesktopToggle”= 0 (0x0)
“msacm.l3codecp”= l3codecp.acm
“msacm.clmp3enc”= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“EnableFirewall”= 0 (0x0)
“{8FD52694-38A8-4F95-9220-2F8BB211906D}”= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
“{BC82572D-5315-4DC6-81B7-B5F1EE8FF797}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{84939B9B-DBCA-447D-B757-0060E556648E}”= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
“{FC046C17-7D8A-47DC-BD4A-E77B65B569A6}”= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
“{E466595A-5137-46CD-B068-E7E0EFA6EC1E}”= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{C21811D8-F131-460C-910B-CD17F436DFA6}”= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{0B7751F8-42FA-4B76-AB9A-B716BCC059A4}”= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{07AA9F2B-76DA-4494-AAC8-EF4ED6B80E36}”= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{EE95C6DA-2A4E-4CE3-B5BA-EA0AC946F7AC}”= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“{4C174E7F-852F-497F-8FFC-A997FB25BF7A}”= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“{0205178C-B9CE-4676-92D8-11B53D0D3BE8}”= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
“{074F961A-07A0-49C1-838B-13E11853D043}”= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
“{788CF0CD-369D-4114-BA02-065377D2B780}”= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
“{8EB354F0-3F22-43EA-A8F6-60AC3B2C36C2}”= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
“{CDB0CE1C-4FDA-4E38-9E76-D0B29D66C428}”= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
“{72E6F693-6028-4696-BAE6-476053965E93}”= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
“{22D78116-9534-421D-91F5-06E40C7DDB93}”= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
“EnableFirewall”= 0 (0x0)
“EnableFirewall”= 0 (0x0)
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
\shell\AutoRun\command - K:\InstallTomTomHOME.exe
“c:\program files\Common Files\LightScribe\LSRunOnce.exe”
.
Inhoud van de ‘Gedeelde Taken’ map
2008-08-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2008-08-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2008-11-10 c:\windows\Tasks\User_Feed_Synchronization-{3831BC80-FDD8-4E63-A083-566004BED220}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
R0 -: HKCU-Main,Start Page = hxxp://www.startpagina.nl/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
O8 -: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 -: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab
c:\windows\Downloaded Program Files\uploadtoepassing.inf
c:\windows\System32\unicows.dll
c:\windows\Downloaded Program Files\uploadtoepassing.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 15:48:40
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
PROCES: c:\windows\Explorer.exe
-> c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Voltooingstijd: 2008-11-10 15:51:03
ComboFix-quarantined-files.txt 2008-11-10 14:49:58
ComboFix2.txt 2008-11-10 11:15:59
Pre-Run: 174.015.320.064 bytes beschikbaar
Post-Run: 173,982,957,568 bytes beschikbaar
243 — E O F — 2008-11-09 14:50:27
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
volgens mij hoef ik verder niets meer te doen want het probleem is opgelost!! Sinds ik gedaan hebt wat jij zei heb ik geen ongewenste site meer in m'n browser gehad!!!!! 
