Lounel

Hoi Kape De laatste handelingen verricht en iemand erg blij gemaakt. Ter lering heb ik hem de forumdiscussie laten zien, hopelijk heeft dat genoeg indruk gemaakt... Verder een vette pluim voor je hulp. Met vriendelijke groet, Lounel

Hoi Kape, Vam Antimalware Doctor lijkt hij verlost, en volgens mij werkt de pc verder goed. Ik wil hem door de eigenaar even laten testen, ik weet niet wat hij er zoal mee doet. Behalve besmettingen oplopen:hmpf:. Ik weet niet of jij nog problemen tegenkwam in het laatste log van Combofix? Je zult gevallen zoals dit hopelijk niet veel tegenkomen, hoop ik. Natuurlijk ontzettend bedankt voor de tijd die je erin gestoken hebt. Gr Lounel

Hier weer het logje, Kape ComboFix 10-10-11.01 - Gebruiker 11-10-2010 22:44:14.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.710 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: e:\micheal\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\program files\Ask.com\UpdateTask.exe" "c:\windows\Tasks\Scheduled Update for Ask Toolbar.job" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ask.com\UpdateTask.exe c:\windows\system32\drivers\yfaompno.sys c:\windows\Tasks\Scheduled Update for Ask Toolbar.job c:\windows\system32\winlogon.exe . . . is geïnfecteerd!! c:\windows\explorer.exe . . . is geïnfecteerd!! c:\windows\system32\drivers\cdrom.sys . . . is verdwenen! . (((((((((((((((((((( Bestanden Gemaakt van 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))) . 2010-10-10 19:32 . 2010-10-10 19:32 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Avira 2010-10-10 19:22 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-10 19:22 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-10 19:22 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-10 19:22 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-10 19:22 . 2010-10-10 19:22 -------- d-----w- c:\program files\Avira 2010-10-10 19:22 . 2010-10-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-10-10 15:09 . 2010-10-10 15:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2010-10-10 15:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 15:08 . 2010-10-10 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-10 15:08 . 2010-10-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-10 15:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-06 19:11 . 2010-10-06 19:11 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-06 19:11 . 2010-10-06 19:11 -------- d-----w- c:\program files\Trend Micro 2010-10-06 17:45 . 2010-10-11 17:34 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2010-10-06 17:26 . 2010-10-06 17:26 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\URSoft 2010-10-06 17:26 . 2010-10-10 15:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-10-06 17:26 . 2010-10-06 17:35 -------- d-----w- c:\program files\Your Uninstaller 2008 2010-09-30 19:34 . 2010-09-30 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-09-30 18:36 . 2010-09-30 18:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-09-28 19:10 . 2010-09-28 19:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-27 19:45 . 2010-09-27 19:46 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-27 19:43 . 2010-09-27 19:43 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2009-05-01 . A02BF7E8C036A2A8587F70A038922449 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-14 . A6FAF377B95AD2524FD1ADFBD41E501B . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-07-03 . 29B670363D0AB0C7E48AB08FFCC1A3F0 . 1037312 . . [6.00.2900.5634] . . c:\windows\explorer.exe [-] 2008-04-14 . A6FAF377B95AD2524FD1ADFBD41E501B . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2009-05-01 . 994AB4715B858D78B5A48E162D79577E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Invision\\mirc.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10-10-2010 21:22 135336] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30-3-2010 15:29 136176] . Inhoud van de 'Gedeelde Taken' map 2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:29] 2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:29] 2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{B1D97BE2-8695-406A-AAFF-178C5EC23E6A}.job - c:\windows\system32\msfeedssync.exe [2009-08-05 02:31] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ncmpgc8z.default\ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=nl_NL&apn_uid=FDB3EE1F-5C57-4123-A8DE-790931CFE134&apn_ptnrs=GX&apn_sauid=1162D36B-229C-4CF9-8690-FF6CE09DDCA0&apn_dtid=YYYYYYB8NL&q= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . . Voltooingstijd: 2010-10-11 22:50:57 ComboFix-quarantined-files.txt 2010-10-11 20:50 ComboFix2.txt 2010-10-11 17:31 ComboFix3.txt 2010-10-10 20:28 Pre-Run: 12.330.344.448 bytes beschikbaar Post-Run: 12.323.131.392 bytes beschikbaar - - End Of File - - C6A230545D340CF68036A3D30352BBC2

Beste Kape Ik heb een nieuwe scan gedaan met Combofix, hier volgt de gegenereerde tekst; ComboFix 10-10-11.01 - Gebruiker 11-10-2010 19:15:40.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.706 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: e:\micheal\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\hexdump.exe" "c:\windows\mdm.exe" "c:\windows\sysedit.exe" "c:\windows\system32\dloC.tmp" "c:\windows\system32\driVERs\xgjcxc.sys" "c:\windows\win16.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\hexdump.exe c:\windows\mdm.exe c:\windows\sysedit.exe c:\windows\system32\dloC.tmp c:\windows\win16.exe Besmet exemplaar van c:\windows\system32\drivers\compbatt.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack c:\windows\system32\winlogon.exe . . . is geïnfecteerd!! c:\windows\explorer.exe . . . is geïnfecteerd!! c:\windows\system32\drivers\cdrom.sys . . . is verdwenen! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VHWJGAKC -------\Service_vhwjgakc (((((((((((((((((((( Bestanden Gemaakt van 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))) . 2010-10-10 19:32 . 2010-10-10 19:32 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Avira 2010-10-10 19:22 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-10 19:22 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-10 19:22 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-10 19:22 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-10 19:22 . 