Babylon-search

ComboFix 11-06-19.0r1 - Nicoline 20-06-2011 16:57:55.1.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2047.992

Gestart vanuit: c:\users\Nicoline\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\security\Database\tmp.edb

F:\Autorun.inf

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-20 to 2011-06-20 ))))))))))))))))))))))))))))))

2011-06-20 15:12 . 2011-06-20 15:12 ——– d—–w- c:\users\Default\AppData\Local\temp

2011-06-20 15:12 . 2011-06-20 15:13 ——– d—–w- c:\users\Nicoline\AppData\Local\temp

2011-06-20 14:13 . 2011-06-20 14:13 ——– d—–w- c:\users\Nicoline\AppData\Local\{09AD0650-2AF1-4E14-8D46-1CE4A92110A6}

2011-06-19 12:07 . 2011-05-09 20:46 6962000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8143F18A-E959-4808-980A-4D8EA5083F3D}\mpengine.dll

2011-06-19 11:30 . 2011-06-19 11:30 ——– d—–w- c:\users\Nicoline\AppData\Local\{F55CD168-BCA0-418E-8924-A84C1E4835C8}

2011-06-19 11:04 . 2011-06-19 11:04 ——– d—–w- c:\program files\Apple Software Update(16)

2011-06-19 09:02 . 2011-06-19 09:02 ——– d—–w- c:\users\Nicoline\AppData\Local\{85144123-FF0C-4099-9BA8-0C574510780B}

2011-06-19 08:00 . 2011-06-19 08:00 ——– d—–w- c:\users\Nicoline\AppData\Local\{1A6FB119-B470-46E1-8CF9-A67453310F0F}

2011-06-18 21:36 . 2011-06-18 21:37 ——– d—–w- c:\users\Nicoline\AppData\Local\{820E956D-80B2-4A95-88AA-C56ACA263A33}

2011-06-18 09:36 . 2011-06-18 09:36 ——– d—–w- c:\users\Nicoline\AppData\Local\{A3D08C3B-9E9E-461F-A67F-35E1D9698F2A}

2011-06-17 13:50 . 2011-06-17 13:50 ——– d—–w- c:\users\Nicoline\AppData\Local\{4C88478D-73A3-4C02-BEF5-18474D90433C}

2011-06-16 18:51 . 2011-06-16 18:53 ——– d—–w- c:\users\Nicoline\AppData\Local\{66B3F7D6-6B95-4833-A76A-F382FBAA7945}

2011-06-16 14:17 . 2011-04-21 13:58 273408 —-a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 14:17 . 2010-12-20 16:35 563712 —-a-w- c:\windows\system32\oleaut32.dll

2011-06-16 14:17 . 2011-04-29 13:24 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 14:17 . 2011-04-29 13:24 79872 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 14:17 . 2011-04-29 13:24 106496 —-a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 14:17 . 2011-05-02 12:02 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-16 06:21 . 2011-06-16 06:21 ——– d—–w- c:\users\Nicoline\AppData\Local\{5D952C9C-9793-4185-A343-A12834F4CB2C}

2011-06-15 09:53 . 2011-06-15 09:53 ——– d—–w- c:\users\Nicoline\AppData\Local\{D42765A8-60FE-4237-A01B-3303E17FD6F7}

2011-06-14 20:58 . 2011-06-14 20:58 ——– d—–w- c:\users\Nicoline\AppData\Local\{2A700758-33D0-4093-8C57-F48002D40006}

2011-06-14 08:57 . 2011-06-14 08:57 ——– d—–w- c:\users\Nicoline\AppData\Local\{F77A7728-93F6-4ACE-80A5-DD92973BBF97}

2011-06-13 20:56 . 2011-06-13 20:57 ——– d—–w- c:\users\Nicoline\AppData\Local\{731C7C9F-BBC3-4A9F-A23D-8EAF236AE11C}

2011-06-13 08:46 . 2011-06-13 08:47 ——– d—–w- c:\users\Nicoline\AppData\Local\{114A9AA4-D1C7-4EA1-BCB0-3AB995C7284A}

