El Torro
19 November 2006, 21:30
+ Created at: 20:09:24 19/11/2006
+ Scan result:
C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014795.exe -> Adware.404Search : Cleaned with backup (quarantined).
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014806.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014815.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014824.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014830.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014831.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014832.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014834.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014835.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014836.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014837.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014839.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP100\A0012679.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP100\A0012693.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP100\A0012724.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012748.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012759.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012773.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012789.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP102\A0012807.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP102\A0012821.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP102\A0012834.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0012846.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014793.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014799.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP95\A0010411.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0010433.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0010451.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0011452.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0011465.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0012465.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012500.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012512.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012524.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012536.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012553.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP98\A0012572.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP98\A0012586.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP98\A0012599.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012614.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012626.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012640.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012655.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014817.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014365.dll -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014369.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014375.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014376.EXE -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014378.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014847.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP106\A0014937.dll -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014380.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014840.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014841.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014855.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-19\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-909079937-3406648928-2623173166-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014808.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014809.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014854.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP131\A0017952.dll -> Adware.PowerSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP125\A0017727.exe -> Adware.Rebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014786.exe -> Adware.RXBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014852.dll -> Adware.RXBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014853.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014772.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014773.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014774.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP125\A0017729.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP125\A0017730.dll -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKU\S-1-5-21-909079937-3406648928-2623173166-1007\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014371.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@detelegraaf.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc266.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc325.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc377.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc360.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc242.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc262.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc255.txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc259.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc306.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@need2find[2].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc227.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 20:29:07, on 19/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\slserv.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Web__Rebates\webrebatesv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Web__Rebates\to.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\LATEUR~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [NI.UERSM_0001_N68M1602] "C:\Documents and Settings\Lateur Marijke\Local Settings\Temporary Internet Files\Content.IE5\LYG94OW8\ErrorSafeScannerInstall _nl[1].exe" -nag
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: Alle links in deze pagina openen... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Markeren - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open In Nieuwe Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Toevoegen aan Reclame Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Zoeken - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
+ Scan result:
C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014795.exe -> Adware.404Search : Cleaned with backup (quarantined).
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014806.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014815.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014824.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014830.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014831.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014832.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014834.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014835.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014836.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014837.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014839.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP100\A0012679.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP100\A0012693.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP100\A0012724.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012748.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012759.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012773.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP101\A0012789.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP102\A0012807.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP102\A0012821.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP102\A0012834.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0012846.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014793.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014799.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP95\A0010411.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0010433.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0010451.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0011452.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0011465.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP96\A0012465.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012500.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012512.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012524.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012536.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP97\A0012553.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP98\A0012572.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP98\A0012586.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP98\A0012599.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012614.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012626.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012640.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP99\A0012655.exe -> Adware.Bestofer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014817.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014365.dll -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014369.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014375.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014376.EXE -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014378.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014847.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP106\A0014937.dll -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014380.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014840.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014841.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014855.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-19\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-909079937-3406648928-2623173166-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014808.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014809.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014854.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP131\A0017952.dll -> Adware.PowerSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP125\A0017727.exe -> Adware.Rebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014786.exe -> Adware.RXBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014852.dll -> Adware.RXBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP105\A0014853.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014772.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014773.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP104\A0014774.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP125\A0017729.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP125\A0017730.dll -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKU\S-1-5-21-909079937-3406648928-2623173166-1007\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP103\A0014371.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@detelegraaf.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc266.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc325.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc377.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc360.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc242.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc262.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc255.txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc259.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc306.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@need2find[2].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Lateur Marijke\Cookies\lateur marijke@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Lateur Marijke\Local Settings\Temp\Cookies\lateur marijke@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-909079937-3406648928-2623173166-1007\Dc227.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 20:29:07, on 19/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\slserv.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Web__Rebates\webrebatesv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Web__Rebates\to.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\LATEUR~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [NI.UERSM_0001_N68M1602] "C:\Documents and Settings\Lateur Marijke\Local Settings\Temporary Internet Files\Content.IE5\LYG94OW8\ErrorSafeScannerInstall _nl[1].exe" -nag
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: Alle links in deze pagina openen... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Markeren - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open In Nieuwe Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Toevoegen aan Reclame Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Zoeken - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe