[OPGELOST] A360 antivirus

[ldv]

Hallo

kan iemand mij helpen om het antivirus A360 te verwijderen.

heb windows xp

dank

[Yannick]

Hijackthis logje maken

• Download Trend Micro Hijack This
  Dubbelklik op HJTInstall.exe
  Hijackthis wordt nu op je PC geïnstalleerd, een snel koppeling wordt op je bureaublad geplaatst
  

• HijackThis zal openen na het installeren.
  Klik op "Do a systemscan and save a logfile".
  Er opent een Kladblok venster, houd gelijkt tijdig de CTRL en A toets ingedrukt, nu is alles geselecteerd.
  Houd gelijkt tijdig de CTRL en C toets ingedrukt, nu is alles gekopieerd.
  Plak nu het HJT logje in je bericht door CTRL-V
  NB. gebruikers met Windows Vista zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
  

[ldv]

bedankt voor de snelle reactie

krijg ook nog een melding

Spyware.Monster.FX_WILD_0x00000000

hopelijk heb je hieraan genoeg

dank

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:34:38, on 17/03/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\PROGRA~1\MICROS~2\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\A360\av360.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com

O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com

O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com

O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com

O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com

O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com

O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com

O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com

O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com

O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com

O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com

O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com

O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com

O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [78F21812B7C4A4E160D789F0CE3F91F2] C:\Program Files\A360\av360.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader5.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230231683732&h=f99bcde82bf4400519131f12972a3ad1/&filename=jinstall-6u11-windows-i586-jc.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - (no file)

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

End of file - 9408 bytes

[kape]

Download HostsXpert

Unzip het programma naar je Bureaublad.

Open de map en dubbelklik op Hoster.exe

Klik op "Restore Microsofts Original Hosts File"

Klik op "OK" en sluit het programma.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com

O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com

O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com

O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com

O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com

O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com

O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com

O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com

O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com

O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com

O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com

O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com

O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com

O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll

O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll

O4 - HKCU\..\Run: [78F21812B7C4A4E160D789F0CE3F91F2] C:\Program Files\A360\av360.exe

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map met Windows Verkenner :

C:\Program Files\A360

Open kladblok en plak volgende vetgedrukte tekst in een leeg venster:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"="avgrsstx.dll"

Sla dit op, op je Bureaublad als regfix.reg, met als type "alle bestanden"

Dubbelklik op regfix.reg en sta het toevoegen aan het register toe.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[ldv]

hallo

hier inhoud van logje

Malwarebytes' Anti-Malware 1.34

Database versie: 1861

Windows 5.1.2600 Service Pack 2

18/03/2009 8:09:00

mbam-log-2009-03-18 (08-09-00).txt

Scan type: Snelle Scan

Objecten gescand: 68493

Verstreken tijd: 3 minute(s), 56 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 118

