freco1

geen verdere aanwijzingen van malware, bedankt voor de moeite!

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5512 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 13/01/2011 17:10:41 mbam-log-2011-01-13 (17-10-41).txt Scantype: Snelle scan Objecten gescand: 198875 Verstreken tijd: 4 minuut/minuten, 17 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\WINDOWS\system32\drivers\sisnpf.sys (Backdoor.Agent) -> Quarantined and deleted successfully. c:\documents and settings\van de keere dieter.priv-siau0yng8a\bureaublad\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:54, on 13/01/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CNAC3RPK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xn--roxy-uqa.skynet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [updateReminder] C:\Program Files\Eset\UpdateReminder.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://didike77.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.sites.bipt.be/ant2/acgm/acgm.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 7321 bytes

Hierbij een logje gemaakt in veilige modus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:35, on 13/01/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xn--roxy-uqa.skynet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [updateReminder] C:\Program Files\Eset\UpdateReminder.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [hLbEp01804] C:\Documents and Settings\All Users.WINDOWS\Application Data\hLbEp01804\hLbEp01804.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://didike77.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.sites.bipt.be/ant2/acgm/acgm.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6395 bytes

geen meldingen meer gekregen. Bedankt voor je tijd!

Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversie: 4000 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/04/2010 10:04:46 mbam-log-2010-04-17 (10-04-46).txt Scantype: Snelle scan Objecten gescand: 149752 Verstreken tijd: 14 minuut/minuten, 1 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 2 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 6 Bestanden geïnfecteerd: 17 Geheugenprocessen geïnfecteerd: C:\WINDOWS\bill107.exe (Worm.KoobFace) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.1.0.17730 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.1.0.17730\bin (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temp\zpskon_1271429040.exe (Rogue.SecurityCentral) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\rdr_1271397103.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\rdr_1271397124.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\rdr_1271397133.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\bk20856.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temp\zpskon_1271333513.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temp\zpskon_1271338240.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temp\zpskon_1271421320.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Temp\zpskon_1271423579.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\WINDOWS\bill107.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\010112010146100109.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\010112010146114111.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\010112010146115119.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\Van De Keere Dieter.PRIV-SIAU0YNG8A\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:31:37, on 17/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CNAC3RPK.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Wireless LAN Utility\SiSCFG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xn--roxy-uqa.skynet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://didike77.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.sites.bipt.be/ant2/acgm/acgm.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6689 bytes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:10, on 16/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\windows\bill107.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CNAC3RPK.EXE C:\Program Files\Wireless LAN Utility\SiSCFG.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xn--roxy-uqa.skynet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe, O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sysfbtray] C:\windows\bill107.exe O4 - HKLM\..\Run: [systor64] C:\DOCUME~1\VANDEK~1.PRI\LOCALS~1\Temp\zpskon_1271405007.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Object\isamntr.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Object\pmsnrr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.13/cfweb_activex.camfrogweb.com-advanced-2.0.1.13_instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://didike77.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.sites.bipt.be/ant2/acgm/acgm.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 7557 bytes

ComboFix 09-10-20.03 - Dieter Van de Keere 22-10-2009 18:42.3.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.216 [GMT 2:00] Gestart vanuit: c:\documents and settings\Dieter Van de Keere\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Dieter Van de Keere\Bureaublad\CFScript.txt AV: NOD32 antivirus systeem 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\windows\system32\1DE17F314A.sys" "c:\windows\system32\4A317FE11D.sys" "c:\windows\system32\9DC.tmp" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\1DE17F314A.sys c:\windows\system32\4A317FE11D.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 (((((((((((((((((((( Bestanden Gemaakt van 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))) . 2009-10-20 17:16 . 2009-10-20 17:16 -------- d-----w- c:\documents and settings\Dieter Van de Keere\Application Data\Malwarebytes 2009-10-20 17:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-20 17:16 . 2009-10-20 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-20 17:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-20 17:16 . 2009-10-20 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-17 13:32 . 2009-10-17 13:32 -------- d-----w- c:\program files\Trend Micro 2009-09-30 23:04 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-30 23:02 . 2009-09-30 23:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-30 23:02 . 2009-09-30 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-22 10:10 . 2007-02-24 06:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-15 20:28 . 2004-09-14 07:38 92996 ----a-w- c:\windows\system32\perfc013.dat 2009-10-15 20:28 . 2004-09-14 07:38 513936 ----a-w- c:\windows\system32\perfh013.dat 2009-10-15 20:19 . 2009-04-27 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-15 20:15 . 2006-09-05 00:12 -------- d-----w- c:\program files\Microsoft Works 2009-09-30 23:02 . 2007-02-23 20:53 -------- d-----w- c:\program files\Lavasoft 2009-09-30 21:57 . 2007-02-28 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-30 21:57 . 2007-02-28 14:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-30 21:50 . 2007-02-28 14:28 -------- d-----w- c:\program files\SpywareBlaster 2009-09-29 23:55 . 2006-09-07 12:01 88144 ----a-w- c:\documents and settings\Dieter Van de Keere\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 14:20 . 2004-09-14 07:38 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2004-09-14 07:38 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2004-09-14 07:38 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2004-09-14 07:39 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-05 09:01 . 2004-09-14 07:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:29 . 2004-09-14 07:38 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:29 . 2004-08-03 23:58 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2008-11-14 12:57 . 2006-09-08 10:38 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-22_12.34.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-22 16:51 . 2009-10-22 16:51 16384 c:\windows\temp\Perflib_Perfdata_bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-12-24 921600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-03 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-27 185896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-5 7168] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-23 809488] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1-10-2009 1:04 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3-7-2009 16:49 1028432] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23-4-2009 18:35 10384] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 12:38 92008] S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [20-7-2007 21:34 227200] S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7-11-2006 5:32 46976] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [17-7-2009 20:17 544768] . Inhoud van de 'Gedeelde Taken' map 2009-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:04] 2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-30 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-10-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mWindow Title = Telenet Internet IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-22 18:51 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(904) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(2608) c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\combofix\CF21156.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\CNAC3RPK.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Dell Network Assistant\ezi_hnm2.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\windows\system32\wbem\unsecapp.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Voltooingstijd: 2009-10-22 19:05 - machine werd herstart ComboFix-quarantined-files.txt 2009-10-22 17:05 ComboFix2.txt 2009-10-22 13:59 ComboFix3.txt 2009-10-22 12:55 Pre-Run: 28.293.242.880 bytes beschikbaar Post-Run: 28.135.587.840 bytes beschikbaar - - End Of File - - A900AA0CC5C75BBD004F58CC76B406D8 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:20:54, on 22-10-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\CNAC3RPK.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177066498500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10980 bytes

ComboFix 09-10-20.03 - Dieter Van de Keere 22-10-2009 15:51.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.24 [GMT 2:00] Gestart vanuit: c:\documents and settings\Dieter Van de Keere\Bureaublad\ComboFix.exe AV: NOD32 antivirus systeem 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . (((((((((((((((((((( Bestanden Gemaakt van 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))) . 2009-10-20 17:16 . 2009-10-20 17:16 -------- d-----w- c:\documents and settings\Dieter Van de Keere\Application Data\Malwarebytes 2009-10-20 17:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-20 17:16 . 2009-10-20 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-20 17:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-20 17:16 . 2009-10-20 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-17 13:32 . 2009-10-17 13:32 -------- d-----w- c:\program files\Trend Micro 2009-09-30 23:04 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-30 23:02 . 2009-09-30 23:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-30 23:02 . 2009-09-30 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-22 10:10 . 2007-02-24 06:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-15 20:28 . 2004-09-14 07:38 92996 ----a-w- c:\windows\system32\perfc013.dat 2009-10-15 20:28 . 2004-09-14 07:38 513936 ----a-w- c:\windows\system32\perfh013.dat 2009-10-15 20:19 . 2009-04-27 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-15 20:15 . 2006-09-05 00:12 -------- d-----w- c:\program files\Microsoft Works 2009-09-30 23:02 . 2007-02-23 20:53 -------- d-----w- c:\program files\Lavasoft 2009-09-30 21:57 . 2007-02-28 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-30 21:57 . 2007-02-28 14:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-30 21:50 . 2007-02-28 14:28 -------- d-----w- c:\program files\SpywareBlaster 2009-09-29 23:55 . 2006-09-07 12:01 88144 ----a-w- c:\documents and settings\Dieter Van de Keere\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 14:20 . 2004-09-14 07:38 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2004-09-14 07:38 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2004-09-14 07:38 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2004-09-14 07:39 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-05 09:01 . 2004-09-14 07:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:29 . 2004-09-14 07:38 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:29 . 2004-08-03 23:58 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2008-11-08 16:54 . 2006-09-08 10:38 88 --sh--r- c:\windows\system32\1DE17F314A.sys 2008-11-14 12:57 . 2007-02-26 12:33 56 --sh--r- c:\windows\system32\4A317FE11D.sys 2008-11-14 12:57 . 2006-09-08 10:38 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-12-24 921600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-03 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-27 185896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-5 7168] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-23 809488] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1-10-2009 1:04 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3-7-2009 16:49 1028432] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23-4-2009 18:35 10384] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 12:38 92008] S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [20-7-2007 21:34 227200] S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7-11-2006 5:32 46976] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\9DC.tmp --> c:\windows\system32\9DC.tmp [?] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [17-7-2009 20:17 544768] . Inhoud van de 'Gedeelde Taken' map 2009-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:04] 2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-30 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-10-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mWindow Title = Telenet Internet IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-22 15:56 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\9DC.tmp" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(904) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(3492) c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Voltooingstijd: 2009-10-22 15:59 ComboFix-quarantined-files.txt 2009-10-22 13:59 ComboFix2.txt 2009-10-22 12:55 Pre-Run: 28.296.818.688 bytes beschikbaar Post-Run: 28.270.510.080 bytes beschikbaar - - End Of File - - 6FE946A1B048DD54A41A8E1DF3474A75

Mijn pc start zeer traag op ongeveer 7 minuten

Malwarebytes' Anti-Malware 1.41 Database versie: 2998 Windows 5.1.2600 Service Pack 3 20-10-2009 19:25:50 mbam-log-2009-10-20 (19-25-50).txt Scan type: Snelle Scan Objecten gescand: 101534 Verstreken tijd: 7 minute(s), 3 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 35 Registerwaarden geïnfecteerd: 3 Registerdata bestanden geïnfecteerd: 6 Mappen geïnfecteerd: 36 Bestanden geïnfecteerd: 173 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c47a9554-195a-4769-9b13-04f15b450a39} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c9c49ab1-6034-4984-bb26-189b7b43f752}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.93,85.255.112.122 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e6065bb0-cbee-4834-ab05-1975354f8719}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.93,85.255.112.122 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c9c49ab1-6034-4984-bb26-189b7b43f752}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.93,85.255.112.122 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e6065bb0-cbee-4834-ab05-1975354f8719}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.93,85.255.112.122 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{c9c49ab1-6034-4984-bb26-189b7b43f752}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.93,85.255.112.122 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e6065bb0-cbee-4834-ab05-1975354f8719}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.93,85.255.112.122 -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Program Files\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Program Files\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Program Files\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Program Files\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.3.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\SpywareBot\DataBaseNew.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-163721.296.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-163751.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-164220.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-165417.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-170838.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-172854.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-172952.343.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090807-181705.031.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090808-033403.578.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090808-053435.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090808-055308.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090808-094246.734.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090808-143110.906.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090808-200355.453.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090809-162059.968.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090809-230708.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-020737.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-021848.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-022523.000.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-024014.859.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-035028.390.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-035207.250.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-035216.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\NP_20090810-035509.875.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Internet Saving Optimizer\3.6.0.4470\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-163719.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-163721.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-163751.203.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-164220.093.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-165417.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-170838.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-172854.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-172952.312.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090807-181704.750.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-033403.265.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-053435.625.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-055308.890.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-094246.562.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-143110.421.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090808-200355.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-162059.437.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090809-230707.921.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-020736.937.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-021848.359.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-022522.984.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-024014.828.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-035028.328.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-035207.125.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-035216.531.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Application Data\Media Access Startup\1.5.3.850\HJHP_20090810-035509.843.log (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Dieter Van de Keere\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:41:07, on 20-10-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\CNAC3RPK.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177066498500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11438 bytes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:49, on 20-10-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\CNAC3RPK.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file) O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"9lives - Spelletjes - Breakout - Moby Blaster" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177066498500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12129 bytes