2010-10-10 19:22 -------- d-----w- c:\program files\Avira 2010-10-10 19:22 . 2010-10-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-10-10 15:09 . 2010-10-10 15:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2010-10-10 15:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 15:08 . 2010-10-10 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-10 15:08 . 2010-10-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-10 15:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-06 19:11 . 2010-10-06 19:11 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-06 19:11 . 2010-10-06 19:11 -------- d-----w- c:\program files\Trend Micro 2010-10-06 17:45 . 2010-10-10 20:31 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2010-10-06 17:26 . 2010-10-06 17:26 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\URSoft 2010-10-06 17:26 . 2010-10-10 15:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-10-06 17:26 . 2010-10-06 17:35 -------- d-----w- c:\program files\Your Uninstaller 2008 2010-09-30 19:34 . 2010-09-30 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-09-30 18:36 . 2010-09-30 18:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-09-28 19:10 . 2010-09-28 19:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-27 19:45 . 2010-09-27 19:46 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-27 19:43 . 2010-09-27 19:43 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2009-05-01 . A02BF7E8C036A2A8587F70A038922449 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-14 . A6FAF377B95AD2524FD1ADFBD41E501B . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-07-03 . 29B670363D0AB0C7E48AB08FFCC1A3F0 . 1037312 . . [6.00.2900.5634] . . c:\windows\explorer.exe [-] 2008-04-14 . A6FAF377B95AD2524FD1ADFBD41E501B . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2009-05-01 . 994AB4715B858D78B5A48E162D79577E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Invision\\mirc.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10-10-2010 21:22 135336] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30-3-2010 15:29 136176] . Inhoud van de 'Gedeelde Taken' map 2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:29] 2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:29] 2010-10-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23] 2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{B1D97BE2-8695-406A-AAFF-178C5EC23E6A}.job - c:\windows\system32\msfeedssync.exe [2009-08-05 02:31] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ncmpgc8z.default\ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=nl_NL&apn_uid=FDB3EE1F-5C57-4123-A8DE-790931CFE134&apn_ptnrs=GX&apn_sauid=1162D36B-229C-4CF9-8690-FF6CE09DDCA0&apn_dtid=YYYYYYB8NL&q= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS VERWIJDERD - - - - HKU-Default-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3676) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\WgaTray.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-10-11 19:31:53 - machine werd herstart ComboFix-quarantined-files.txt 2010-10-11 17:31 ComboFix2.txt 2010-10-10 20:28 Pre-Run: 12.332.027.904 bytes beschikbaar Post-Run: 12.327.788.544 bytes beschikbaar - - End Of File - - 30E020CAF7F521BC6968AFF82CC51205

Hoi Kape, Inderdaad wat een lijst met bestanden!! Ik heb er nu een Antivirus programma op geinstalleerd, en hoop dat daarmee de meeste rotzooi tegengehouden wordt, maar ik zie dat er ook nogal eens gedownload wordt (Bittorent en Newsleecher). Ik heb inmiddels een logje van Combofix geplakt en wacht wel op reactie, bedankt alvast maar weer voor de moeite. ComboFix 10-10-09.06 - Gebruiker 10-10-2010 22:01:11.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.685 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documenten\Server\admin.txt c:\documents and settings\All Users\Documenten\Server\server.dat c:\documents and settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A c:\documents and settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A\enemies-names.txt c:\documents and settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A\libcore707en0setup.exe c:\documents and settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A\local.ini c:\documents and settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A\lsrslt.ini c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\program files\CyberLink\PowerDVD\PDVDServ.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Winamp\winampa.exe c:\windows\system32\driVERs\xgjcxc.sys c:\windows\system32\drivers\xgjcxc.sys . . . is geïnfecteerd!! . . . Failed to find a valid replacement. c:\windows\system32\winlogon.exe . . . is geïnfecteerd!! c:\windows\explorer.exe . . . is geïnfecteerd!! c:\windows\system32\drivers\cdrom.sys . . . is verdwenen! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_xgjcxc -------\Service_xgjcxc (((((((((((((((((((( Bestanden Gemaakt van 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))) . 2010-10-10 19:32 . 2010-10-10 19:32 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Avira 2010-10-10 19:22 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-10 19:22 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-10 19:22 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-10 19:22 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-10 19:22 . 2010-10-10 19:22 -------- d-----w- c:\program files\Avira 2010-10-10 19:22 . 2010-10-10 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-10-10 15:09 . 2010-10-10 15:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2010-10-10 15:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 15:08 . 2010-10-10 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-10 15:08 . 2010-10-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-10 15:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-06 19:11 . 2010-10-06 19:11 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-06 19:11 . 2010-10-06 19:11 -------- d-----w- c:\program files\Trend Micro 2010-10-06 17:45 . 2010-10-10 15:28 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2010-10-06 17:26 . 2010-10-06 17:26 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\URSoft 2010-10-06 17:26 . 2010-10-10 15:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-10-06 17:26 . 2010-10-06 17:35 -------- d-----w- c:\program files\Your Uninstaller 2008 2010-09-30 19:34 . 2010-09-30 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-09-30 18:36 . 2010-09-30 18:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-09-28 19:10 . 2010-09-28 19:10 0 ----a-w- c:\windows\system32\dloC.tmp 2010-09-28 19:10 . 2010-09-28 19:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-28 18:19 . 2010-10-10 15:01 94212 ----a-w- c:\windows\hexdump.exe 2010-09-28 18:19 . 2010-10-10 15:01 94212 ----a-w- c:\windows\win16.exe 2010-09-28 18:19 . 2010-10-10 15:01 94212 ----a-w- c:\windows\sysedit.exe 2010-09-28 18:19 . 2010-10-10 15:01 94212 ----a-w- c:\windows\mdm.exe 2010-09-27 19:45 . 2010-09-27 19:46 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-27 19:43 . 2010-09-27 19:43 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\CyberLink\PowerDVD\PDVDServ .exe c:\program files\Dell\QuickSet\quickset .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Winamp\winampa .exe </pre> ------- Sigcheck ------- [-] 2009-05-01 . A02BF7E8C036A2A8587F70A038922449 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-04-14 . A6FAF377B95AD2524FD1ADFBD41E501B . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-07-03 . 29B670363D0AB0C7E48AB08FFCC1A3F0 . 1037312 . . [6.00.2900.5634] . . c:\windows\explorer.exe [-] 2008-04-14 . A6FAF377B95AD2524FD1ADFBD41E501B . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2009-05-01 . 994AB4715B858D78B5A48E162D79577E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [N/A] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe" [N/A] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A] "WinampAgent"="c:\program files\Winamp\winampa.exe" [N/A] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "_nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Invision\\mirc.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10-10-2010 21:22 135336] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30-3-2010 15:29 136176] S2 vhwjgakc;IPX Traffic Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [15-4-2008 0:33 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vhwjgakc . Inhoud van de 'Gedeelde Taken' map 2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:29] 2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:29] 2010-10-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23] 2010-10-10 c:\windows\Tasks\User_Feed_Synchronization-{B1D97BE2-8695-406A-AAFF-178C5EC23E6A}.job - c:\windows\system32\msfeedssync.exe [2009-08-05 02:31] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ncmpgc8z.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://nl.ask.com?o=15446&l=dis FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=nl_NL&apn_uid=FDB3EE1F-5C57-4123-A8DE-790931CFE134&apn_ptnrs=GX&apn_sauid=1162D36B-229C-4CF9-8690-FF6CE09DDCA0&apn_dtid=YYYYYYB8NL&q= FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866ACEC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf78c8f28 \Driver\ACPI -> ACPI.sys @ 0xf781acb8 \Driver\atapi -> atapi.sys @ 0xf77b4852 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0626 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0626 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf76d2bb0 PacketIndicateHandler -> NDIS.sys @ 0xf76dfa21 SendHandler -> NDIS.sys @ 0xf76bd87b user & kernel MBR OK ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2004) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\WgaTray.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-10-10 22:28:19 - machine werd herstart ComboFix-quarantined-files.txt 2010-10-10 20:28 Pre-Run: 12.281.188.352 bytes beschikbaar Post-Run: 12.368.318.464 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 3A45C6DC9CB666DE5AB875BB615C5A13

Bedankt voor de snelle reactie. Ingevoegd de twee logjes, ik hoop dat we van het probleem af zijn...... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:27:40, on 10-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe C:\Program Files\Winamp\winampa .exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe C:\Program Files\Java\jre6\bin\jusched .exe C:\Program Files\Dell\QuickSet\quickset .exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe C:\WINDOWS\System32\svchost.exe E:\HijackThis.exe C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- End of file - 5474 bytes Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4791 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10-10-2010 17:22:42 mbam-log-2010-10-10 (17-22-42).txt Scantype: Snelle scan Objecten gescand: 140674 Verstreken tijd: 10 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 3 Geheugenmodulen geïnfecteerd: 4 Registersleutels geïnfecteerd: 161 Registerwaarden geïnfecteerd: 18 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 45 Bestanden geïnfecteerd: 263 Geheugenprocessen geïnfecteerd: C:\Documents and Settings\Gebruiker\Application Data\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully. c:\WINDOWS\system32\wuaucldt.exe (Backdoor.Bot) -> Unloaded process successfully. C:\Documents and Settings\All Users\Application Data\yvyq8TUV.exe (Trojan.Agent) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\nryj4uyso.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\q2zyyr1qid.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\m5ip2h495.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\xuo6ev4.dll (Trojan.Downloader) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2557dd3f-23a0-477c-bcd8-90fd0aecc4b8} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2893116c-a176-42b1-8794-da8c9fc45564} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{99fdca0c-7380-4e9c-8d99-5dc4750334ef} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{85e5e8d1-0b63-4588-a5a0-b927a23f5f60} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{90d9e343-d350-44ba-9329-1aa35b038657} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90d9e343-d350-44ba-9329-1aa35b038657} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e8bdff85-f8c2-4281-8669-31253e646518} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8bdff85-f8c2-4281-8669-31253e646518} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e8bdff85-f8c2-4281-8669-31253e646518} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoax.info (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmoweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.hbax (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{f244a744-534d-4a46-855f-c0c7e9f27daa} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{030c9927-10fc-4169-97a2-55becd5d88d8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e2dfd6a-4e20-4d4c-aa8b-e1f9dbef3c80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{714e0876-fcee-49ce-a429-b9ad8aefcb56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dd15bcc0-5fe9-4690-a957-99fa60ed9d26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.hbax.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.iebutton (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.iebutton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.iebuttona (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.iebuttona.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0eb3f101-224a-4b2b-9e5b-df720857529c} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a1f1ecd3-4806-44c6-a869-f0dadf11c57c} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d1063603-f045-475f-afbc-8cba7d5797fb} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cdc73256-a88d-4642-844e-a8f20b76789c} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{b035ba6b-57cd-4f72-b545-65be465fcaf6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d44fd6f0-9746-484e-b5c4-c66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bardiscover (Adware.BarDiscover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoax.info (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoax.info.1 (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoweather.weathercontroller (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmoweather.weathercontroller.1 (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nelbaxms (Trojan.Downloader) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nelbaxms (Trojan.Downloader) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nzpajsiv (Trojan.Downloader) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nzpajsiv (Trojan.Downloader) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nuraguo (Trojan.Downloader) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nuraguo (Trojan.Downloader) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnuitoxrqwyc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnuitoxrolz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\seekmo@seekmo.com (Adware.SeekMo) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\IESkins (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\HostOI (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\HostOI\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\HostOL (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\HostOL\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\ustat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather\WeatherDPA (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather\WeatherDPA\Weather_XML (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather\Weather_XML (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\res2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0 (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Bin\2.7.12 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Bestanden geïnfecteerd: c:\documents and settings\gebruiker\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nryj4uyso.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Gebruiker\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\q2zyyr1qid.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\m5ip2h495.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\xuo6ev4.dll (Trojan.Downloader) -> Delete on reboot. C:\Program Files\Seekmo\bin\11.0.175.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\CoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\HostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll (Adware.SeekMo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cfl4s1w.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xhlcqe5g2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\pvjahvfb.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\mdm .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\n9owip.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\nvsvc32 .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\spoolsv .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\sysedit .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\v5uoigavjzvd8kv5.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\v6spdnvov.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\wqjwpj.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\csrss .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\e6wnfw60y8988.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\ily04.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\kbgmfm.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\xbkk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\xnny7ym.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\gx7kirxb8oon.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\ia5e2dp .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\ppvijkl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\r48xwpnzr .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\setup .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\svchost .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\sysedit .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\hexdump .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\smss .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\win .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\win16 .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\mdm .