spybot

[ipea]

Hallo,
Ik heb spybot geinstalleerd en laten scanen.
Schrok me rot van wat er allemaal stond en weet absoluut niet wat ik moet doen.
Ik plak het scherm er hier bij.
Wie kan heAlexa Related: What's related link (Vervang bestand)
RELATED.HTM

Codename Alwin: Global settings (Register sleutel)
HKEY_LOCAL_MACHINE\Software\Nelco

CommonName: Browser helper object (Register sleutel)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000000}

CommonName: Class ID (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{2EB3EFF2-F707-4EA8-81AA-4B65D2799F31}

CommonName: Installation log (Bestand)
cnins.txt

CommonName: Type library (Register sleutel)
HKEY_CLASSES_ROOT\TypeLib\{CC364A32-D59B-4E9C-9156-F0050C45005B}

DoubleClick: Tracking cookie or cookie of tracking site (Bestand)
inge@doubleclick[1].txt

Download Accelerator Plus ads: Ad category (Register sleutel)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSSecondMedia

Download Accelerator Plus ads: Banner (Vervang bestand)
dap.gif

Download Accelerator Plus ads: Browser helper object (Register sleutel)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

Download Accelerator Plus ads: Class (Register sleutel)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand.1

Download Accelerator Plus ads: Class (Register sleutel)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer

Download Accelerator Plus ads: Class (Register sleutel)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer.1

Download Accelerator Plus ads: Class (Register sleutel)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand

Download Accelerator Plus ads: Class (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

Download Accelerator Plus ads: Class ID (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{235D7A27-DE65-49F0-BFCF-D5C3BC3B2E67}

Download Accelerator Plus ads: Class ID (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{62999427-33FC-4baf-9C9C-BCE6BD127F08}

Download Accelerator Plus ads: Default ad category (Register-verandering.)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default

Download Accelerator Plus ads: IE extension (Register sleutel)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

Download Accelerator Plus ads: Typelib( (DAPBHO 1.0 Type Library)) (Register sleutel)
HKEY_CLASSES_ROOT\Typelib\{095006D5-6DA6-4CDC-864E-7498015816BC}

Download Accelerator Plus ads: Typelib (Register sleutel)
HKEY_CLASSES_ROOT\Typelib\{79516451-3E3E-453a-8968-37942F7979F3}

Download Accelerator Plus ads: Typelib (Register sleutel)
HKEY_CLASSES_ROOT\Typelib\{72920511-E300-44c1-8565-2FD66D7A7246}

Download Accelerator Plus: Default ad server (Register-verandering.)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultServer=http://127.0.0.1

eAcceleration: Class (Register sleutel)
HKEY_CLASSES_ROOT\Webcelerator.WebcBrowserHelper

eAcceleration: Class ID (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6}

eAcceleration: Common files (Directory)
C:\Program Files\Common Files\eAcceleration

eAcceleration: Global settings (Register sleutel)
HKEY_LOCAL_MACHINE\Software\eAnthology

eAcceleration: Interface (Register sleutel)
HKEY_CLASSES_ROOT\Interface\{E6A8EE26-1FAD-431C-99D6-8DBA1E25CD72}

eAcceleration: Interface (Register sleutel)
HKEY_CLASSES_ROOT\Interface\{D951B1F4-7399-426A-A925-D2C41FCF2002}

eAcceleration: Interface (Register sleutel)
HKEY_CLASSES_ROOT\Interface\{BB80B457-F3F6-4992-A0C3-A128D58C7FB2}

eAcceleration: Program directory (Directory)
C:\Program Files\Acceleration Software

eAcceleration: Type library (Register sleutel)
HKEY_CLASSES_ROOT\TypeLib\{963DD0FF-4836-4DE4-9590-D7EFE8F62F8D}

eAcceleration: Type library (Register sleutel)
HKEY_CLASSES_ROOT\TypeLib\{3E072AB7-3CDA-4536-8AFD-56B0FE6846B4}

eAcceleration: Version setting (Register sleutel)
HKEY_CLASSES_ROOT\Defender.ScanGUi

eAcceleration: Version setting (Register sleutel)
HKEY_CLASSES_ROOT\Defender.ScanCore