Registerwaarden geïnfecteerd: 9

Registerdata bestanden geïnfecteerd: 3

Mappen geïnfecteerd: 20

Bestanden geïnfecteerd: 34

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\ask.enginelistener (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ask.enginelistener.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ask.scanner (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ask.scanner.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ask.threatcollection (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ask.threatcollection.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.backup (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.backup.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.ignorelist (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.ignorelist.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.log (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.log.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.logrecord (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.logrecord.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.paths (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.paths.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.quarantine (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.quarantine.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.runas (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.runas.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.searchitem (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.searchitem.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.threat (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\engine.threat.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{016998bb-c153-4bc9-8ea0-d8ebab843641} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0dd85655-0f86-476f-b98d-685a494e13e1} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{103d373c-b541-4cfc-a351-199bb835054b} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{161b9340-9521-4b6c-8425-4c6d0e06840b} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1d33825d-31d6-4064-920c-af1a11acf5d9} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1d436319-1b6f-4116-a2ae-479b5e5f58f7} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{23202b12-d1f9-41ef-b684-e0e0c025c5e4} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{323c5941-67cb-4215-bcef-c58de0e54479} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3c8d07ad-db5c-444b-984e-6b619e3f90e0} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{45d03f8a-f83c-49a7-b2fb-11635e281d6c} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{51620c40-113c-4ee0-8dc7-4bc5b68b527e} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5a2752c0-0980-4c22-b47c-117692e62c1b} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{684bbf81-9d4f-4109-8a93-a948bf3fa5c3} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{697dc0be-31e5-4d74-8dd4-fb3fcc9e0a23} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{778c6547-2567-4177-ba41-63e420843e29} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7b79f338-0a8d-44af-a809-4e34b47e0bf8} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7c2c8704-e511-4154-98a2-2d30ccd6a501} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7d9745a5-5c08-441c-b809-264bba43cb19} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{934c87ea-8fb9-4fa0-8241-65c31fdfe368} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a3c744fa-9a23-4ac2-b167-658458764982} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b262c1c4-7b74-4c54-927b-1909110f1aad} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b68de76d-f354-4a0d-96de-b3c4726b0874} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b7285652-9e70-4e49-9a4b-5829ff1e2b0c} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c29d7379-4f31-4b46-971f-7c94b15c709e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c966ede6-c91b-477e-801d-92d917361337} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cce1768a-3fff-49c4-8c48-2daed860d118} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6031ace-434e-49bf-9f30-c5e9c8f16132} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2cb4866-da3d-4158-af12-e296fb8de109} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e85fff2f-d5c5-43df-85e8-2258857f596c} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e9b4ddb2-a1db-49c1-a1d3-05cc43b12e10} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f5a53e0b-1a3b-4f31-bb00-0adff132f47e} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fd849917-2cc9-4e7a-a7bf-6e825315a749} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5D4348FB-DF43-0334-69B8-DAD6CA156781} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{310d53a0-f736-4a2f-858e-860cfd30ad61} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3ec8e606-d9b3-4f96-b59d-9bd6ee759846} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{788f2351-b5ed-4dc2-88c3-5ae0aa81c537} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{805566b6-754f-4fac-8b1d-68e0db3a4558} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{99a01fb5-d73c-47da-bac2-5952b4387100} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a70fcdd6-d563-4bab-abbf-b8d93b64c815} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c712933c-36ad-48ac-b866-61b4fea83559} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dbf8ffd6-e75a-48d8-9be3-08724b848002} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dfb5633d-510e-46b2-8711-5f4697b8e69e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e8fb9c05-26c0-4032-b906-9f5ee172e94e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f20ea7ae-99f3-4723-bd78-7910eb00f086} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fc7cfd2a-d27d-4eb1-9435-42e76072434a} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c0f15c0a-742d-49c4-8d36-be8d204e3f65} (Rogue.MalwareCore) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{4946cbc5-dc18-4c7a-bc4d-299203c80602} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{860b20f5-12c2-44ee-befe-7cd167a7a98e} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\AntiSpyKit.EXE (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\MalwareWipe.EXE (Rogue.MalwareWiped) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3\Logs (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.

C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winconfig.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1275210071-1343024091-725345543-1003\Dc3.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\asc4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\bpw.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\config.ini (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\kernel40.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\mm.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\OE.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\OE4.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\pl.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\stopapi4.dll (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\TheBAT.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\UnARJ.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\UnMSCAB.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\unrar.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\unzip.api (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Program Files\VirusRanger\updater.plb (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3\DbgHelp.Dll (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_03312008-193514.html (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_03312008-194225.html (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_04012008-113233.html (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_04012008-114240.html (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.

C:\Program Files\VirusHeat 4.3\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\RegistrySmart\Registry Backups\2008-03-10_20-12-54.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> Quarantined and deleted successfully.

en hier de nieuwe HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:13:35, on 18/03/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\PROGRA~1\MICROS~2\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader5.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230231683732&h=f99bcde82bf4400519131f12972a3ad1/&filename=jinstall-6u11-windows-i586-jc.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--

End of file - 7833 bytes

[kape]

Dit heeft behoorlijk wat "rommel" opgeruimd. Heb je nog merkbare problemen op deze PC ?

[ldv]

Op dit moment zie ik geen moeilijkheden meer

Bedankt voor de fantastische hulp en hopelijk blijft alles nu ok

(als je tips hebt om mijn pc beter te beschermen laat het gerust weten)

bedankt voor alles

[kape]

(als je tips hebt om mijn pc beter te beschermen laat het gerust weten)

Tja, ik zie nergens een actief antivirus- en antispywareprogramma. Dat is wel internetten met de poort open, natuurlijk. Of vergis ik me ?