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover149.exe (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\1.sdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\3340762.sdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\3781281.sdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\domains.txt (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\104622 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\173081 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\449624 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\45833 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\564375 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\64495 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\753627 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\753634 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\TooltipXML\90361 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\dynamic\ustat\39be.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\blackdomain.list (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\btntrans.idx (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\btntrans1.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\buttondir.txt (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\components.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\cursors.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\default.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_511745-514279.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_categorize.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_comparison.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_explorer-Mails.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_explorer-people.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_favorites.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_Games.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_Hide.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_hotbarcom.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_Hotmail.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_hsskin.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_Mails.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_new.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_premium.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_searchfor.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_searchgo.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_weather.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Default_yellowpages.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_1000.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_2000.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_3000.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_bar.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_bbar1.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_logos.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_buttons_other.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\d_icons_weather.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\email-def-511724-548964.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\email-def-511724-9595.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\email-t1-bg.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\icons2.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\ie_games_icon.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\ie_video.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\keywords.idx (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\keywords1.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\layout.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\linkpathlegal.txt (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\privatemode.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\private_mode.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\progress.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\sales_buttons.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\seekmo.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\seekmo_ie_menu.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\s_icons_buttons.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\t2_bg.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\theweb.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\top7.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\Top7_theweb.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\tsd_bg.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\1\weathericon.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\blackdomain.list (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\btntrans.idx (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\btntrans1.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\buttondir.txt (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\components.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\cursors.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\default.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_511745-514279.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_categorize.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_comparison.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_explorer-Mails.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_explorer-people.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_favorites.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_Games.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_Hide.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_hotbarcom.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_Hotmail.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_hsskin.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_Mails.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_new.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_premium.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_searchfor.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_searchgo.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_weather.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Default_yellowpages.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_1000.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_2000.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_3000.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_bar.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_bbar1.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_logos.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_buttons_other.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\d_icons_weather.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\email-def-511724-548964.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\email-def-511724-9595.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\email-t1-bg.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\icons2.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\ie_games_icon.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\ie_video.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\keywords.idx (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\keywords1.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\layout.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\linkpathlegal.txt (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\privatemode.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\private_mode.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\progress.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\sales_buttons.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\seekmo.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\seekmo_ie_menu.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\s_icons_buttons.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\t2_bg.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\theweb.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\top7.cdf (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\Top7_theweb.mnu (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\tsd_bg.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\2\weathericon.res (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\blackdomain.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\BtnTrans.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\BtnTrans1.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\buttondir.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\cursors.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\default.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_1000.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_2000.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_3000.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_bar.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_logos.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_buttons_other.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\d_icons_weather.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\email-t1-bg.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\icons2.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\ie_games_icon.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\ie_video.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\keywords.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\keywords1.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\layout.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\linkpathlegal.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\private_mode.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\progress.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\sales_buttons.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\samplegroups2.txt (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\samplegroups2.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\seekmo.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\seekmo_ie_menu.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\s_icons_buttons.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\t2_bg.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\top7.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\tsd_bg.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\v3.5\Seekmo\static\DownLoad\weathericon.xip (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather\WeatherStartup.xml (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather\Weather_XML\Genera1 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\Seekmo\Weather\Weather_XML\General (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Application Data\ShoppingReport2\cs\res2\WhiteList.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Program Files\BarDiscover\bardiscover.dll (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\BarDiscover\bardiscover.exe (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\BarDiscover\uninstall.exe (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js (Adware.BarDiscover) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSA .exe (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSA.exe (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSAHook.dll (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoUninstaller.exe (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\WeSkin.dll (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\Seekmo\bin\11.0.175.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\Seekmo\Reset Cursor.lnk (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\Seekmo\Seekmo Customer Support Center.lnk (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\Seekmo\Seekmo Uninstall Instructions.lnk (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\Seekmo\Weather.lnk (Adware.Seekmo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\Documents and Settings\Gebruiker\Application Data\jsdfgs.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\yvyq8TUV.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. C:\Documents and Settings\Gebruiker\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\spoolsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\i3E8p3h.com (Malware.Generic) -> Quarantined and deleted successfully. C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\win.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\r48xwpnzr.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Gebruiker\Local Settings\Temp\ia5e2dp.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