Internet Explorer: Data source object exploit (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3

MiniBug: User ad settings (Register sleutel)
HKEY_CURRENT_USER\Software\AWS\MiniBug

MS Media Player: Client ID (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID=

n-Case: User settings (Register sleutel)
HKEY_CURRENT_USER\Software\180solutions

New.net: Library (Bestand)
newdotnet3_36-1.dll

New.net: Library (Bestand)
newdotnet3_36.dll

New.net: Program directory (Directory)
C:\Program Files\NewDotNet

New.net: Uninstaller (Bestand)
NDNuninstall4_50.exe

Tintel: Global settings (Register sleutel)
HKEY_CLASSES_ROOT\TinTel

Tintel: Mime data (Register sleutel)
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-tcw

VLoading: Interface (Register sleutel)
HKEY_CLASSES_ROOT\Interface\{0D639E64-5C31-4313-B62A-1B4D99E2F284}

VX2/e: Class ID (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA}

WebDialer: Executable (Bestand)
5-2-109-46.exe

WildTangent: Global settings (Register sleutel)
HKEY_LOCAL_MACHINE\Software\WildTangent

Adobe Acrobat Reader 4: Recent file #1 (Register-verandering.)
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\4.0\AdobeViewer\avpRecentFile1=

Adobe Acrobat Reader 4: Recent file #2 (Register-verandering.)
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\4.0\AdobeViewer\avpRecentFile2=

Adobe Acrobat Reader 4: Recent file #3 (Register-verandering.)
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\4.0\AdobeViewer\avpRecentFile3=

Adobe Acrobat Reader 4: Recent file #4 (Register-verandering.)
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\4.0\AdobeViewer\avpRecentFile4=

Ahead Nero Burning Rom: Browser directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir=

Ahead Nero Burning Rom: Working directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir=

Ahead Nero Cover Designer: Recent file list( (2 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\ahead\Cover Designer\Recent File List

Internet Explorer: AutoComplete data( (1 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW

Internet Explorer: Cookies( (10 cookies)) (Directory)
C:\WINDOWS\Cookies

Internet Explorer: Download directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory=

Internet Explorer: Temporary internet files( (459 entries)) (Leeg cache)

Internet Explorer: URL history #1( (9 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: User agent (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Log: Activity: OEWABLog.txt (Backup bestand)
C:\WINDOWS\OEWABLog.txt

Log: IE: brndlog.txt (Backup bestand)
C:\WINDOWS\brndlog.txt

Log: Install: Active Setup Log.txt (Backup bestand)
C:\WINDOWS\Active Setup Log.txt

Log: Install: Directx.log (Backup bestand)
C:\WINDOWS\Directx.log

Log: Install: wmsetup.log (Backup bestand)
C:\WINDOWS\wmsetup.log

MS Direct3D: Most recent application (Register-verandering.)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name=

MS DirectDraw: Most recent application (Register-verandering.)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name=

MS DirectInput: Most recent application (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication\Name=

MS DirectInput: Most recent application ID (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication\Id=

MS Frontpage: Recent file list( (1 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List

MS Frontpage: Recent page list( (1 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List

MS Frontpage: Recent web list( (1 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List

MS Imaging: Recent file list( (2 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Kodak\Imaging\Recent File List

MS Media Player: Application data file( ()) (Bestand)
Microsoft\Media Player\ActivePlaylist.dat

MS Media Player: Recent file list( (9 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: Recent open directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir=

MS Media Player: Recent URL list( (1 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentURLList

MS Office 9.0 (PowerPoint): Recent file list( (3 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\PowerPoint\Recent File List

MS Office 9.0 (PowerPoint): Recent folder list( (1 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\PowerPoint\RecentFolderList