2011-06-12 20:07 . 2011-06-12 20:08 ——– d—–w- c:\users\Nicoline\AppData\Local\{6DADEB7B-11D5-4313-9E26-470F336A84AE}

2011-06-12 07:51 . 2011-06-12 07:52 ——– d—–w- c:\users\Nicoline\AppData\Local\{80BDD664-3A71-4109-B978-32067567D123}

2011-06-11 19:51 . 2011-06-11 19:51 ——– d—–w- c:\users\Nicoline\AppData\Local\{BE4325AF-70EA-42FF-BFD6-5294B749E2E3}

2011-06-11 07:19 . 2011-06-11 07:19 ——– d—–w- c:\users\Nicoline\AppData\Local\{A1F9A551-717C-4E5C-8567-362548B7DE68}

2011-06-10 12:31 . 2011-06-19 11:21 ——– d—–w- c:\program files\iPod

2011-06-10 11:59 . 2011-06-10 11:59 ——– d—–w- c:\users\Nicoline\AppData\Local\{61F0D5E5-261F-479A-81FC-8E4228B61D02}

2011-06-09 20:58 . 2011-06-09 20:59 ——– d—–w- c:\users\Nicoline\AppData\Local\{9E4E5C7D-D8DA-45D3-9554-1BB5CB72BF6B}

2011-06-09 07:51 . 2011-06-09 07:51 ——– d—–w- c:\users\Nicoline\AppData\Local\{4F83743D-95CE-4A64-B5CF-1E278DAED10E}

2011-06-08 14:17 . 2011-06-08 14:17 ——– d—–w- c:\users\Nicoline\AppData\Local\{067C6FC3-0D26-41E7-8569-E38C5A1AAA12}

2011-06-07 20:54 . 2011-06-07 20:56 ——– d—–w- c:\users\Nicoline\AppData\Local\{B83E92DA-3631-4629-9EB2-C4889905342B}

2011-06-07 10:35 . 2011-06-07 10:35 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 10:35 . 2011-06-07 10:35 103864 —-a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-06-07 07:59 . 2011-06-07 07:59 ——– d—–w- c:\users\Nicoline\AppData\Local\{77F915F1-6216-4ACD-8F66-E3701FF87DEE}

2011-06-06 14:57 . 2011-06-06 15:05 ——– d—–w- C:\RD4B335D2AF9F44185AFC417F8D8D4B473DR

2011-06-06 14:15 . 2011-06-06 14:16 ——– d—–w- c:\users\Nicoline\AppData\Local\{F03C1046-7149-4386-93F1-002A3D7DCC43}

2011-06-05 20:37 . 2011-06-05 20:38 ——– d—–w- c:\users\Nicoline\AppData\Local\{6DF73D48-83F0-478D-AED7-B1AE16816F2F}

2011-06-05 08:36 . 2011-06-05 08:36 ——– d—–w- c:\users\Nicoline\AppData\Local\{D73582E5-759F-4E26-9962-EEC39AF9EF36}

2011-06-04 10:06 . 2011-06-04 10:07 ——– d—–w- c:\users\Nicoline\AppData\Local\{15C28E6F-11DB-45B1-8967-C4FE5E6973E9}

2011-06-03 22:05 . 2011-06-03 22:06 ——– d—–w- c:\users\Nicoline\AppData\Local\{AB34A42B-A443-4C43-817F-29157A99F2F5}

2011-06-03 20:23 . 2011-06-20 14:13 ——– d—–r- c:\users\Nicoline\Dropbox

2011-06-03 20:21 . 2011-06-20 14:13 ——– d—–w- c:\users\Nicoline\AppData\Roaming\Dropbox

2011-06-03 08:54 . 2011-06-03 08:54 ——– d—–w- c:\users\Nicoline\AppData\Local\{DA206B19-07C7-41A4-9270-445AAB325447}

2011-06-03 06:15 . 2011-06-17 13:49 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 20:52 . 2011-06-02 20:53 ——– d—–w- c:\users\Nicoline\AppData\Local\{26D75C12-5763-4594-B9E4-8068EFDD74B3}

2011-06-02 08:34 . 2011-06-02 08:34 ——– d—–w- c:\users\Nicoline\AppData\Local\{8A05C1C0-9231-4CCF-BA1D-3C0995608C5A}

2011-06-01 11:45 . 2011-06-01 11:45 ——– d—–w- c:\users\Nicoline\AppData\Local\{AAFF26D6-260D-4F8D-A4EA-220790B725E9}

2011-05-31 20:00 . 2011-05-31 20:01 ——– d—–w- c:\users\Nicoline\AppData\Local\{C51E9D3A-7DD4-441B-B7F5-A1388E6D8B65}

2011-05-31 07:58 . 2011-05-31 07:59 ——– d—–w- c:\users\Nicoline\AppData\Local\{1AEDA27D-2656-4E69-87C5-091641C1121F}

2011-05-30 13:51 . 2011-05-30 13:51 ——– d—–w- c:\users\Nicoline\AppData\Local\{FD8904C4-9E17-4A07-BB1C-59273CC45D94}

2011-05-29 21:12 . 2011-05-29 21:13 ——– d—–w- c:\users\Nicoline\AppData\Local\{F216D537-AEB4-412E-9E05-470657CD42D8}

2011-05-29 08:54 . 2011-05-29 08:54 ——– d—–w- c:\users\Nicoline\AppData\Local\{715C7746-384C-45CC-A7CA-824B6BF9666E}

2011-05-28 20:52 . 2011-05-28 20:53 ——– d—–w- c:\users\Nicoline\AppData\Local\{7135C05C-5927-464A-A41E-50B05378F35A}

2011-05-28 08:25 . 2011-05-28 08:25 ——– d—–w- c:\users\Nicoline\AppData\Local\{F5C489EE-678C-4C7A-B128-E2D609E29AF0}

2011-05-27 13:50 . 2011-05-27 13:50 ——– d—–w- c:\users\Nicoline\AppData\Local\{2A9F2F65-8241-4413-916C-5F4E6482F690}

2011-05-26 21:09 . 2011-05-26 21:10 ——– d—–w- c:\users\Nicoline\AppData\Local\{67BDA7B4-7271-4A57-BBBA-720F6DD67E41}

2011-05-26 08:29 . 2011-05-26 08:29 ——– d—–w- c:\users\Nicoline\AppData\Local\{7590DF7A-0A16-4C36-972B-E67A1920D601}

2011-05-25 11:31 . 2011-05-25 11:32 ——– d—–w- c:\users\Nicoline\AppData\Local\{3C6086B9-B826-4557-8CCC-44E02E352FB3}

2011-05-24 20:14 . 2011-05-24 20:14 ——– d—–w- c:\users\Nicoline\AppData\Local\{3E1510DA-1C16-4B9F-AF63-0C6FAE14A0F0}

2011-05-24 08:14 . 2011-05-24 08:14 ——– d—–w- c:\users\Nicoline\AppData\Local\{EB63DCC9-21B8-4B66-83B9-86D8515709E2}

2011-05-23 13:53 . 2011-05-23 13:53 ——– d—–w- c:\users\Nicoline\AppData\Local\{68F2997E-457C-4BEE-AD0B-F6E52420CF33}

2011-05-21 19:56 . 2011-05-21 19:56 ——– d—–w- c:\users\Nicoline\AppData\Local\{E179CC4E-9F7E-4CF5-8BB1-46F624BEC84C}

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-29 07:11 . 2009-08-19 18:08 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2009-08-19 18:08 22712 —-a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 17:14 . 2009-10-03 10:18 222080 ——w- c:\windows\system32\MpSigStub.exe

2011-05-10 06:06 . 2011-05-10 06:06 4517664 —-a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 06:06 . 2011-05-10 06:06 42496 —-a-w- c:\windows\system32\drivers\usbaapl.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 —-a-w- c:\windows\system32\GPhotos.scr

2011-04-06 14:20 . 2011-04-06 14:20 91424 —-a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 —-a-w- c:\windows\system32\dns-sd.exe

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”

2011-02-18 05:12 94208 —-a-w- c:\users\Nicoline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”

2011-02-18 05:12 94208 —-a-w- c:\users\Nicoline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”

2011-02-18 05:12 94208 —-a-w- c:\users\Nicoline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

“ISUSPM”=“c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe”

“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”

“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”

“RoboForm”=“c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”

“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”

“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe”

“vptray”=“c:\progra~1\SYMANT~1\VPTray.exe”

“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”

“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”

“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe”

“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe”

“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe”

“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”

“CanonSolutionMenu”=“c:\program files\Canon\SolutionMenu\CNSLMAIN.exe”

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”

“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”

“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”

“Malwarebytes' Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”

“Windows Mobile-based device management”=“c:\windows\WindowsMobile\wmdcBase.exe”

“ST Recovery Launcher”=“c:\windows\SMINST\launcher.exe”

c:\users\Nicoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Nicoline\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Philips SA30XX Device Manager.lnk - c:\philips\SA30xx Device Manager\SA30XX_DeviceManager.exe

VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico

“EnableUIADesktopToggle”= 0 (0x0)

@=“Service”

@=“Driver”

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnk.CommonStartup

backupExtension=.CommonStartup

2008-10-09 05:58 75008 —-a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

2008-12-08 13:50 54576 —-a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe

2007-04-19 12:26 484904 —-a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

2007-01-09 14:52 145184 —-a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

2007-11-06 14:34 177456 —-a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

2007-02-21 13:14 1183744 —-a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

2006-11-10 11:35 90112 —-a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

2007-03-14 02:43 83608 —-a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

2008-03-28 00:05 1045800 —-a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

“DisableMonitoring”=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe

R2 gupdate1c9d627717ec666;Google Updateservice (gupdate1c9d627717ec666);c:\program files\Google\Update\GoogleUpdate.exe

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

2007-04-19 12:23 452136 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

Inhoud van de ‘Gedeelde Taken’ map

2011-06-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe

2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961513983-1757737322-282921343-1006Core.job

- c:\users\Nicoline\AppData\Local\Google\Update\GoogleUpdate.exe

2011-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961513983-1757737322-282921343-1006UA.job

- c:\users\Nicoline\AppData\Local\Google\Update\GoogleUpdate.exe

2011-06-20 c:\windows\Tasks\User_Feed_Synchronization-{F0B86E33-A88E-4C22-879A-55A6B383863C}.job

- c:\windows\system32\msfeedssync.exe

——- Bijkomende Scan ——-

uStart Page = hxxp://www.telegraaf.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Nicoline\AppData\Roaming\Mozilla\Firefox\Profiles\8j9yegz4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/|https://mail.google.com/mail/?shva=1#inbox|http://twitter.com/home|http://www.lockerz.com/myLocker

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-PDF Complete - c:\program files\PDF Complete\pdfsty.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-20 17:13

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

c:\users\Nicoline\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

——————— VERGRENDELDE REGISTER SLEUTELS ———————

“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

“MSCurrentCountry”=dword:000000b5

Voltooingstijd: 2011-06-20 17:23:31

ComboFix-quarantined-files.txt 2011-06-20 15:23

Pre-Run: 61.436.612.608 bytes beschikbaar

Post-Run: 61.408.387.072 bytes beschikbaar

- - End Of File - - FFF396EDAEA294D02D5075F0F5FEB25C

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:29:52, on 20-06-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SMINST\scheduler.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Users\Nicoline\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM\..\Run: C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray

O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript

O4 - HKLM\..\Run: %WINDIR%\WindowsMobile\wmdcBase.exe

O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background

O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”

O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”

O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Dropbox.lnk = C:\Users\Nicoline\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Philips SA30XX Device Manager.lnk = C:\Philips\SA30xx Device Manager\SA30XX_DeviceManager.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra ‘Tools’ menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe

O23 - Service: Google Updateservice (gupdate1c9d627717ec666) (gupdate1c9d627717ec666) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

–

End of file - 13896 bytes

en dat is 2

martine1312

fazantje

martine1312

fazantje

martine1312

fazantje

martine1312

fazantje