PDA

Volledige versie bekijken : help please pc flipping on me ...



uSo-dragon
28 januari 2007, 18:39
heb laatste tijd veel last van pop ups en een of adner programme dat in men taakbalk tevoorschijnt komt .... en dan alsk er op klik verschijnt website met link naar antivirus ... kem al vanalles geprobeert ver da te zzoeken en kvind niet ...


Logfile of HijackThis v1.99.1
Scan saved at 18:36:36, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe
C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
D:\dimitri\software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {8C0C6C0E-A4C5-FF6F-984F-FBBADF374399} - C:\WINDOWS\system32\mffz.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8C0C6C0E-A4C5-FF6F-984F-FBBADF374399} - C:\WINDOWS\system32\mffz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Waan] "C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe" -vt tzt
O4 - HKCU\..\Run: [Pderhm] C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Jurgenv1
28 januari 2007, 18:56
* Je kan deze instructies best uitprinten of opslaan in een kladblokbestand, want straks zal je in veilige modus
moeten gaan werken, en dan is deze pagina niet beschikbaar (geen internet)

* Download smitRem.exe (http://www.downloads.subratam.org/smitRem.exe) en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.


* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Ga dan naar Start -> configuratiescherm -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "Security Info" als het er nog staat.

* Herstart je computer in normale modus.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Doe een online scan via Panda's online virus scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) en bewaar het rapport dat je krijgt na het scannen

* Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis, samen met het rapport van AVG Anti-Spyware 7.5 en Panda, Post de log van de smitRem tool, die je hier kan vinden: C:\smitfiles.txt.

uSo-dragon
29 januari 2007, 11:48
ok kga da proberen alvast al bedankt

uSo-dragon
31 januari 2007, 11:23
ja kem da ies allemaal gedaan ze ier de log filekes :

logfile van HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 11:19:33, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\dimitri\software\hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {8C0C6C0E-A4C5-FF6F-984F-FBBADF374399} - C:\WINDOWS\system32\mffz.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8C0C6C0E-A4C5-FF6F-984F-FBBADF374399} - C:\WINDOWS\system32\mffz.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Waan] "C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [Pderhm] C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe



Panda log file:


Incident Status Location

Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt[.888.com/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ad.yieldmanag er[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@atdmt[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@hitbox[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@metriweb[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@serving-sys[1].txt
Virus:Trj/Alanchum.OJ Disinfected C:\Documents and Settings\Dsmer.FAMILIE\Local Settings\Application Data\IM\Identities\{48065D2E-76CD-433D-919F-C923B8F2B851}\Message Store\Inbox.imm[greeting card.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Local Settings\Temporary Internet Files\Content.IE5\S1IJ8HAN\!update-4295[1].0000
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Mijn documenten\recover pc\smitrem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dsmer.FAMILIE\Mijn documenten\recover pc\smitRem.exe[smitRem/Process.exe]
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1461OinUninstaller.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
Adware:Adware/PurityScan Not disinfected C:\Program Files\Outerinfo\OiUninstaller.exe
Adware:Adware/ActiveSearch Not disinfected C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016783.exe[deskbar.exe]
Adware:Adware/ActiveSearch Not disinfected C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016783.exe[deskbar.exe][deskbar.dll]
logfile van smitrem:

smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [versie 5.1.2600]
"IE"="6.0000"

Running from
C:\Documents and Settings\Dsmer.FAMILIE\Mijn documenten\recover pc\smitrem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Documents and Settings\\Dsmer.FAMILIE\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediM ail_Install.exe"="C:\\Documents and Settings\\Dsmer.FAMILIE\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediM ail_Install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:Inc rediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:Incre diMail"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microso ft (R) HTML Application host"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\MSPUB.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\MSPUB.EXE:*:Enabled:Microsoft Office Publisher"
"D:\\griet\\LimeWire\\LimeWire.exe"="D:\\griet\\LimeWire\\LimeWire.exe:*:Enabled:LimeWi re"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:Incr ediMail"
"C:\\Program Files\\MAXON\\CINEMA 4D R9\\C4D Client.EXE"="C:\\Program Files\\MAXON\\CINEMA 4D R9\\C4D Client.EXE:*:Enabled:CINEMA 4D ©"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\WarRock\\WRLauncher.exe"="C:\\Program Files\\WarRock\\WRLauncher.exe:*:Enabled:WarRock"
"C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:Blubster"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabl ed:TrueVector Service"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1016 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

uSo-dragon
31 januari 2007, 11:24
logfile van avg

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:48:53 30/01/2007

+ Scan result:



C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP63\A0013984.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP71\A0014998.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\ot.ico -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\pmmon.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\pmsngr.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\pmuninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\ts.ico -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016786.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016807.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016813.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016814.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016818.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\WіnSxS\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP23\A0008462.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP24\A0008504.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP43\A0011218.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP48\A0012078.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP49\A0012384.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP49\A0012385.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP50\A0012510.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP50\A0012511.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP63\A0013941.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP63\A0013983.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP65\A0014098.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP66\A0014157.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP71\A0014997.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP72\A0015115.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP74\A0015316.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP78\A0016657.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP78\A0016664.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP81\A0016794.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP81\A0016796.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP85\A0017144.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP85\A0017145.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP86\A0017279.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP90\A0017483.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP92\A0017643.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP93\A0017688.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mffz.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Dsmer.FAMILIE\Local Settings\Temp\Cliprex_WhenUSave_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{60AE83F5-0682-2067-0812-020505030020}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{60AE83F5-0682-2067-0812-020505030020}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016782.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016785.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP93\A0017911.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016816.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
D:\dimitri\Key Logger Collection\Blazingtools Perfect Keylogger v.1.6.2.0\KeyGen\keygen.exe -> Backdoor.Small.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016839.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016787.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016784.exe -> Downloader.Adload.hg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP90\A0017498.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
D:\dimitri\songs\software\CD-Windows_XP_Professional_Service_Pack_1.zip/hlv.exe -> Downloader.INService.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP43\A0011219.exe -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP93\A0017897.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP93\A0017898.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP52\A0012598.exe -> Downloader.PurityScan.du : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Мicrosoft.NET\spool32.exe -> Downloader.PurityScan.dx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016781.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0015860.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0015861.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016788.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016789.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
D:\dimitri\songs\software\Registry_Mechanic_5.0.ra r/install.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016790.exe -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016835.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
D:\dimitri\software\MsgPlus-254.exe/70000011.exe -> Downloader.Swizzor.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP74\A0015337.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
D:\dimitri\Text.to.PDF.Converter.v3.0.WinALL.CRACK ED-iNDUCT.zip/run.exe -> Downloader.Zlob.ban : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP94\A0017973.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
D:\dimitri\songs\ps2\Pcsx2_0.9.1_Setup.exe -> Dropper.Agent.adw : Cleaned with backup (quarantined).
D:\dimitri\songs\ps2\Playstation[1].2.Emulator.BIOS.Included-GOLdENFLAiR.rar/Pcsx2_0.9.1_Setup.exe -> Dropper.Agent.adw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP93\A0017896.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Dsmer.FAMILIE\Local Settings\Temporary Internet Files\Content.IE5\3T01LGNL\xpladv605[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016817.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\ComPlus Applications\mejeza.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN\polo.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
D:\dimitri\songs\software\Registry_Mechanic_5.0.ra r/crack.exe -> Hijacker.VB.fg : Cleaned with backup (quarantined).
D:\dimitri\Key Logger Collection\Quick Keylogger 2.1.027\quick_keylogger.exe -> Not-A-Virus.Monitor.QuickKeyLogger.a : Cleaned with backup (quarantined).
D:\dimitri\Key Logger Collection\Family Key Logger\Crack\Cracked\ctfmon.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.271 : Cleaned with backup (quarantined).
D:\dimitri\Key Logger Collection\Family Key Logger\Crack\crack.rar/Cracked\ctfmon.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.271 : Cleaned with backup (quarantined).
C:\WINDOWS\HKNTDLL.dll -> Not-A-Virus.Monitor.Win32.Hooker.e : Cleaned with backup (quarantined).
D:\dimitri\Key Logger Collection\Keyloggers\embrace.rar/ibpk.exe/Setup.exe -> Not-A-Virus.Monitor.Win32.Perflogger.163 : Cleaned with backup (quarantined).
D:\dimitri\Key Logger Collection\Keyloggers\ibpk.exe/Setup.exe -> Not-A-Virus.Monitor.Win32.Perflogger.163 : Cleaned with backup (quarantined).
D:\dimitri\software\CPUCooLCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.246:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.414:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.416:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.418:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.419:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.420:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.421:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.436:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.461:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.545:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.646:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.711:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@heavycom.122. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@metacafe.122. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.114:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.571:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.572:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@site.www.adbr ite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.663:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.664:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.665:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@redir.adengag e[1].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ad.adition[3].txt -> TrackingCookie.Adition : Cleaned.
:mozilla.216:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.217:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.218:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.219:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.220:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.228:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.229:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@rotator.adjug gler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@rotator.adjug gler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.618:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.619:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ad.adocean[3].txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.203:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.204:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.205:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.208:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.209:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.220:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.442:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.642:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.643:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.126:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.127:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.612:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.613:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.731:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@www.belstat[5].txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.392:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.59:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.511:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ads.bridgetra ck[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@citi.bridgetr ack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.62:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.63:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.695:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.600:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@as.casalemedi a[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.404:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@www.casinotro pez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.241:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.242:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz4.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.405:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Com : Cleaned.
:mozilla.99:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@fl01.ct2.comc lick[2].txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.709:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.223:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.430:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.390:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@e-2dj6wgkysoazohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

uSo-dragon
31 januari 2007, 11:25
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@e-2dj6whk4omdjwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.50:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.51:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.375:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@adopt.eurocli ck[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@adopt.eurocli ck[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.472:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.322:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.323:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.324:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.325:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.326:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.327:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.603:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ads.gamershel l[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.573:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.604:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.67:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.68:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.69:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@counter2.hits link[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.267:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.462:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.23:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.24:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.25:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@searchportal. information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.97:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.638:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.639:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.583:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.584:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.585:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@server.iad.li veperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@server.iad.li veperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@vad.mainentry point[2].txt -> TrackingCookie.Mainentrypoint : Cleaned.
:mozilla.119:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.391:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@image.masters tats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@image.masters tats[2].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.152:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.224:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@www.myaffilia teprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.136:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.137:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.138:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.139:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.140:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.141:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.142:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.143:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.144:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.145:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.146:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.147:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.148:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.149:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.481:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.482:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.483:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.189:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.237:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.365:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ads.planetact ive[1].txt -> TrackingCookie.Planetactive : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ads.planetact ive[2].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.457:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.458:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.459:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.460:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
:mozilla.107:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.108:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@questionmarke t[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@stats1.reliab lestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.22:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.100:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.101:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.102:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.103:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.427:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@banners.searc hingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.279:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.280:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.281:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.282:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.283:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.431:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.539:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.540:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@cs.sexcounter[3].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.456:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.533:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.534:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.535:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.546:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.547:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.548:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.549:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.605:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.606:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.607:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.608:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.460:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.461:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.467:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@www.smartadse rver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.274:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.120:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.588:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.589:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.197:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.65:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.66:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.117:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.118:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.551:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.153:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.191:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.192:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.193:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.194:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.206:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.207:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.719:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.40:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.210:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.211:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.212:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.213:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.214:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.215:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.739:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.833:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@statse.webtre ndslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@statse.webtre ndslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@count.xhit[2].txt -> TrackingCookie.Xhit : Cleaned.
:mozilla.122:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.123:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.265:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.10:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.725:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.726:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.727:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ad.yieldmanag er[

uSo-dragon
31 januari 2007, 11:26
1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@ad.yieldmanag er[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.26:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Flock\Browser\Profiles\b26buynp.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.535:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.536:C:\Documents and Settings\Dsmer.FAMILIE\Application Data\Mozilla\Firefox\Profiles\l833uw51.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dsmer.FAMILIE\Cookies\dsmer@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP23\A0008456.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP24\A0008491.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP43\A0011220.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP48\A0012079.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP49\A0012386.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP50\A0012512.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP63\A0013943.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP63\A0013985.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP65\A0014100.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP66\A0014152.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP71\A0014999.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP72\A0015121.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP74\A0015322.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP78\A0016661.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP81\A0016800.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP85\A0017150.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP86\A0017258.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP89\A0017480.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ECA7B380-680F-497C-9451-712F518B79B7}\RP92\A0017648.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintsu.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0015859.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25D5FC47-766A-4669-AF65-9B4754605E78}\RP22\A0016815.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end


tot nu toe nog niets van pop ups gekregen dus denk dant eindelijk allemaal weg is , wohoo

thx

Jurgenv1
31 januari 2007, 13:53
Download roguescanfix_setup (http://users.telenet.be/Beamerke/tools/roguescanfix_setup.exe).

Dubbelklik op roguescanfix_setup om het te installeren.

Na de installatie krijg je de vraag om het programma te laten opstarten. Kies dan JA/YES.

Nota: Deze tool heeft internet connectie nodig zodat het een extra bestand kan downloaden om deze tool te laten werken.
Indien je Firewall een alert geeft, sta het toe en blokkeer het niet
Indien je daarna nog steeds de melding krijgt dat BFU.exe niet aanwezig is, download BFU.exe van hier (http://www.merijn.org/files/bfu.zip).
Unzip het en plaats BFU.exe in de c:\PROGRAM FILES\Roguescanfix-map. Dubbelklik daarna opnieuw op Roguescanfix.bat

Er zal een dosvenster openen met een keuzemenu.
Kies hier optie #1: Run roguescanfix

Deze tool zal sommige ongewenste programma's deïnstalleren en gerelateerde bestanden en registersleutels verwijderen.
Indien sommige bestanden niet kunnen verwijderd worden, zal deze tool vragen of je je pc opnieuw wilt opstarten.
Zorg er wel eerst voor dat het deïnstalleren van de ongewenste programma's voltooid is vooraleer je op 'Yes' klikt om je pc opnieuw te laten opstarten.

Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord, samen met een nieuw logje van Hijackthis.
(Het bestandje vind je ook in c:\program files\roguescanfix\task.txt)

uSo-dragon
4 februari 2007, 20:26
heb ik gedaan en dit is het log bestandje :

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"


sharedtaskkey: fa19bd7e-50bc-4203-80ac-c4edc81ca9a3
---------------------------------------------------
no keys found



en dit het nieuwe van hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:25:21, on 4/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe
C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\dimitri\software\hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Waan] "C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [Pderhm] C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

kem wel nog af en toe last van pop ups , vanwaar dan ze komen weet ik niet , wel al gemerkt dant systeem al wa beter werkt .

Jurgenv1
4 februari 2007, 20:28
Start roguescanfix opnieuw, en kies nu voor optie #2: Run sharedtasksrem.
Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord.

uSo-dragon
6 februari 2007, 15:27
and i did here the result :

ROGUESCANFIX LOGFILE


--- Export SharedTaskScheduler key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"



--- Export SSODL key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"



--- sharedtaskkey (1): fa19bd7e-50bc-4203-80ac-c4edc81ca9a3 ---

no keys found


--- Cleaning process finished! ---



--- Export SharedTaskScheduler key after cleaning process ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"




--- Export SSODL key ---


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


Finished!

Jurgenv1
6 februari 2007, 17:18
Post eens een nieuw hijackthis logje hier. :)

uSo-dragon
7 februari 2007, 15:36
Logfile of HijackThis v1.99.1
Scan saved at 15:36:36, on 7/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Sync Manager\agent\syncagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe
C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\dimitri\software\hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A53E9849-07DC-0B7E-8E4E-5B90EDD46BCE} - C:\WINDOWS\system32\sbcujiu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [akl] C:\Program Files\Ardamax Keylogger\akl.exe
O4 - HKLM\..\Run: [Synchronization Agent] "C:\Program Files\Sync Manager\agent\syncagent.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Waan] "C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [Pderhm] C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

there you go

Jurgenv1
7 februari 2007, 15:39
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

uSo-dragon
7 februari 2007, 16:32
"Dsmer" - 07-02-07 16:28:45 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Dsmer.FAMILIE\Bureaublad"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1461OinUninstaller.exe
C:\WINDOWS\system32\wintsu.exe
C:\Program Files\Common Files\{60AE8~1
C:\Program Files\Outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Application Data
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Mijn documenten
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Application Data\CURITY~1
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Application Data\PPPATC~1
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Application Data\PPPATC~1\r?ndll.exe
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Mijn documenten\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Mijn documenten\CURITY~1
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Mijn documenten\DOBE~1
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Mijn documenten\from.txt
C:\qoobox\purity\DOCUME~1\DSMER~1.FAM\Mijn documenten\ICROSO~1
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1\?dobe
C:\qoobox\purity\WINDOWS\FNTS~1
C:\qoobox\purity\WINDOWS\TSKS~1
C:\qoobox\purity\WINDOWS\system32\DOBE~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1.NET
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\YMBOLS~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1.NET\ICR OSO~1.NET
C:\qoobox\purity\WINDOWS\system32\ICROSO~1.NET\spo ol32.exe


((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


2007-02-07 08:52 56,832 --a------ C:\WINDOWS\system32\sbcujiu.dll
2007-02-06 17:45 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\.idlerc
2007-02-06 17:42 <DIR> d-------- C:\Python25
2007-02-06 17:17 <DIR> d-------- C:\Program Files\Sync Manager
2007-02-06 17:09 <DIR> d-------- C:\Program Files\BPK
2007-02-06 17:09 <DIR> d-------- C:\Program Files\Ardamax Keylogger
2007-02-06 15:26 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-02-06 15:26 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-01-31 23:21 <DIR> d-------- C:\Program Files\Roguescanfix
2007-01-30 23:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-30 11:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1.FAM\Application Data\Lavasoft
2007-01-30 11:04 <DIR> dr------- C:\DOCUME~1\ADMINI~1.FAM\Mijn documenten
2007-01-30 11:04 <DIR> dr------- C:\DOCUME~1\ADMINI~1.FAM\Favorieten
2007-01-30 11:03 524,288 --ah----- C:\DOCUME~1\ADMINI~1.FAM\ntuser.dat
2007-01-30 11:03 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1.FAM\Onlangs geopend
2007-01-30 11:03 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.FAM\Sjablonen
2007-01-30 11:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1.FAM\Menu Start
2007-01-30 11:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1.FAM\Bureaublad
2007-01-30 10:55 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\Lavasoft
2007-01-30 10:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-30 10:41 <DIR> d-------- C:\Program Files\Grisoft
2007-01-30 10:35 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-01-30 10:34 524,288 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-01-30 10:34 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-01-30 10:34 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Favorieten
2007-01-30 10:34 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Sjablonen
2007-01-30 10:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-01-30 10:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Bureaublad
2007-01-28 18:27 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-28 08:59 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-01-27 21:25 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\.housecall6.6
2007-01-26 15:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-01-26 15:28 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-01-26 15:17 <DIR> d-------- C:\Program Files\AntiVerminser
2007-01-23 16:57 <DIR> d-------- C:\Program Files\ffdshow
2007-01-23 16:56 <DIR> d-------- C:\Program Files\MyGlobalSearch
2007-01-23 16:56 <DIR> d-------- C:\Program Files\Cliprex DVD Player Professional
2007-01-23 16:52 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\CyberLink
2007-01-23 16:51 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-01-23 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\CyberLink
2007-01-23 16:50 <DIR> d-------- C:\Program Files\CyberLink
2007-01-21 15:55 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2007-01-20 17:16 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\iWin
2007-01-20 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\iWin
2007-01-20 17:15 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2007-01-18 00:54 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\Metacafe
2007-01-18 00:53 <DIR> d-------- C:\Program Files\Metacafe
2007-01-18 00:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Metacafe
2007-01-14 23:52 <DIR> d-------- C:\Program Files\Metro 3D
2007-01-14 21:47 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-01-14 21:47 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-01-14 21:47 <DIR> d-------- C:\Program Files\D-Tools
2007-01-11 11:32 128,528 --a------ C:\WINDOWS\system32\Metacafe.scr
2007-01-09 15:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Windows Genuine Advantage
2007-01-08 19:35 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\limwire
2007-01-08 19:35 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\Incomplete
2007-01-08 19:32 <DIR> d-------- C:\Program Files\LimeWire
2007-01-07 20:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-07 20:17 <DIR> d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\Skype
2007-01-07 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Skype
2007-01-07 20:16 <DIR> d-------- C:\Program Files\Skype


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-02-07 16:03 -------- d-------- C:\Program Files\warrock
2007-02-04 12:19 -------- d-------- C:\Program Files\ikea homeplanner
2007-02-04 11:35 -------- d-------- C:\Program Files\google
2007-02-02 21:05 -------- d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\limewire
2007-01-31 00:21 -------- d-------- C:\Program Files\telemeter 3.0
2007-01-31 00:16 -------- d-------- C:\Program Files\msn messenger
2007-01-31 00:07 -------- d-------- C:\Program Files\messengerplus! 3
2007-01-26 16:18 -------- d-------- C:\Program Files\boonty
2007-01-26 16:17 -------- d-------- C:\Program Files\maxon
2007-01-26 16:17 -------- d-------- C:\Program Files\boontygames
2007-01-26 15:36 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-01-23 16:50 -------- d--h----- C:\Program Files\installshield installation information
2007-01-22 12:07 -------- d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\adobeum
2007-01-20 17:15 -------- d-------- C:\Program Files\gamenext
2007-01-14 21:28 -------- d-------- C:\Program Files\mozilla firefox
2007-01-14 13:40 -------- d-------- C:\Program Files\java
2007-01-06 23:35 -------- d---s---- C:\DOCUME~1\DSMER~1.FAM\Application Data\microsoft
2007-01-05 19:39 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2006-12-28 23:28 3787 --a------ C:\WINDOWS\mozver.dat
2006-12-27 20:35 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2006-12-26 15:20 -------- d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\installshield
2006-12-21 12:39 -------- d-------- C:\Program Files\ultrastar
2006-12-16 17:03 -------- d-------- C:\Program Files\rapidcheck
2006-12-15 19:33 -------- d-------- C:\DOCUME~1\DSMER~1.FAM\Application Data\playfirst
2006-12-15 15:07 -------- d-------- C:\Program Files\dracula twins demo
2006-12-15 14:53 -------- d-------- C:\Program Files\zylom games
2006-12-15 13:33 -------- d-------- C:\Program Files\registry mechanic
2006-12-14 17:23 -------- d-------- C:\Program Files\serials 2005
2006-12-14 16:01 -------- d-------- C:\Program Files\netconceal anonymizer
2006-12-14 15:50 76490 --a------ C:\WINDOWS\system32\perfc013.dat
2006-12-14 15:50 501180 --a------ C:\WINDOWS\system32\perfh013.dat
2006-12-10 19:15 -------- d-------- C:\Program Files\winamp
2006-12-08 17:44 -------- d-------- C:\Program Files\lavalys
2006-12-08 00:01 -------- d-------- C:\Program Files\gabest
2006-12-07 14:14 3412596 --a------ C:\WINDOWS\kikkers[1].scr
2006-11-16 16:07 81920 --a------ C:\DOCUME~1\DSMER~1.FAM\Application Data\ezpinst.exe
2006-11-16 16:07 7176 --a------ C:\DOCUME~1\DSMER~1.FAM\Application Data\pcouffin.cat
2006-11-16 16:07 47360 --a------ C:\DOCUME~1\DSMER~1.FAM\Application Data\pcouffin.sys
2006-11-16 16:07 34 --a------ C:\DOCUME~1\DSMER~1.FAM\Application Data\pcouffin.log
2006-11-16 16:07 1144 --a------ C:\DOCUME~1\DSMER~1.FAM\Application Data\pcouffin.inf
2006-11-12 21:10 99970 --a------ C:\WINDOWS\uninstallfirefox.exe
2006-11-12 21:10 0 --a------ C:\WINDOWS\nsreg.dat
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Pderhm"="C:\\Documents and Settings\\Dsmer.FAMILIE\\Application Data\\?ppPatch\\r?ndll.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.546 2\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Waan"="\"C:\\WINDOWS\\system32\\ICROSO~1.NET\\spool32.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SoundMan"="SOUNDMAN.EXE"
"Telemeter 3.0"="\"C:\\Program Files\\Telemeter 3.0\\telemeter3.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DealioAU"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dealio\\DealioAU.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpotdd01"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb08"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\ hpztsb08.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IncrediMail_Install"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\DSMER~1.FAM\\LOCALS~1\\Temp\\ImInsta ller\\IncrediMail\\IncrediMail_Install.exe -startup -product IncrediMail"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe \""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RapidCheck"
"hkey"="HKCU"
"command"="C:\\Program Files\\RapidCheck\\RapidCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="syncagent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sync Manager\\agent\\syncagent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fsg_4104"
"hkey"="HKLM"
"command"="\"c:\\documents and settings\\dsmer.familie\\local settings\\temp\\~vis0000\\fsg_4104.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Waan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spool32"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\ICROSO~1.NET\\spool32.exe\" -vt ndrv"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{fb31f452-7b9c-11db-9df1-000cf604d485}]
Shell\AutoRun\command



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070207-153735-904
O4 - HKLM\..\Run: [akl] C:\Program Files\Ardamax Keylogger\akl.exe
backup-20070131-112855-812
O2 - BHO: (no name) - {8C0C6C0E-A4C5-FF6F-984F-FBBADF374399} - C:\WINDOWS\system32\mffz.dll (file missing)
backup-20070131-112855-895
R3 - URLSearchHook: (no name) - {8C0C6C0E-A4C5-FF6F-984F-FBBADF374399} - C:\WINDOWS\system32\mffz.dll (file missing)
backup-20070128-184712-247
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
backup-20070128-184712-467
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)

************************************************** ******************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: 07-02-07 16:30:38

uSo-dragon
7 februari 2007, 16:34
Logfile of HijackThis v1.99.1
Scan saved at 16:33:00, on 7/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\dimitri\software\hjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A53E9849-07DC-0B7E-8E4E-5B90EDD46BCE} - C:\WINDOWS\system32\sbcujiu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pderhm] C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Waan] "C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe" -vt ndrv
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

voila , kheb nog steed die stomme pop ups van ad.oinserver , anders moek ies proberen ander ip adres te verkrijgen ofzo

Jurgenv1
7 februari 2007, 17:08
* Open Kladblok.
Kopieer de onderstaande vetgedrukte tekst en plak deze in een nieuw document.



REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"none"=-

Kies Bestand -> Opslaan
Selecteer bij "Opslaan in": Bureaublad
Vul bij "Bestandsnaam" in: fix.reg
Selecteer bij "Opslaan als type": Alle bestanden
Klik op "Opslaan".

Dubbelklik op fix.reg, dat nu op je bureaublad staat.
Ga ermee akkoord dat deze gegevens aan het register worden toegevoegd.

* Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

* Open hijackthis en vink volgende regels aan:

O2 - BHO: (no name) - {A53E9849-07DC-0B7E-8E4E-5B90EDD46BCE} - C:\WINDOWS\system32\sbcujiu.dll
O4 - HKCU\..\Run: [Pderhm] C:\Documents and Settings\Dsmer.FAMILIE\Application Data\?ppPatch\r?ndll.exe
O4 - HKCU\..\Run: [Waan] "C:\WINDOWS\system32\ICROSO~1.NET\spool32.exe" -vt ndrv

* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Ga naar start==>configuratiescherm==>software en de-installeer indien aanwezig:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
Of iets gelijkaardigs met Oin erin.

Als OIN niet aanwezig is, download en laat deze (http://www.outerinfo.com/OiUninstaller.exe) uninstaller runnen.

* Laat combofix nog eens opnieuw runnen en post het rapport hier met een nieuw hijackthis logje.

uSo-dragon
8 februari 2007, 16:00
logje van hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 15:59, on 07-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
D:\dimitri\software\hjackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

uSo-dragon
8 februari 2007, 16:03
Logfile of HijackThis v1.99.1
Scan saved at 15:59, on 07-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
D:\dimitri\software\hjackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

denk dant eindelijk weg maar kga nog niet te vroeg juichen kzal wel iets laten weten .

tot nu toe ist ok

thx

Jurgenv1
8 februari 2007, 16:10
Ik zie dat je geen antivirus hebt geïnstalleerd, het is riskant om zonder bescherming op het internet te surfen met de dag van vandaag en wie weet ben je op je beurt nu onbewust andere pc's aan het besmetten, dus installeer een gratis en goeie antivirus dat je pc niet zo erg vertraagd: AVG Free antivirus (http://free.grisoft.com/softw/70free/setup/avg75free_428a818.exe), antivir (http://www.free-av.com/) en Avast! Home edition (http://files.avast.com/iavs4pro/setupdut.exe) zijn er een paar van. :) Voor Avast moet je wel nog eens gratis registreren (http://www.avast.com/i_kat_207.php?lang=ENG#register-form) voor je de antivirus kan gebruiken, zie hier (http://www.avast.com/eng/download-avast-home.html) voor meer info.

Daarna is het zeer belangrijk dat je de definitie's van je antivirus update, zodat je beschermd bent tegen de nieuwste bedreigingen.

uSo-dragon
10 februari 2007, 19:15
thx for the tip kzal ies zien wat dien avast doet , dat em idd niet teveel gehuegen weg neemt .