Goedemiddag Forum ik zit momenteel opgescheept met een laptop die besmet is met Antimalware Doctor. Na opstarten wil Antispy meteen een scan doen, waarna er direct allerlei meldingen verschijnen van Antimalware Doctor Via het forum heb ik HJT gedownload en daar een scan mee gedaan op de laptop. Intussen ook MBAM op een stick gezet, maar nog niet geinstalleerd. De laptop heb ik nog niet aan het netwerk hangen, ook nog geen verbinding met internet. Zouden jullie mij kunnen helpen? Hartelijk dank alvast, Lounel Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:25:34, on 10-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Gebruiker\Application Data\hotfix.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover149.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSA.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\windows\system32\wuaucldt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\r48xwpnzr.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\ia5e2dp.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\csrss.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\mdm.exe C:\WINDOWS\smss.exe C:\WINDOWS\mdm.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\nvsvc32.exe C:\WINDOWS\svchost.exe C:\WINDOWS\win.exe C:\WINDOWS\win16.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\setup.exe C:\WINDOWS\sysedit.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\sysedit.exe C:\WINDOWS\hexdump.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Seekmo\bin\11.0.175.0\Weather.exe C:\Documents and Settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A\libcore707en0setup.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\r48xwpnzr.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\ia5e2dp.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\csrss.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\mdm.exe C:\WINDOWS\smss.exe C:\WINDOWS\mdm.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\nvsvc32.exe C:\WINDOWS\svchost.exe C:\WINDOWS\win.exe C:\WINDOWS\win16.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\setup.exe C:\WINDOWS\sysedit.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\sysedit.exe C:\WINDOWS\hexdump.exe C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\spoolsv.exe E:\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Nederland - De andere zoekmachine R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: C:\WINDOWS\system32\nryj4uyso.dll - {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - C:\WINDOWS\system32\nryj4uyso.dll O3 - Toolbar: Seekmo - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Seekmo\bin\11.0.175.0\HostIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\11.0.175.0\SeekmoSA.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe O4 - HKLM\..\Run: [uPc+MV0NelbaXms] rundll32.exe C:\WINDOWS\system32\q2zyyr1qid.dll, SystemServer O4 - HKLM\..\Run: [uPc+MV0NZPAJsiv] rundll32.exe C:\WINDOWS\system32\m5ip2h495.dll, SystemServer O4 - HKLM\..\Run: [uPc+MV0NuRaGuo] rundll32.exe C:\WINDOWS\system32\xuo6ev4.dll, SystemServer O4 - HKLM\..\Run: [HNUITOXRqWyc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\r48xwpnzr.exe O4 - HKLM\..\Run: [HNUITOXRoLZ] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\ia5e2dp.exe O4 - HKLM\..\Run: [HNUITOXRnyc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\csrss.exe O4 - HKLM\..\Run: [HNUITOXRpZ] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\mdm.exe O4 - HKLM\..\Run: [MKeg] C:\WINDOWS\smss.exe O4 - HKLM\..\Run: [MKcZ] C:\WINDOWS\mdm.exe O4 - HKLM\..\Run: [HNUITOXRpw+] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\nvsvc32.exe O4 - HKLM\..\Run: [MKese] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [MKfa] C:\WINDOWS\win.exe O4 - HKLM\..\Run: [MKfPc] C:\WINDOWS\win16.exe O4 - HKLM\..\Run: [HNUITOXRrvc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\setup.exe O4 - HKLM\..\Run: [MKetc] C:\WINDOWS\sysedit.exe O4 - HKLM\..\Run: [HNUITOXRrtc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\sysedit.exe O4 - HKLM\..\Run: [MKbtc] C:\WINDOWS\hexdump.exe O4 - HKLM\..\Run: [HNUITOXRruf] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\spoolsv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Seekmo\bin\11.0.175.0\Weather.exe" -auto O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\gebruiker\wuaucldt.exe O4 - HKCU\..\Run: [libcore707en0setup.exe] C:\Documents and Settings\Gebruiker\Application Data\569EC79CB3A648C6D81F0246E0A8046A\libcore707en0setup.exe O4 - HKCU\..\Run: [uPc+MV0NelbaXms] rundll32.exe C:\WINDOWS\system32\q2zyyr1qid.dll, SystemServer O4 - HKCU\..\Run: [uPc+MV0NZPAJsiv] rundll32.exe C:\WINDOWS\system32\m5ip2h495.dll, SystemServer O4 - HKCU\..\Run: [uPc+MV0NuRaGuo] rundll32.exe C:\WINDOWS\system32\xuo6ev4.dll, SystemServer O4 - HKCU\..\Run: [HNUITOXRqWyc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\r48xwpnzr.exe O4 - HKCU\..\Run: [HNUITOXRoLZ] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\ia5e2dp.exe O4 - HKCU\..\Run: [HNUITOXRnyc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\csrss.exe O4 - HKCU\..\Run: [HNUITOXRpZ] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\mdm.exe O4 - HKCU\..\Run: [MKeg] C:\WINDOWS\smss.exe O4 - HKCU\..\Run: [MKcZ] C:\WINDOWS\mdm.exe O4 - HKCU\..\Run: [HNUITOXRpw+] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\nvsvc32.exe O4 - HKCU\..\Run: [MKese] C:\WINDOWS\svchost.exe O4 - HKCU\..\Run: [MKfa] C:\WINDOWS\win.exe O4 - HKCU\..\Run: [MKfPc] C:\WINDOWS\win16.exe O4 - HKCU\..\Run: [HNUITOXRrvc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\setup.exe O4 - HKCU\..\Run: [MKetc] C:\WINDOWS\sysedit.exe O4 - HKCU\..\Run: [HNUITOXRrtc] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\sysedit.exe O4 - HKCU\..\Run: [MKbtc] C:\WINDOWS\hexdump.exe O4 - HKCU\..\Run: [HNUITOXRruf] C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\spoolsv.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: jsfsue98jfi8dfjijse - {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - C:\WINDOWS\system32\nryj4uyso.dll O23 - Service: BarDiscover Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover149.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- End of file - 11479 bytes