MS Office 9.0 (Start Assistant): Last new file (Register-verandering.)
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Osa\FileNew\Place=

MS Office 9.0: Access recent file( (23 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Access\Settings

MS Office 9.0: Internet history (Register-waarden.)
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents

MS Office 9.0: Recently used files( (59 files)) (Directory)
C:\WINDOWS\Application Data\Microsoft\Office\Recent\

MS Paint: Recent file list( (4 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: Recent file list( (3 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows Explorer: Document search history( (11 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

Windows Explorer: Program run history( (2 entries)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Recently opened files( (15 links)) (Directory)
C:\WINDOWS\Recent

Windows Explorer: Stream history( (201 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files( (3 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE( (93 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows: Install locations( (6 files)) (Register sleutel)
HKEY_CURRENT_USER\InstallLocationsMRU

WinZip: Add files directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\gzAddDir=

WinZip: Default directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\zDefDir=

WinZip: Default directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\DefDir=

WinZip: Destination directory (Register-verandering.)
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\directories\gzExtractTo=

WinZip: Number of times run (Register-verandering.)
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\rrs\Opened=

WinZip: Recent created file list( (15 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\filemenu


--- Spybot-S&D version: 1.1 rel 4 ---
2003-01-08 Includes\plugin-ignore.ini
2003-01-08 Includes\Cookies.sbi
2003-01-08 Includes\Dialer.sbi
2003-01-08 Includes\Hijackers.sbi
2003-01-08 Includes\Keyloggers.sbi
2003-01-08 Includes\Malware.sbi
2003-01-08 Includes\Security.sbi
2003-01-08 Includes\Spybots.sbi
2003-01-08 Includes\Tracks.uti
2003-01-08 Includes\Trojans.sbilpen???

 

[Pieter Arntz]

Hoi ipea,

Mooie verzameling heb je daar.

Newdotnet: even kijken in Configuratiescherm > Software of je het daar kunt vinden (New.dot of Newdotnet). Zoja verwijderen.

eAcceleration komt mee met software van eAnthology, meestal StopSign. Ook indien mogelijk eerst in Configuratiescherm > Software verwijderen.

CommonName Toolbar: zelfde verhaal, spyware van de ergste soort

DAP: blijft het meestal gewoon doen als je de spyware eruit verwijderd hebt.

Alexa: kan geen kwaad als het de related pages sleutel betreft, maar voor de zekerheid door Spybot S&D laten repareren. Die functie wordt dan door Google overgenomen.

Deze kunnen gewoon weg:

Tintel: Global settings (Register sleutel)
HKEY_CLASSES_ROOT\TinTel

Tintel: Mime data (Register sleutel)
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-tcw

VLoading: Interface (Register sleutel)
HKEY_CLASSES_ROOT\Interface\{0D639E64-5C31-4313-B62A-1B4D99E2F284}

VX2/e: Class ID (Register sleutel)
HKEY_CLASSES_ROOT\CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA}

WebDialer: Executable (Bestand)
5-2-109-46.exe

WildTangent: Global settings (Register sleutel)
HKEY_LOCAL_MACHINE\Software\WildTangent

Allemaal troep.

Dus kort samengevat: Verwijder indien mogelijk newdotnet, stopsign en commonname eerst via Configuratiescherm > software.
Draai dan Spybot S&D nog een keer en verwijder alles dat in het rood wordt aangegeven, zonder dat je IE vensters open hebt.
De groene en zwarte kun je gewoon laten staan, dit zijn onnodige dingen en gebruikerssporen en kunnen geen kwaad.

Groetjes,

Pieter

 

[ipea]

hatstikke bedankt Pieter
Ik heb gedaan wat je zei en het lijkt me nu oke.
Alle rode zijn weg er staan alleen nog groene en Spybot zei gefeliciteerd, niets gevonden

 

[Pieter Arntz]

Opgeruimd staat netjes. :thumb: