OK
DDS;
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Han at 11:07:15 on 2012-07-15
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2038.1234 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\pfowvktr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.google.nl/" onclick="window.open(this.href);return false;
mStart Page = hxxp://home.sweetim.com" onclick="window.open(this.href);return false;
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: VideoFileDownload: {82ea3e77-7bd2-4744-a8f2-670770767ec5} - c:\program files\oapps\bho_project.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [pfowvktrnhjbrsf] c:\documents and settings\all users\application data\pfowvktr.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{08B39053-3F57-4AFE-ADBD-732316922C81} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\han\application data\mozilla\firefox\profiles\o0y9ub1v.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.searchqu.com/406" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=" onclick="window.open(this.href);return false;
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-9-29 1374464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 113120]
S3 phil2vid;Philips USB VGA Camera;c:\windows\system32\drivers\philcam2.sys [2011-7-30 173696]
.
=============== Created Last 30 ================
.
2012-07-14 22:28:41 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{953b1452-5e13-4cf2-b96a-b364bebad4c6}\mpengine.dll
2012-07-14 20:47:04 -------- d-----w- c:\documents and settings\han\local settings\application data\Apple
2012-07-14 17:02:41 -------- d-sh--w- c:\documents and settings\han\IECompatCache
2012-07-14 11:12:40 -------- d-----w- c:\documents and settings\han\application data\Malwarebytes
2012-07-14 11:12:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-14 11:12:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 11:12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 00:13:45 49152 ----a-w- c:\documents and settings\all users\application data\pfowvktr.exe
2012-07-14 00:13:45 49152 ------w- c:\documents and settings\all users\application data\yxynnkrk.exe
2012-07-14 00:13:43 -------- d-----w- c:\documents and settings\all users\application data\ksiedxbvnccacoa
2012-07-14 00:13:42 49152 ------w- c:\documents and settings\all users\application data\upmcrptj.exe
2012-07-13 22:31:09 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-07 16:37:28 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-07-01 16:13:40 -------- d-----w- c:\program files\OApps
2012-07-01 16:13:39 -------- d-----w- c:\program files\TorrentSearch
2012-06-25 22:19:56 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-25 22:19:56 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-15 23:52:06 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-27 22:29:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 22:29:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-02 00:46:28 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-18 18:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 11:08:02,23 ===============
Emsisoft
Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 14-7-2012 23:48:25
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\
Scan archieven: Aan
ADS Scan: Aan
Scan gestart: 14-7-2012 23:49:05
c:\program files\oapps\bho_project.dll Ontdekt: Trojan.Win32.BHO!E2
c:\windows\system32\cgziplibrary.dll Ontdekt: Trace.File.max net shield!E1
Value: hkey_local_machine\software\freeze.com\installer --> id Ontdekt: Trace.Registry.ez game cheats!E1
Value: hkey_classes_root\clsid\{293364ae-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Ontdekt: Trace.Registry.max net shield!E1
Value: hkey_classes_root\clsid\{293364ba-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Ontdekt: Trace.Registry.max net shield!E1
Value: hkey_local_machine\software\classes\clsid\{293364ae-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Ontdekt: Trace.Registry.max net shield!E1
Value: hkey_local_machine\software\classes\clsid\{293364ba-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Ontdekt: Trace.Registry.max net shield!E1
Key: hkey_local_machine\software\freeze.com\ Ontdekt: Trace.Registry.freeze!E1
C:\System Volume Information\_restore{157120E5-C012-4E98-8E02-8C8E0059EEE9}\RP582\A0080822.exe -> $INSTDIR\bho_project.dll Ontdekt: Trojan.Win32.BHO!E2
C:\Program Files\RegDoctor\logo24.ico Ontdekt: Adware.Win32.RegDoctor!E1
C:\Program Files\FLVPlayer\Uninstall\Uninstall.exe Ontdekt: Riskware.Win32.InstallCore.AMN!E1
C:\Documents and Settings\Administrator\My Documents\Downloads\OTB_Video_Bareback_Cumparty_8_Wet_n_Sticky_avi_Fast.exe -> $INSTDIR\torrent.exe Ontdekt: Trojan.Win32.DownLoader!E2
C:\Documents and Settings\Administrator\Local Settings\Temp\is1373634743\MyBabylonTB.exe Ontdekt: Riskware.Win32.Toolbar.Babylon.AMN!E1
C:\Documents and Settings\Administrator\Local Settings\Temp\is1373634743\Searchya.exe Ontdekt: Trojan.Win32.Spy!E2
Gescand 572356
Gevonden 14
Scan geëindigd: 15-7-2012 3:05:50
Scantijd: 3:16:45
C:\Documents and Settings\Administrator\Local Settings\Temp\is1373634743\Searchya.exe Verwijderd Trojan.Win32.Spy!E2
C:\Documents and Settings\Administrator\Local Settings\Temp\is1373634743\MyBabylonTB.exe Verwijderd Riskware.Win32.Toolbar.Babylon.AMN!E1
C:\Documents and Settings\Administrator\My Documents\Downloads\OTB_Video_Bareback_Cumparty_8_Wet_n_Sticky_avi_Fast.exe -> $INSTDIR\torrent.exe Verwijderd Trojan.Win32.DownLoader!E2
C:\Program Files\FLVPlayer\Uninstall\Uninstall.exe Verwijderd Riskware.Win32.InstallCore.AMN!E1
C:\Program Files\RegDoctor\logo24.ico Verwijderd Adware.Win32.RegDoctor!E1
Key: hkey_local_machine\software\freeze.com\ Verwijderd Trace.Registry.freeze!E1
Value: hkey_classes_root\clsid\{293364ae-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Verwijderd Trace.Registry.max net shield!E1
Value: hkey_classes_root\clsid\{293364ba-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Verwijderd Trace.Registry.max net shield!E1
Value: hkey_local_machine\software\classes\clsid\{293364ae-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Verwijderd Trace.Registry.max net shield!E1
Value: hkey_local_machine\software\classes\clsid\{293364ba-43f8-11d3-bc2d-4000000a2806}\inprocserver32 --> threadingmodel Verwijderd Trace.Registry.max net shield!E1
Value: hkey_local_machine\software\freeze.com\installer --> id Verwijderd Trace.Registry.ez game cheats!E1
c:\windows\system32\cgziplibrary.dll Verwijderd Trace.File.max net shield!E1
c:\program files\oapps\bho_project.dll Verwijderd Trojan.Win32.BHO!E2
C:\System Volume Information\_restore{157120E5-C012-4E98-8E02-8C8E0059EEE9}\RP582\A0080822.exe -> $INSTDIR\bho_project.dll Verwijderd Trojan.Win32.BHO!E2
Verwijderd 14
Mbam
Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
http://www.malwarebytes.org" onclick="window.open(this.href);return false;
Databaseversie: v2012.07.14.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Han :: PC [administrator]
Realtime bescherming: Ingeschakeld
14-7-2012 13:14:08
mbam-log-2012-07-14 (13-14-08).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 283580
Verstreken tijd: 4 uur/uren, 42 minuut/minuten, 51 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 16
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Geen actie ondernomen.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\bho_project.bho_object (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|
ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 3
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Administrator\Application Data\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 9
C:\Documents and Settings\Administrator\My Documents\Downloads\Setup (93).exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Administrator\Local Settings\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U28BD5J2\vfd-ob[1].exe (Rootkit.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Administrator\0.3983236641021761.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)