Volledige versie bekijken : Problemen na klik op link.
Gertjeeuuhh 21 September 2006, 21:32 Hallo.
Ik heb een probleem , het staat hier beschreven :
http://www.ivanhoejupiler.be/t37473-problemen-na-klik-op-link.html
Nu heb ik een logje gemaakt en vraag ik je om er eens naar te kijken,
Het Logje:
Logfile of HijackThis v1.99.1
Scan saved at 21:29:09, on 21/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\U2Nob29uamFucyBHZXJ0\command.exe
D:\Program Files\Network Monitor\netmon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\dfndrff_e7.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\{1CC554D2-057D-2067-0828-010719010020}\Update.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Xfire\Xfire.exe
c:\DXC1205b.exe
c:\dfndrff_e10.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\Documents and Settings\Gert Schoonjans\Bureaublad\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - D:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - D:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e10.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e10.exe
O4 - HKLM\..\Run: [wgr89510] RUNDLL32.EXE w0659412.dll,n 0048950c0000000a0659412
O4 - HKLM\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e7.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Gert Schoonjans\Menu Start\Programma's\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: URL - D:\WINDOWS\system32\hr0s05d7e.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\U2Nob29uamFucyBHZXJ0\command.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe
PPLLLZZZ HEELP ME!!
Gertjeeuuhh 21 September 2006, 21:46 Hallo ik heb combofix gebruikt en hier is het logje van Combofix:
Gert Schoonjans - 06-09-21 21:38:41,72 Service Pack 2
ComboFix 06.09.21 - Running from: "D:\Documents and Settings\Gert Schoonjans\Bureaublad"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{E3AF9E3B-31BD-47E2-BFED-68B3C049A0B4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E3AF9E3B-31BD-47E2-BFED-68B3C049A0B4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E3AF9E3B-31BD-47E2-BFED-68B3C049A0B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E3AF9E3B-31BD-47E2-BFED-68B3C049A0B4}\InprocServer32]
@="D:\\WINDOWS\\system32\\ilseng.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
D:\WINDOWS\system32\g040lahm1d4a.dll
D:\WINDOWS\system32\g4040edqeh0e0.dll
D:\WINDOWS\system32\gppul3791.dll
D:\WINDOWS\system32\hr0s05d7e.dll
D:\WINDOWS\system32\hr8s05l7e.dll
D:\WINDOWS\system32\ifsso.dll
D:\WINDOWS\system32\ilseng.dll
D:\WINDOWS\system32\kjd101.dll
D:\WINDOWS\system32\lv0u09d9e.dll
D:\WINDOWS\system32\petorsvc.dll
D:\WINDOWS\system32\guard.tmp
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
D:\WINDOWS\system32\repairs303169590.dll
D:\Documents and Settings\Gert Schoonjans\Application Data\Sskcwrd.dll
D:\Documents and Settings\Gert Schoonjans\Application Data\Sskdmns.dll
D:\Documents and Settings\Gert Schoonjans\Application Data\Sskknwrd.dll
D:\Documents and Settings\Gert Schoonjans\Application Data\Sskuknwrd.dll
D:\WINDOWS\system32\bk.exe
D:\Program Files\surfsidekick 3\Ssk.exe
D:\Program Files\surfsidekick 3\SskBho.dll
D:\Program Files\surfsidekick 3\SskCore.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\M72BIXWF\dfndrff_e[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\6FG1QPMF\drsmartload1135a[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\6TG1Q961\drsmartload46a[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\M72BIXWF\drsmartload849a[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\OFGJ63UB\drsmartload45a[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\6FG1QPMF\kybrdff_e[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\6TG1Q961\MTE3NDI6ODoxNg[1].exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\M72BIXWF\nwnmff_e[1].exe
D:\WINDOWS\uninstall_nmon.vbs
D:\WINDOWS\system32\atmtd.dll
D:\WINDOWS\system32\atmtd.dll._
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Program Files\TheSearchAccelerator
D:\Program Files\ToolBar888
D:\Program Files\Deskbar
D:\Program Files\network monitor
D:\Program Files\Common Files\{1CC554D2-057D-2067-0828-010719010020}
D:\WINDOWS\U2Nob29uamFucyBHZXJ0
((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))
2006-09-17 20:44 61,952 --a------ D:\WINDOWS\system32\wgr89510.dll
2006-09-17 20:44 29,696 --a------ D:\WINDOWS\system32\w0659412.dll
2006-09-17 20:44 1,233 --a------ D:\WINDOWS\system32\wgr89510.sys
2006-09-14 20:05 58,952 --------- D:\WINDOWS\system32\MsgPlusLoader.dll
2006-09-10 16:46 54,272 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2006-09-10 16:43 61,440 --a------ D:\WINDOWS\system32\dsncp106.dll
2006-09-10 16:43 53,248 --a------ D:\WINDOWS\amcap.exe
2006-09-10 16:43 45,056 --a------ D:\WINDOWS\system32\vsncp106.dll
2006-09-10 16:43 307,200 --a------ D:\WINDOWS\vidcap32.exe
2006-09-10 16:43 28,672 --a------ D:\WINDOWS\vsncp106.exe
2006-09-10 16:43 20,480 --a------ D:\WINDOWS\dsncp106.exe
2006-09-10 16:43 120,884 --a------ D:\WINDOWS\usncp106.exe
2006-09-08 18:11 304,128 --a------ D:\WINDOWS\IsUninst.exe
2006-09-08 18:11 225,280 --a------ D:\WINDOWS\system32\awrtl30.dll
2006-09-08 18:11 111,616 --------- D:\WINDOWS\system32\Ltih30tb.dll
2006-09-08 18:10 299,520 --a------ D:\WINDOWS\uninst.exe
2006-09-03 21:42 720,896 --a------ D:\WINDOWS\iun6002ev.exe
2006-09-03 21:35 86,016 --a------ D:\WINDOWS\unvise32.exe
2006-08-27 21:47 92,208 --------- D:\WINDOWS\system32\WING.DLL
2006-08-27 21:47 305,152 --a------ D:\WINDOWS\IsUn0413.exe
2006-08-27 21:47 188,960 --------- D:\WINDOWS\system32\WINGDE.DLL
2006-08-27 21:47 12,800 --------- D:\WINDOWS\system32\WING32.DLL
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2006-09-21 21:40 -------- d-------- D:\Program Files\Common Files
2006-09-21 21:38 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Xfire
2006-09-21 21:15 -------- d-------- D:\Program Files\Steam
2006-09-19 21:52 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-09-19 21:52 -------- d-------- D:\Program Files\Google
2006-09-19 21:52 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Google
2006-09-17 21:44 -------- d-------- D:\Program Files\MSN Messenger
2006-09-17 21:19 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Lavasoft
2006-09-17 21:18 -------- d-------- D:\Program Files\Lavasoft
2006-09-14 21:26 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\AVG7
2006-09-14 21:25 777472 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2006-09-14 21:25 4288 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-14 21:25 27904 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-14 21:25 23424 --a------ D:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-14 20:38 -------- d---s---- D:\Documents and Settings\Gert Schoonjans\Application Data\Microsoft
2006-09-14 20:38 -------- d-------- D:\Program Files\Macrogaming
2006-09-13 19:19 -------- d---s---- D:\Program Files\Xfire
2006-09-12 21:48 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Autodesk
2006-09-10 16:43 -------- d-------- D:\Program Files\Common Files\sncp106
2006-09-09 22:06 -------- d-------- D:\Program Files\Visiosonic
2006-09-09 18:24 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\MixMeister Technology
2006-09-09 18:16 -------- d-------- D:\Program Files\MixMeister Pro 5
2006-09-09 11:37 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Adobe
2006-09-08 18:12 -------- d-------- D:\Program Files\AutoCAD 2002
2006-09-08 18:11 -------- d-------- D:\Program Files\WexTech
2006-09-08 18:11 -------- d-------- D:\Program Files\Common Files\Wextech Shared
2006-09-08 18:11 -------- d-------- D:\Program Files\Common Files\LHSPF
2006-09-08 18:11 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Help
2006-09-08 18:09 -------- d-------- D:\Program Files\Microsoft Office
2006-09-08 18:09 -------- d-------- D:\Program Files\Common Files\Designer
2006-09-08 18:09 -------- d-------- D:\Program Files\Common Files\Autodesk Shared
2006-09-03 21:42 -------- d-------- D:\Program Files\tnhteam
2006-08-27 21:47 -------- d-------- D:\Program Files\LEGO Media
2006-08-27 20:50 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\ArcSoft
2006-08-27 13:02 -------- d-------- D:\Program Files\QuickTime
2006-08-25 22:04 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\MSNInstaller
2006-08-25 15:38 24504 --a------ D:\Documents and Settings\Gert Schoonjans\Application Data\GDIPFONTCACHEV1.DAT
2006-08-21 14:28 16896 --a------ D:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ D:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ D:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-18 13:32 -------- d-------- D:\Program Files\GTA3CarEditor
2006-08-17 15:43 720896 --a------ D:\WINDOWS\iun6002.exe
2006-08-17 15:43 -------- d-------- D:\Program Files\BlueVoda Website Builder
2006-08-17 11:00 -------- d-------- D:\Program Files\MessengerPlus! 3
2006-08-16 10:14 -------- d-------- D:\Program Files\Internet Explorer
2006-08-14 22:49 -------- d-------- D:\Program Files\WinRAR
2006-08-14 19:44 -------- d-------- D:\Program Files\Picasa2
2006-08-08 18:30 -------- d-------- D:\Program Files\IMVU
2006-08-08 18:30 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\IMVU
2006-08-08 17:23 -------- d-------- D:\Program Files\Ipswitch
2006-08-08 17:23 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\Ipswitch
2006-08-07 22:40 -------- d-------- D:\Program Files\Winamp
2006-08-07 17:48 -------- d-------- D:\Program Files\SHOUTcast
2006-08-07 17:14 -------- d-------- D:\Program Files\Windows Media Player
2006-08-07 13:58 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\LimeWire
2006-08-07 11:44 -------- d-------- D:\Program Files\MSN Apps
2006-08-07 11:33 -------- d-------- D:\Program Files\Common Files\Microsoft Shared
2006-07-27 15:26 679424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-07-25 14:05 -------- d-------- D:\Documents and Settings\Gert Schoonjans\Application Data\AdobeUM
2006-07-25 13:35 -------- d-------- D:\Program Files\Liekes
2006-07-25 13:32 -------- d-------- D:\Program Files\GTA 3
2006-07-21 10:29 72704 --a------ D:\WINDOWS\system32\hlink.dll
2006-06-22 22:25 62 --ahs---- D:\Documents and Settings\Gert Schoonjans\Application Data\desktop.ini
2006-06-22 07:17 69120 --a------ D:\WINDOWS\system32\ciodm.dll
2006-06-22 07:17 1440768 --a------ D:\WINDOWS\system32\query.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"="\"D:\\Program Files\\Steam\\Steam.exe\" -silent"
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SweetIM"="D:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"MessengerPlus3"="\"D:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"Picasa Media Detector"="D:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"MessengerPlus3"="\"D:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SweetIM"="D:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"wgr89510"="RUNDLL32.EXE w0659412.dll,n 0048950c0000000a0659412"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00, 00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff, ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00, 00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"
"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"
"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Thu 21/09/2006 21:41:15.36
ComboFix.txt
en hier is het nieuwe logje van Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:46:37, on 21/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Xfire\Xfire.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Gert Schoonjans\Bureaublad\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [wgr89510] RUNDLL32.EXE w0659412.dll,n 0048950c0000000a0659412
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Gert Schoonjans\Menu Start\Programma's\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
voor wie me helpt: THNX
Gertjeeuuhh 22 September 2006, 16:46 Wil er aub iem naar kijke plz
Martijnc 22 September 2006, 17:15 Hallo,
* Ga naar start ==> Configuratiescherm ==> Software en verwijder MSN.
Ga naar deze map en verwijder hem:
C:\Program Files\MSN Messsenger
* Plaats HijackThis in een vaste map!
* Start HijackThis en klik op "Do a system scan only" en vink de volgende regels aan:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
* Sluit alle andere vensters en klik "fix checked"
* Download en installeer Ewido Anti-Spyware 4.0 (http://www.ewido.net/en/download/).
Start Ewido.
klik achter "Resident Shield" op "change state", zodat "active" verandert in "inactive".
klik achter "Automatic updates" op "change state", zodat "active" verandert in "inactive".
(Negeer de "Your computer is at risk" melding die Ewido nu geeft.)
Klik in het menu bovenaan op Update en klik op de Start Update knop. Wacht tot de updates zijn binnengehaald.
Klik in het menu bovenaan op Scanner en kies Settings.
- Klik onder "How to act?" op Recommended Actions en selecteer Quarantine (belangrijk!).
- Zorg ervoor dat onder Reports is aangevinkt: Automatically generate report after every scan.
- Zorg ervoor dat onder Reports géén vinkje staat voor: Only if threats were found.
Klik op Scan en kies Complete System Scan.
Na afloop van de scan, klik je op Apply All Actions.
Wanneer je de melding krijgt All actions have been applied, klik je onderaan op de knop Save Report. Het rapport van de scan wordt nu opgeslagen in de map Program Files\ewido anti-spyware 4.0\Reports.
Klik je daarna op de knop Save report as, dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. Sla het rapport op op een plaats waar je het gemakkelijk kunt terugvinden, bijv. je bureaublad.
Sluit Ewido af.
Kopieer het rapport van de scan en plaats dat hier in je volgende bericht samen met een nieuw HijackThis logje.
Gertjeeuuhh 22 September 2006, 19:17 LOGJE VAN EWIDO:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 19:15:49 22/09/2006
+ Scan result:
C:\_RESTORE\TEMP\BBI8033.0 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\GUU3361.0 -> Adware.Gator : Cleaned with backup (quarantined).
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\NEWDOT~1.0 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\NEWDOT~3.0 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
[312] D:\WINDOWS\system32\wgr89510.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\ac3_0010.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.VB.ach : Cleaned with backup (quarantined).
C:\Documents and Settings\Lieve De Cremer\Local Settings\Temporary Internet Files\Content.IE5\NBXHTL9U\ABoxInst_int12[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).
C:\SS1001newer.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Lieve De Cremer\Local Settings\Temporary Internet Files\Content.IE5\XUS2BHH8\WinFixer2005ScannerInst all[1].exe -> Not-A-Virus.Downloader.Win32.Agent.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\XD2WQQZU\ErrorSafeScannerInstall _nl[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Lieve De Cremer\Local Settings\Temporary Internet Files\Content.IE5\P8TXFPTF\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Lieve De Cremer\Local Settings\Temporary Internet Files\Content.IE5\QRO3XMFI\send_ocx_sof[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@microsofteup.11 2.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@66.220.17[1].txt -> TrackingCookie.66.220.17.154 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@eztracks.aavalu e[1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ads.addynami x[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@crbanner.cas inopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@adopt.eurocl ick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@media.fastcl ick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@ehg-hitent.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ehg-autodesk.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@counter.hitslin k[2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@counter.hits link[2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@creatives.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@server.iad.live person[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@server.iad.live person[5].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@server.iad.live person[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@server.iad.l iveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@server.iad.l iveperson[5].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@lop[1].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@lop[3].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@www.lop[1].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@images.lop[2].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@popunder.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ads.pointrol l[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ads.pointrol l[3].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@stats1.reliable stats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@stats1.reliable stats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@stats1.reliable stats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@stats1.relia blestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@stats1.relia blestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@statse.webtr endslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@statse.webtr endslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke schoonjans@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Anke Schoonjans\Cookies\anke_schoonjans@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert schoonjans@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias schoonjans@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ad.yieldmana ger[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Mathias Schoonjans\Cookies\mathias_schoonjans@ad.yieldmana ger[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Gert Schoonjans\Cookies\gert_schoonjans@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\kybrdff_e6.exe -> Trojan.VB.asu : Cleaned with backup (quarantined).
C:\dfndrff_e6.exe -> Trojan.VB.asv : Cleaned with backup (quarantined).
::Report end
Nieuwe log van Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19:17:38, on 22/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Xfire\Xfire.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Gert Schoonjans\Local Settings\Temporary Internet Files\Content.IE5\BYC7J1WD\Install_Messenger[1].exe
D:\DOCUME~1\GERTSC~1\LOCALS~1\Temp\IXP000.TMP\boot strap.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\MsiExec.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Gert Schoonjans\Bureaublad\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [wgr89510] RUNDLL32.EXE w0659412.dll,n 0048950c0000000a0659412
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe D:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "D:\DOCUME~1\GERTSC~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Gert Schoonjans\Menu Start\Programma's\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
Martijnc 22 September 2006, 20:55 * Plaats HijackThis in een vaste map!!
* Start HijackThis en klik op "Do a system scan only" en vink deze regel aan:
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe D:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "D:\DOCUME~1\GERTSC~1\LOCALS~1\Temp\IXP000.TMP\"
* Sluit alle andere vensters en klik "Fix checked"
* Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.Dubbelklik ATF-Cleaner.exe om het te starten.
Onder Main kies je: Select All
Klik de Empty Selected knop.Indien je Firefox gebruiktKlik Firefox bovenaan in het menu en vink aan: Select All
Klik de Empty Selected knop.
NOTA: Indien je je wachtwoorden wilt behouden, klik No bij de melding wat betreft passwords.Indien je Opera gebruiktKlik Opera bovenaan in het menu en kies: Select All
Klik de Empty Selected knop.
NOTA: Indien je je wachtwoorden wilt behouden, klik No bij de melding wat betreft passwords.Klik Exit om daarna het programma te beeïndigen.
* Heb je nog steeds problemen?
Gertjeeuuhh 24 September 2006, 22:02 O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe D:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "D:\DOCUME~1\GERTSC~1\LOCALS~1\Temp\IXP000.TMP\"
Srr maar die regel staat er niet bij
|
|