trojaanse paarden

[miker]

HELP !!!

gisteren stak ik de pc aan , en blijkt dat alles weg is van mijn bureaublad...

enkel internet , mijn documenten en deze computer staat er nog..

als ik op mijn documenten klik, zie ik helemaal niks meer !! al ons foto's zijn weg en ons muziek en etc.

mijn avg geeft trojaanse paarden aan, heb dit uit de quarantaine verwijderd, maar mijn vraag is nu, WAT MOET IK DOEN ZODAT IK ALLES TERUG HEB? en zijn die trojaanse paarden nu ook werkelijk weg of niet?

ik ken echter niks van pc dus hopelijk krijg ik hier antwoord op men vragen...

grtzzzzzzzzz

[Dasle]

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

[miker]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:53:54, on 5/06/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbrmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden | Facebook

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\prxtbRad2.dll

R3 - URLSearchHook: (no name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Toolbar BHO - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Assistant BHO - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Radio Bar 2 - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\prxtbRad2.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: &Security Update - {C73FD00D-A099-405C-92B4-8997710D187D} - C:\WINDOWS\system32\win32extension.dll (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\prxtbRad2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: SmileyCentral - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [isdgerxqc] c:\windows\system32\isdgerxqc.exe isdgerxqc

O4 - HKLM\..\Run: [WA6PM_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe"

O4 - HKLM\..\Run: [base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\hide readme.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TSTrayIcon] C:\Documents and Settings\Mike.NOA\Application Data\FaceBookStyleIE\TSTrayIcon.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [smileyCentralIE_1w Browser Plugin Loader] C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbrmon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike.NOA.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [TorrentEasy] "C:\Program Files\TorrentEasy\TorrentEasy.exe -autorun"

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000341&p=GRxdm181YYBE&si=&a=lfqiHXVOTb5DFTG5FwGbsw&n=2010032509

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alimarginali.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161381792218

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.gfoto.com/ImageUploader3.cab

O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.be/ExtraFilmUploader6.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SmileyCentral Service (SmileyCentralIE_1wService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbarsvc.exe

O23 - Service: WUSB54GC - Unknown owner - C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe

--

End of file - 15775 bytes

[Dasle]

Als een expert (kape of kweezie wabbit) online komt zal deze je logje analyseren en je verdere instructies geven.

[miker]

thx... hopelijk lukt het...

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop MyWebSearchService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete MyWebSearchService

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\prxtbRad2.dll

R3 - URLSearchHook: (no name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Toolbar BHO - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Assistant BHO - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll

O2 - BHO: Radio Bar 2 - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\prxtbRad2.dll

O2 - BHO: &Security Update - {C73FD00D-A099-405C-92B4-8997710D187D} - C:\WINDOWS\system32\win32extension.dll (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Radio Bar 2 Toolbar - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\prxtbRad2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: SmileyCentral - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll

O4 - HKLM\..\Run: [isdgerxqc] c:\windows\system32\isdgerxqc.exe isdgerxqc

O4 - HKLM\..\Run: [WA6PM_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe"

O4 - HKLM\..\Run: [base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\hide readme.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [smileyCentralIE_1w Browser Plugin Loader] C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbrmon.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...w&n=2010032509

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.3.cab

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder Ask Toolbar of Ask.com via Configuratiescherm -> Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[miker]

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Databaseversie: 6784

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/06/2011 13:19:11

mbam-log-2011-06-06 (13-19-11).txt

Scantype: Snelle scan

Objecten gescand: 243500

Verstreken tijd: 1 uur/uren, 13 minuut/minuten, 17 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 144

Registerwaarden geïnfecteerd: 5

Registerdata geïnfecteerd: 1

Mappen geïnfecteerd: 25

Bestanden geïnfecteerd: 170

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C73FD00D-A099-405C-92B4-8997710D187D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntiVirus) -> Value: BootStera -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

c:\documents and settings\mike.noa.000\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\documents and settings\mike.noa.000\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\documents and settings\mike.noa.000\application data\funwebproducts\Data\Mike (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\program files\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Delete on reboot.

c:\documents and settings\all users\application data\18865956.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\uaaihfwfhq.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.

c:\documents and settings\myriam.NOA\local settings\Temp\jar_cache6083666354466044748.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\myriam.NOA\local settings\Temp\jar_cache6408817612017003821.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\mike.noa.000\local settings\temporary internet files\content.ie5\bxkuf7wn\29183[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\documents and settings\mike.noa.000\local settings\temporary internet files\content.ie5\tw5bpark\398586_large[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\documents and settings\mike.noa.000\local settings\temporary internet files\content.ie5\tw5bpark\51210[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\registrysmart scheduled scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

c:\documents and settings\mike.noa.000\application data\funwebproducts\Data\Mike\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\cursormaniabtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\webfettibtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\webfettibtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\000BD386.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D3FCD (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D4D4A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D5122.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D56A0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D5C6D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D60D2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D6566.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002D68B1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\002F554F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0037F7E1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0045D5BF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0047A1F3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0078FDF0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0079011C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0079039D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\007FF236 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00F3C4C9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00F3D3EC (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\011AA675.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01935367.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDAFB8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB110.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB238.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB352.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB47B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB5B3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB6CC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB805.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDB92E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDBA37.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01DDBB41.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01E8B04F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01E8B967.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01E8BA90.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\000F69DC (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0079065C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\01E8BB8A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

---------- Post toegevoegd om 13:43 ---------- Vorige post was om 13:32 ----------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:42:05, on 6/06/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden | Facebook

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TSTrayIcon] C:\Documents and Settings\Mike.NOA\Application Data\FaceBookStyleIE\TSTrayIcon.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike.NOA.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [TorrentEasy] "C:\Program Files\TorrentEasy\TorrentEasy.exe -autorun"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alimarginali.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161381792218

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.gfoto.com/ImageUploader3.cab

O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.be/ExtraFilmUploader6.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SmileyCentral Service (SmileyCentralIE_1wService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbarsvc.exe

O23 - Service: WUSB54GC - Unknown owner - C:\Program Files\Linksys\WUSB54GC\WifiSvc.exe

--

End of file - 12142 bytes

voila hopelijk heb ik het allemaal goed gedaan, voor een beginner als ik , toch niet zo gemakelijk

6 juni 2011 aangepast door kape
dubbellog verwijderd

[kape]

Malwarebytes heeft een berg rotzooi van de PC gehaald en logje HijackThis ziet er nu prima uit. Hoe staat het met de Trojaanse paardjes en de andere problemen ?

[miker]

ok bedankt, avg geeft voorlopig niks meer aan van trojaanse paarden

juist jammer dat ik alles wel kwijt ben van foto's en etc....

daar toevallig geen oplossing voor?

[kweezie wabbit]

Misschien wel

Download SystemLook via een van onderstaande links en bewaar het op je bureaublad.

SystemLook #1

SystemLook #2

Heb je een 64 bits windows, neem dan SystemLook #3

Dubbelklik op SystemLook.exe om het programma te starten.

Gebruikers van Vista en Win7: Rechts klikken en kiezen voor uitvoeren als administrator.

Kopieer onderstaande vet gedrukte tekst en plak deze in het geopende venster

:dir

%Temp%\smtmp /s

Klik op de knop Look om de scan te starten.

Als de scan gedaan is, opent zich een kladblok met het resultaat van de scan.

Kopieer het resultaat en plak het in een volgend bericht.

Het logje is ook terug te vinden op je bureaublad als SystemLook.txt.