antispyware soft HELP!

huib73 · 12 mei 2010

Hallo hierbij de loogfile van combofix en verder de HJT log:

ComboFix 10-05-11.06 - neu 12-05-2010 15:06:17.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.451 [GMT 2:00]

Running from: c:\users\neu\Desktop\ComboFix.exe

Command switches used :: c:\users\neu\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\CE18B60C5C.sys"

"c:\windows\system32\drivers\kgpcpy.cfg"

"c:\windows\system32\tmL-0tY.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\CE18B60C5C.sys

c:\windows\system32\drivers\kgpcpy.cfg

c:\windows\system32\tmL-0tY.exe

.

((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))

.

2010-05-12 08:35 . 2010-05-12 08:35 -------- d-----w- c:\windows\LastGood

2010-05-10 23:54 . 2010-04-08 00:50 43008 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-05-10 23:54 . 2010-04-08 00:50 338944 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-05-10 23:54 . 2010-04-08 00:50 1496064 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-05-10 23:54 . 2010-04-08 00:50 346112 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-05-10 23:02 . 2010-05-10 23:02 -------- d-----w- c:\program files\EasyCapture

2010-05-10 20:37 . 2010-05-10 20:37 -------- d-----w- c:\users\neu\Application Data\Malwarebytes

2010-05-10 20:36 . 2010-05-10 20:36 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes

2010-05-10 20:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-10 20:36 . 2010-05-10 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-10 20:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-09 08:38 . 2010-05-09 08:38 388096 ----a-r- c:\users\neu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-09 08:38 . 2010-05-09 08:38 -------- d-----w- c:\program files\Trend Micro

2010-05-09 07:50 . 2010-05-09 16:12 -------- d-----w- c:\users\NetworkService\Local Settings\Application Data\sejsrbtgt

2010-05-09 07:49 . 2010-05-09 07:49 -------- d-----w- c:\users\NetworkService\Local Settings\Application Data\Adobe

2010-05-08 18:02 . 2010-05-08 18:02 -------- d-----w- c:\users\All Users\Application Data\SITEguard

2010-05-08 17:56 . 2010-05-08 17:56 -------- d-----w- c:\program files\Common Files\iS3

2010-05-08 17:56 . 2010-05-10 23:19 -------- d-----w- c:\users\All Users\Application Data\STOPzilla!

2010-05-08 13:17 . 2010-05-08 13:17 -------- d-----w- c:\users\neu\Local Settings\Application Data\WinZip

2010-05-08 10:29 . 2010-05-08 10:57 -------- d-----w- c:\program files\SpywareBlaster

2010-05-08 10:04 . 2010-05-08 10:04 -------- d-----w- c:\users\neu\Local Settings\Application Data\Threat Expert

2010-05-08 09:56 . 2010-05-08 17:35 -------- d-----w- c:\program files\Spyware Doctor

2010-05-08 09:56 . 2010-05-09 06:59 -------- d---a-w- c:\users\All Users\Application Data\TEMP

2010-05-08 09:04 . 2010-05-08 09:04 -------- d-sh--w- c:\users\NetworkService\IETldCache

2010-05-08 09:04 . 2010-05-08 09:04 -------- d-sh--w- c:\users\\NetworkService\IETldCache

2010-05-08 08:59 . 2010-05-09 06:49 -------- d-----w- c:\users\neu\Local Settings\Application Data\xiqbdksvx

2010-05-08 08:59 . 2010-05-08 17:35 -------- d-----w- c:\users\neu\Local Settings\Application Data\sihbdtsfy

2010-04-26 19:50 . 2010-05-03 19:13 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-04-26 19:12 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-04-26 19:11 . 2010-04-26 19:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-04-26 18:50 . 2010-04-26 18:50 -------- dc-h--w- c:\users\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-04-26 18:50 . 2010-02-04 15:53 2954656 -c--a-w- c:\users\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-04-26 18:48 . 2010-04-26 19:11 -------- d-----w- c:\users\All Users\Application Data\Lavasoft

2010-04-26 18:48 . 2010-04-26 18:50 -------- d-----w- c:\program files\Lavasoft

2010-04-21 07:47 . 2010-04-21 07:47 242696 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-04-21 07:45 . 2010-04-21 07:45 1689952 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgupd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-12 09:05 . 2010-01-23 12:15 -------- d-----w- c:\program files\Dl_cats

2010-05-12 09:04 . 2010-01-23 12:11 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint

2010-05-10 23:34 . 2010-02-14 08:33 -------- d-----w- c:\users\neu\Application Data\vlc

2010-05-09 07:49 . 2009-08-14 13:58 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-08 20:05 . 2009-12-20 12:40 -------- d-----w- c:\users\neu\Application Data\Skype

2010-05-08 17:36 . 2009-12-20 12:42 -------- d-----w- c:\users\neu\Application Data\skypePM

2010-05-08 17:23 . 2009-07-30 19:50 -------- d-----w- c:\users\neu\Application Data\BitTorrent

2010-05-07 10:16 . 2010-02-15 16:41 -------- d-----w- c:\users\Martine\Application Data\vlc

2010-04-26 17:58 . 2009-11-02 13:57 41800 ---ha-w- c:\windows\system32\mlfcache.dat

2010-04-21 07:46 . 2009-07-13 17:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-18 19:09 . 2009-10-16 04:29 -------- d-----w- c:\users\neu\Application Data\U3

2010-04-06 08:44 . 2010-03-17 18:05 -------- d-----w- c:\program files\Sony Ericsson

2010-04-06 08:44 . 2010-01-31 09:33 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-06 08:43 . 2010-03-17 18:05 -------- d-----w- c:\program files\Avanquest update

2010-04-04 18:31 . 2009-12-06 11:25 -------- d-----w- c:\users\Martine\Application Data\PC Suite

2010-04-04 12:25 . 2010-04-04 12:25 -------- d-----w- c:\users\neu\Application Data\Nokia Ovi Suite

2010-04-04 12:25 . 2009-12-04 20:06 -------- d-----w- c:\users\neu\Application Data\Nokia

2010-04-04 09:03 . 2009-12-04 19:37 -------- d-----w- c:\users\All Users\Application Data\Installations

2010-04-04 09:03 . 2009-12-04 20:04 -------- d-----w- c:\program files\Nokia

2010-04-04 09:02 . 2010-04-04 09:02 3351812 ----a-w- c:\users\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe

2010-04-04 09:02 . 2010-04-04 09:02 36864 ----a-w- c:\users\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe

2010-04-04 09:02 . 2010-04-04 09:02 3203453 ----a-w- c:\users\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe

2010-04-04 09:02 . 2010-04-04 09:03 34661272 ----a-w- c:\users\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_2.4.6NP.exe

2010-04-04 08:33 . 2009-12-16 17:47 -------- d-----w- c:\users\All Users\Application Data\OviInstallerCache

2010-04-04 08:28 . 2009-12-04 20:23 -------- d-----w- c:\program files\Common Files\Nokia

2010-04-04 08:26 . 2010-04-04 08:26 -------- d-----w- c:\program files\PC Connectivity Solution

2010-04-04 08:25 . 2010-04-04 08:25 77824 ----a-w- c:\users\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-04-04 08:25 . 2010-04-04 08:25 50000 ----a-w- c:\users\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe

2010-03-28 14:01 . 2009-10-20 13:00 -------- d-----w- c:\users\Martine\Application Data\Belastingdienst

2010-03-23 21:42 . 2010-03-08 05:41 -------- d-----w- c:\users\neu\Application Data\dvdcss

2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\users\All Users\Application Data\BVRP Software

2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\users\All Users\Application Data\Sony Ericsson

2010-03-17 18:04 . 2010-03-17 18:04 -------- d-----w- c:\users\neu\Application Data\InstallShield

2010-03-17 05:39 . 2009-08-21 14:03 -------- d-----w- c:\users\Martine\Application Data\BitTorrent

2010-03-15 18:36 . 2010-03-15 18:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-15 18:36 . 2009-07-13 19:47 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-15 18:30 . 2009-07-13 17:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 07:17 . 2010-04-04 08:25 64164264 ----a-w- c:\users\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\NokiaOviSuite2Installer.exe

2010-03-11 07:17 . 2009-12-17 15:16 64164264 ----a-w- c:\users\neu\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe

2010-03-10 06:15 . 2007-09-23 21:23 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2007-09-23 21:25 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2007-09-23 21:32 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-23 12:58 . 2009-07-13 19:07 47808 ----a-w- c:\users\Martine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-22 18:31 . 2009-07-13 19:49 47808 ----a-w- c:\users\neu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-17 07:10 . 2007-09-23 21:35 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2007-02-28 01:15 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 10:03 . 2010-03-05 23:01 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-12 04:33 . 2007-09-23 21:33 100864 ----a-w- c:\windows\system32\6to4svc.dll

2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2010-01-24 15:02 . 2010-01-24 07:46 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-05-12_08.30.25 )))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352]

"TopDesk"="c:\windows\System32\topdesk.exe" [2007-06-20 1912832]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]

"Google Update"="c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-13 133104]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720]

"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-08-06 1230848]

"VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352]

"TopDesk"="c:\windows\System32\topdesk.exe" [2007-06-20 1912832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"ProfileFolderName"="hc" [X]

"CheckUpdates"="wuauclt" [X]

"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\NovaLogic\\Delta Force Task Force Dagger\\Update.exe"=

"c:\\Program Files\\NovaLogic\\Delta Force Task Force Dagger\\DFTFD.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26-4-2010 21:12 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13-7-2009 19:35 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13-7-2009 19:35 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15-3-2010 20:36 308064]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 17:52 1285864]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27-8-2009 17:05 92008]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6-4-2010 10:44 27632]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 21:49 135664]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6-4-2010 10:44 90112]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [4-11-2006 3:19 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-04 00:07 11776 ----a-r- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-04 00:07 11776 ----a-r- c:\program files\Windows Sidebar\regsvr32.exe

.

Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:12]

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:49]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:49]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1001Core.job

- c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:39]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1001UA.job

- c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:39]

2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{7D778ED9-B444-4554-BF21-4B9AE0A800A4}.job

- c:\windows\system32\msfeedssync.exe [2007-09-23 02:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://vliegvissen.startpagina.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: {76F4369B-A666-4287-B733-5E57F57F93F5} = 213.191.74.11 213.191.92.82

DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://vliegvissen.startpagina.nl/prikbord/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=nl&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{127d6e99-a34f-39ba-eb0f-a3f76fd9b718}\components\tfvOw-8kok.dll

FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\neu\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-05-12 15:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\(–€|ÿÿÿÿg•€|é•A~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Completion time: 2010-05-12 15:14:13

ComboFix-quarantined-files.txt 2010-05-12 13:14

ComboFix2.txt 2010-05-12 08:32

Pre-Run: 13.650.399.232 bytes free

Post-Run: 13.633.306.624 bytes free

- - End Of File - - EABBDB7D529CFB3A17A827AC162DB2E7

en de HJK:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:28:23, on 12-5-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\WINDOWS\System32\visualtasktips.exe

C:\WINDOWS\System32\topdesk.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.7-delta.exe

c:\dcf1e57d7a90f5e650aea37383\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = vliegvissen.startpagina.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"

O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe

O4 - HKCU\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{76F4369B-A666-4287-B733-5E57F57F93F5}: NameServer = 213.191.74.11 213.191.92.82

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 10086 bytes

kape · 12 mei 2010

Logjes zien er goed uit Nog merkbare problemen nu ?

huib73 · 12 mei 2010

nee gaat tot nu toe weer goed. geen pop ups meer ook , das wel weer fijn tijdens het surfen!

Erg bedankt!

Jean-Pierre · 12 mei 2010

Heb uw topic even terug geopend daar er nog het een en ander moet opgeruimd worden.

Kape zal u zeker door de te nemen stappen lijden.;-)

huib73 · 12 mei 2010

dank u!

kape · 12 mei 2010

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner. en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

huib73 · 12 mei 2010

dank jullie allen voor deze TOP service, mn peeceetje snort er weer tevreden overheen!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:50:14, on 12-5-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\WINDOWS\System32\visualtasktips.exe

C:\WINDOWS\System32\topdesk.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = vliegvissen.startpagina.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl