Vraag & Antwoord

Beveiliging & privacy

logje

Anoniem
None
4 antwoorden
  • dit is de pc van de familie en hij zit onder de spyware\adware…
    ik heb een logje gemaakt met hijack this. ik heb van te voren al spybot en adaware gedraaid..
    dit is het logje… graag zou ik horen wat er weggehaald moet worden…
    alvast bedankt.


    Logfile of HijackThis v1.99.1
    Scan saved at 23:19:48, on 12-7-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\msole32.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    F:\Program Files\HP Software Update\HPWuSchd2.exe
    F:\WINDOWS\system32\hphmon05.exe
    F:\Program Files\MessengerPlus! 3\MsgPlus.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\CCleaner\ccleaner.exe
    C:\hijack this\HijackThis-1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [HPHUPD05] F:\Program Files\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] F:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFFFF8CA-C49D-42A0-9DE5-773B164ECB55}: NameServer = 62.251.0.6 62.251.0.7
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Anoniem
    Anoniem
  • Ik zie deze: [b:a4a26891dc]F:\WINDOWS\system32\msole32.exe[/b:a4a26891dc]

    Ik zie nergens een sleutel die het bestand start :roll:
    Het werkt dus zo:[quote:a4a26891dc] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
    msole32.exe[/quote:a4a26891dc]
    Doe het volgende eens:
    Download en installeer CCleaner.
    Klik bovenaan op de knop "Opties". Kies links in het scherm voor "Gevorderden". Haal het vinkje weg bij "Verwijder alleen tijdelijke bestanden in de windows systeemmap die ouder zijn dan 48 uur". Sluit CCleaner.

    Download de trialversie van Ewido Security Suite.
    Installeer het en controleer of er updates beschikbaar zijn. Installleer deze ook. Laat het programma nog niet scannen.

    Download rkfiles.
    Pak de bestanden uit naar de map c:\rkfiles.
    Gebruik het programma nog niet.

    Open een kladblokbestand,
    kopieer onderstaande code in dat kladblokbestand.
    Sla het bestand op als fix.reg
    Opslaan als bestandstype "Alle bestanden" (*.*)
    Sla fix.reg op, op je bureaublad, gebruik het nog niet.[code:1:a4a26891dc]REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "msole32.exe"=-
    "winlogon.exe"=-[/code:1:a4a26891dc]

    Start de PC in veilige modus.

    Dubbelklik op fix.reg en laat de wijzigingen aan het register toevoegen.

    Start HijackThis, kies voor "Do a system scan only" en plaats vinkjes voor de volgende items:
    [b:a4a26891dc]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank[/b:a4a26891dc]
    Sluit alle open vensters(behalve HijackThis) en klik op "Fix checked" sluit daarna HijackThis af.

    Zoek met je verkenner het volgende bestand eens op: [b:a4a26891dc]F:\WINDOWS\system32\msole32.exe[/b:a4a26891dc] en verwijder deze.

    Start Ewido.
    Voer een volledige systeemscan uit, en verwijder alles wat gevonden wordt. Na het scannen krijg je de mogelijkheid om het logje op te slaan. Doe dit.

    Ga via de verkenner naar de map c:\rkfiles en dubbelklik op rkfiles.bat.
    De computer wordt nu gescand.
    Als het scannen klaar is(er verschijnt "bye" en het venster wordt gesloten)

    [b:a4a26891dc]Het gebruik van Ccleaner:[/b:a4a26891dc]
    Crap cleaner verwijderd voornamelijk tijdelijke bestanden van je systeem, wanneer de hoeveelheid tijdelijke bestanden op je PC te groot wordt, kan dit problemen geven. Het is dus een goede zaak om af en toe je systeem eens op te schonen.

    Ccleaner verwijderd ook cookies. Cookies zijn meestal gewoon nutteloos,
    soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites.
    Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt.
    Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte.
    Klik daarna op de knop "Opschonen".

    Als de hoeveelheid tijdelijke bestanden, die Ccleaner verwijderd heeft, erg groot is zou je het beste je schijf ook even kunnen defragmenteren.

    Herstel daarna je webinstellingen: Ga naar Configuratiescherm –> Internetopties –> tabblad Programma's.
    Klik op de "Webinstellingen herstellen".

    Herstart nadien de computer in normale modus, en post de inhoud van de logfile gemaakt tijdens het scannen met Ewido.
    Zoek het bestand [b:a4a26891dc]C:\log.txt[/b:a4a26891dc](is de log van rkfiles)
    Post de inhoud van dit bestand en maak ook even een nieuwe log met HijackThis en post deze ook.

    vr.gr.smeenk :wink:
    Anoniem
    Anoniem
  • nieuwe log hijack this:
    [code:1:519df3068c]Logfile of HijackThis v1.99.1
    Scan saved at 13:00:26, on 15-7-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\ewido\security suite\ewidoguard.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    F:\Program Files\HP Software Update\HPWuSchd2.exe
    F:\WINDOWS\system32\hphmon05.exe
    F:\Program Files\MessengerPlus! 3\MsgPlus.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijack this\HijackThis-1.exe

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [HPHUPD05] F:\Program Files\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] F:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFFFF8CA-C49D-42A0-9DE5-773B164ECB55}: NameServer = 62.251.0.6 62.251.0.7
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    [/code:1:519df3068c]

    logje rkfiles:
    [code:1:519df3068c]C:\rkfiles

    PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Files Found in system Folder…………
    ————————
    F:\WINDOWS\system32\ole32vbs.exe: FSG!
    F:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

    Files Found in all users windows Folder…………
    ————————
    F:\WINDOWS\popuper.exe: FSG!
    Finished
    bye[/code:1:519df3068c]

    logje ewido:
    [code:1:519df3068c] ewido security suite - Scan report
    ———————————————————

    + Created on: 15:33:48, 13-7-2005
    + Report-Checksum: 38F824D6

    + Scan result:

    HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63CF97E8-4133-438A-A831-CC9C6D47D673} -> Spyware.FlashTrack : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{665ACD90-4541-4836-9FE4-062386BB8F05} -> Spyware.FlashTrack : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7371F073-AC0F-4B80-BB2F-96A488CEFB32} -> Spyware.FlashTrack : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
    HKU\S-1-5-21-606747145-162531612-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} -> Spyware.CoolWebSearch : Cleaned with backup
    C:\docu's\Hidde\Cookies\hidde@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\docu's\Roy\.jpi_cache\jar\1.0\ar3.jar-586bddde-3caa2b18.zip/Gummy.class -> Trojan.Java.Femad : Error during cleaning
    :mozilla.7:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.8:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.15:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.31:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.32:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.33:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.34:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.35:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.44:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.92:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
    :mozilla.110:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.111:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.112:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.120:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.121:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.129:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.143:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.163:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.176:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.190:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.191:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.193:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.201:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.202:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.203:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.227:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.228:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.229:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.230:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.232:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.233:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.234:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.235:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.246:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.248:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.249:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.272:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.273:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.274:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.312:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.313:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.329:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.351:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.352:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.355:F:\Documents and Settings\Hidde\Application Data\Mozilla\Firefox\Profiles\ib18u59u.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
    F:\Documents and Settings\Hidde\Cookies\hidde@ads14.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
    F:\Documents and Settings\Hidde\Cookies\hidde@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.15:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.16:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.17:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.18:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.19:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.28:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.49:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.50:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.63:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.64:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.65:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.66:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.67:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.68:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.69:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.70:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.71:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.72:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.73:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.105:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.106:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.120:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.121:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.122:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.125:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.126:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.131:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.132:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.154:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.155:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.156:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.157:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.158:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.175:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.176:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.177:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.217:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.220:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.223:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.226:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.227:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.232:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.234:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.235:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.236:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.253:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.261:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.281:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.284:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
    :mozilla.291:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.293:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.294:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.295:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.296:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.307:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.340:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.349:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    :mozilla.367:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.382:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.388:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.389:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.390:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.425:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.426:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.436:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.442:F:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\n416bn02.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
    F:\Documents and Settings\Jesse\Cookies\jesse@ads14.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
    :mozilla.7:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.22:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.23:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.42:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.44:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.45:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.51:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
    :mozilla.52:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
    :mozilla.64:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
    :mozilla.65:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.103:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.104:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.105:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.106:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.122:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.123:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.131:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.151:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.172:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.188:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.189:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.190:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.192:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.193:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.194:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.195:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.211:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.212:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.213:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.214:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.229:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.242:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.243:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.245:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.270:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.271:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.272:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.273:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.274:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.275:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.284:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.300:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
    :mozilla.334:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.355:F:\Documents and Settings\Yvonne\Application Data\Mozilla\Firefox\Profiles\pdeazi15.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    F:\Documents and Settings\Yvonne\Cookies\yvonne@ads14.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
    F:\Program Files\nLite\Data\modpe.exe -> Worm.Myfip.I : Cleaned with backup
    F:\RECYCLER\NPROTECT\00084471.exe -> TrojanDropper.Small.acb : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087526.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087528.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087531.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087532.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087536.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087537.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087545.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087548.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087549.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087550.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087551.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087552.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087553.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087554.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087556.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087558.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087560.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087561.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087562.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087563.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087564.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087565.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087566.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087567.TXT -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087621.exe -> TrojanDownloader.Zlob.w : Cleaned with backup
    F:\RECYCLER\NPROTECT\00087771.DLL -> Spyware.SearchIt : Cleaned with backup
    F:\RECYCLER\NPROTECT\00088339.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    F:\WINDOWS\ounist.exe -> TrojanDownloader.IstBar.er : Cleaned with backup
    F:\WINDOWS\popuper.exe -> Trojan.Puper.w : Cleaned with backup
    F:\WINDOWS\system32\hhk.dll -> Trojan.Puper.t : Cleaned with backup
    F:\WINDOWS\system32\intmon.exe -> Trojan.Puper.aa : Cleaned with backup


    ::Report End[/code:1:519df3068c]

    ik weet alleen zeker dat er nog steeds zooi op staat want het bureaublas is overgenomen door een soort grote anti spyware ad. waar je op kan klikken en deze is niet weg te krijgen :-?
    Anoniem
    Anoniem
  • Die twee bestanden die rkfiles vond duiden op een SmitFraud-infectie, al kan ik daar in de HijackThis log niets van terug vinden :roll:

    Doe het volgende maar eens:
    Download smitRem.zip.
    Pak het uit op je bureaublad, maar gebruik het nog niet.

    Download de volgende file:
    http://www.bleepingcomputer.com/files/reg/smitfraud.reg
    Sla het op op je bureaublad, maar gebruik het nog niet.

    Start je computer op in VEILIGE MODUS

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de item dat hieronder is genoemd:
    [b:9985a557f9]O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    [/b:9985a557f9]Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' en sluit HijackThis af.

    Zorg dat de besturingssysteembestanden en verborgen bestanden zichtbaar zijn

    De volgende 2 bestanden verwijderen:[b:9985a557f9]
    F:\WINDOWS\popuper.exe
    F:\WINDOWS\system32\ole32vbs.exe[/b:9985a557f9]

    Start CCleaner
    klik nu in Ccleaner op opschonen (rechts onderaan).

    Open de [b:9985a557f9]smitrem[/b:9985a557f9]-map op je bureaublad, en dubbelklik op [b:9985a557f9]RunThis.bat[/b:9985a557f9]. Volg de aanwijzingen op het scherm.
    Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
    Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

    Ga dan naar Start -> [b:9985a557f9]configuratiescherm[/b:9985a557f9] -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "[b:9985a557f9]Security Info[/b:9985a557f9]" als het er nog staat.

    Dubbelklik op [b:9985a557f9]smitfraud.reg[/b:9985a557f9] en laat het bestand toevoegen aan je register!

    Herstart nu je computer in normale modus.

    Doe een online scan via Panda's online virus scan

    Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis,
    Post ook de inhoud van het logje van het smitrem-tooltje, dit staat in C:\smitfiles.txt en het log van de scan met Panda
    Vertel dan ook even of het probleem nog bestaat.

    vr.gr.smeenk :wink:

    P.S. ik vond dit nog over Altnet: http://sarc.com/avcenter/venc/data/adware.topsearch.html
    Anoniem
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!