Anna123

Nogmaals dank voor de info. Ik heb voorlopig maar weer Microsoft Essentials geïnstalleerd, vanwege de firewall. Heb de overige punten ook gelezen en zal proberen deze mee te nemen in het pc-gebruik.

Helemaal toppie, alles werkt weer naar behoren. Wat goed dit forum, echt geweldig Een vraagje: welk programma kan ik het best gebruiken om herhaliing van deze situatie te voorkomen? Ik weet dat er veel zijn, en momenteel gebruik ik de gratis Avira-versie. Maar na scannen kon dit dus ook de malware niet vinden. Net als Avast en Microsoft Essentials. En die laatste heeft het dus ook niet tegengehouden.

En hierbij de log van HitmanPro HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : ANNA-PC Windows . . . . . . . : 6.1.1.7601.X64/8 User name . . . . . . : Anna-PC\Anna UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-07-24 11:39:52 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 12 Traces . . . . . . . : 804 Objects scanned . . . : 1.327.041 Files scanned . . . . : 17.898 Remnants scanned . . : 357.127 files / 952.016 keys Malware _____________________________________________________________________ C:\Windows\SysWOW64\msfeedsl.dll -> Quarantined Size . . . . . . . : 235.008 bytes Age . . . . . . . : 19.8 days (2013-07-04 16:00:27) Entropy . . . . . : 6.6 SHA-256 . . . . . : A12442300232E18E2E49EE22CB13041B4CFA8DDFD173D868E8B694169C1207E6 > Ikarus . . . . . . : Trojan.Win32.Pirminay!IK Fuzzy . . . . . . : 116.0 Startup C:\Windows\Tasks\tqkrz.job Forensic Cluster 0.0s C:\Windows\SysWOW64\msfeedsl.dll 0.1s C:\Windows\Tasks\tqkrz.job 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz 0.2s C:\Windows\System32\Tasks\tqkrz Cookies _____________________________________________________________________ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\1SZNSC6W.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\77E6MZLW.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\AFN1AF2K.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\B5BD4S6A.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\G0LGFF77.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\GU59E95O.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\IOUN3F8S.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\LDQQFNRX.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\P3WIE1WE.txt C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Cookies\VO0D4MM2.txt C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ad.360yield.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ad.e-kolay.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ad.yashi.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ad.yieldmanager.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ad.zanox.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ads.creative-serving.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ads.p161.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ads.planetfem.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ads.pubmatic.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:adserver.bicmedia.nl C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:adserver.rijnmond.nl C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:adtech.de C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:adtechus.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:adverteerdirect.nl C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:advertising.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:apmebf.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:at.atwola.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:atdmt.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:bs.serving-sys.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:burstnet.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:casalemedia.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:doubleclick.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:eas.apm.emediate.eu C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ffdbeterhoren.solution.weborama.fr C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ffddela.solution.weborama.fr C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:h.atdmt.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:in.getclicky.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:invitemedia.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:leisure.122.2o7.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:media6degrees.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:mediaplex.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:neckermannnl.solution.weborama.fr C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:nl.sitestat.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:pool-eu-ie.creative-serving.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:revsci.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ru4.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:serving-sys.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:smartadserver.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:specificclick.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:statcounter.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:stats.snacktools.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:tpgpost.122.2o7.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:track.adform.net C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:track.zalando.nl C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:weborama.fr C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:ww251.smartadserver.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:www.belstat.nl C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:www.googleadservices.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:www4.smartadserver.com C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\cookies.sqlite:xiti.com

En hier de log van stap 3. Alvast superbedankt voor de hulp! Zoek.exe Version 4.0.0.4 Updated 21-07-2013 Tool run by Anna on di 23-07-2013 at 22:43:06,36. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Anna\Downloads\zoek(1).exe [script inserted] ==== System Restore Info ====================== 23-7-2013 22:44:50 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2221459908-2000885377-2527166229-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_USERS\S-1-5-21-2221459908-2000885377-2527166229-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\MailWasher\MailWasher.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Anna\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default user.js not found ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1372849176110,\"rdfTime\":1372849175960}}},{\"name\":\"app-profile\",\"addons\":{\"DeviceDetection@logitech.com\":{\"descriptor\":\"C:\\\\Users\\\\Anna\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m1z2n0dk.default\\\\extensions\\\\DeviceDetection@logitech.com\",\"mtime\":1337421789134,\"rdfTime\":1326822666000},\"toolbar_AVIRA-V7@apn.ask.com\":{\"descriptor\":\"C:\\\\Users\\\\Anna\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m1z2n0dk.default\\\\extensions\\\\toolbar_AVIRA-V7@apn.ask.com.xpi\",\"mtime\":1372804929061},\"{64161300-e22b-11db-8314-0800200c9a66}\":{\"descriptor\":\"C:\\\\Users\\\\Anna\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m1z2n0dk.default\\\\extensions\\\\{64161300-e22b-11db-8314-0800200c9a66}.xpi\",\"mtime\":1370509965016}}}]"); ---- FireFox user.js and prefs.js backups ---- prefs_23-07-2013_2246_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi" deleted "C:\Users\Anna\Downloads\SoftonicDownloader_voor_google-earth.exe" deleted "C:\Users\Anna\Downloads\SoftonicDownloader_voor_irfanview(1).exe" deleted "C:\Users\Anna\Downloads\SoftonicDownloader_voor_irfanview.exe" deleted "C:\Windows\Syswow64\SETD8A6.tmp" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8174 MB CPU Info: Intel® Core i7-2600K CPU @ 3.40GHz CPU Speed: 3497,3 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Realtek Digital Output(Optical) | Display Adapters: NVIDIA GeForce GT 440 | NVIDIA GeForce GT 440 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (G: | ) G: Optiarc DVD RW AD-5260S Ports: COM1 LPT1 Mouse: 4 Button Wheel Mouse Present Hard Disks: C: 130,9GB | D: 465,8GB | E: 100,0MB | F: 102,0GB | H: 55,8GB Hard Disks - Free: C: 85,7GB | D: 376,1GB | E: 70,4MB | F: 23,4GB | H: 22,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer INC. P8P67-M Internet Explorer Version: 10.0.9200.16635 Sun Java version: No Java Installed? Country: Nederland Language: NLD ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Anna\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-07-11 20:37:07 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 20:37:07 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-07-11 20:37:06 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-07-11 20:37:06 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-07-11 20:37:05 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-07-11 20:37:05 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 20:37:05 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 20:37:04 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 20:37:04 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-07-11 20:37:03 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-07-11 20:37:03 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-07-11 20:37:01 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 20:37:01 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-07-11 20:37:00 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-07-11 20:36:57 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-07-11 13:04:35 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2013-07-11 13:04:35 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 13:04:11 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-07-11 20:37:07 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-07-11 20:37:06 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-07-11 20:37:06 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-07-11 20:37:06 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-07-11 20:37:05 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-07-11 20:37:05 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-07-11 20:37:05 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-07-11 20:37:05 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-07-11 20:37:04 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-07-11 20:37:04 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-07-11 20:37:03 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-07-11 20:37:02 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-07-11 20:37:02 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-07-11 20:37:01 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-07-11 20:36:59 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-07-11 20:36:58 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-07-11 13:04:36 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL 2013-07-11 13:04:35 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2013-07-11 13:04:29 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-07-11 13:04:11 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll ====== C:\Windows\Sysnative\drivers ===== 2013-07-21 14:35:44 4E6D26B796767B1CD7015005B0522746 83672 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys 2013-07-21 08:30:18 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\Sysnative\drivers\avkmgr.sys 2013-07-21 08:30:18 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\Sysnative\drivers\avipbb.sys 2013-07-21 08:30:18 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\Sysnative\drivers\avgntflt.sys 2013-07-06 07:43:39 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum 2013-07-06 07:43:39 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum 2013-07-06 07:43:39 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum ====== C:\Windows\Tasks ====== 2013-07-04 14:00:27 67256E44BE1EE091711E3E88621F1485 304 ----a-w- C:\Windows\Tasks\tqkrz.job 2013-07-04 14:00:27 5B8CA095E73DC0818DD93645C4AA7158 2584 ----a-w- C:\Windows\Sysnative\Tasks\tqkrz ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\Program Files (x86) ===== 2013-07-22 10:05:39 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-07-21 08:30:18 -------- d-----w- C:\Program Files (x86)\Avira 2013-07-06 07:22:31 -------- d-----w- C:\Program Files (x86)\AVG ======= C: ===== 2013-07-23 20:29:31 906A0A2D2C2C9287F604B37C256EB30C 5887 ----a-w- C:\AdwCleaner[s1].txt ====== C:\Users\Anna\AppData\Roaming ====== 2013-07-21 08:32:28 -------- d-----w- C:\users\Anna\AppData\Roaming\Avira 2013-07-12 20:40:01 E2AC7544663E8398382BC2610863485C 825328 ----a-w- C:\users\Anna\AppData\Local\census.cache 2013-07-12 20:39:54 66A5732778820900A03BB38D4A59F76D 107815 ----a-w- C:\users\Anna\AppData\Local\ars.cache 2013-07-12 20:31:11 05B591F8FE42B957A4A9871DBCA1FE72 36 ----a-w- C:\users\Anna\AppData\Local\housecall.guid.cache 2013-07-06 07:20:01 -------- d-----w- C:\users\Anna\AppData\Local\MFAData 2013-07-06 07:20:01 -------- d-----w- C:\users\Anna\AppData\Local\Avg2013 ====== C:\Users\Anna ====== 2013-07-23 20:29:16 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Users\Anna\Downloads\adwcleaner.exe 2013-07-21 08:30:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2013-07-21 08:30:18 -------- d-----w- C:\ProgramData\Avira 2013-07-21 08:20:23 4754539F6D178B84DE28DBCBE7CDA23A 2092792 ----a-w- C:\Users\Anna\Downloads\avira_free_antivirus.exe 2013-07-12 20:31:00 1FBB338FD54A8E1697488658705BAE05 2406064 ----a-w- C:\Users\Anna\Downloads\HousecallLauncher64.exe 2013-07-12 20:23:51 D91FE85477A1FB1933AAAF340ACEE250 3510056 ----a-w- C:\Users\Anna\Downloads\hitmanpro.exe 2013-07-06 07:22:41 -------- d-----w- C:\ProgramData\AVG2013 2013-07-06 07:20:01 -------- d--h--w- C:\ProgramData\Common Files 2013-07-06 07:20:01 -------- d-----w- C:\ProgramData\MFAData ====== C: exe-files == 2013-07-23 20:29:16 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Users\Anna\Downloads\adwcleaner.exe 2013-07-21 08:30:19 F4848A6610D89E885E4BCAF5B8C080B3 145464 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe 2013-07-21 08:30:19 F14001B45938D45F771CA18B0FDDF549 44088 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe 2013-07-21 08:30:19 E22BA275B96AEAE292548E334D93CB79 598584 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 2013-07-21 08:30:18 FBE44C10D00C07A364DA98D0CC2FA8F8 284728 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe 2013-07-21 08:30:18 F20D248B2F34E3A4F80D087CFCCEC821 634936 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe 2013-07-21 08:30:18 F02806D9B6E13BF3836DC140A3F2DD45 89144 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe 2013-07-21 08:30:18 E4846A00FA436E9128E74E7F1AA85FE8 55352 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe 2013-07-21 08:30:18 E45891A40C75F193937EA282776399E1 95816 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe 2013-07-21 08:30:18 DF92C3C7713D1034DDC8ABC9983FE412 245304 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2013-07-21 08:30:18 DC529D0BB04C8E7A6D6660370C1EC3B8 81976 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe 2013-07-21 08:30:18 DAF4D673DB35BF6109A594C721EB5B8A 431672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe 2013-07-21 08:30:18 D4992F43340344D337DC5ADE1CE0863A 345144 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2013-07-21 08:30:18 CB0DB76C19AD2FBAD5BF36E3DBEE8ADB 589368 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe 2013-07-21 08:30:18 AE88282D08916C00A324F6A269924EA9 1291696 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe 2013-07-21 08:30:18 8EB0742F483DC37E767DD8F6144A3214 111160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe 2013-07-21 08:30:18 805265080FC624C96FEC23C1D3E571AD 504424 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe 2013-07-21 08:30:18 7420E10AB539071688C64ADE437886BA 167992 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe 2013-07-21 08:30:18 5FA26A9283BE1F745FC130963DCD4DFD 775736 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe 2013-07-21 08:30:18 52377C29474DEF48E09AD5B221BE59DC 231480 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe 2013-07-21 08:30:18 4B21D5FE2E5A9F3A8452CCA65FABBBB5 328760 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 2013-07-21 08:30:18 4A66ECADEF725017025045A29FC04C85 84024 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 2013-07-21 08:30:18 2879D808D87DF9A77D184D9E1861BF40 122424 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe 2013-07-21 08:30:18 1AD30E14619BB09D7FDBE75737F9EE88 108088 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2013-07-21 08:30:18 189FABFC424E9CA5628BAA9A76A145CF 179256 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe 2013-07-21 08:30:18 166488F973188B49AC74737ACC8E9769 811064 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe 2013-07-21 08:30:18 1535A7798D042ABEA4546CD0F5FBA885 133176 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe 2013-07-21 08:30:18 150B00FDF887103D4E5BE5D7BCEBA693 455224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe 2013-07-21 08:20:23 4754539F6D178B84DE28DBCBE7CDA23A 2092792 ----a-w- C:\Users\Anna\Downloads\avira_free_antivirus.exe === C: other files == 2013-07-21 14:35:44 4E6D26B796767B1CD7015005B0522746 83672 ----a-w- C:\Windows\System32\drivers\avnetflt.sys 2013-07-21 08:30:19 53A58B057A8C5A4622EAD625C773DAE3 100384 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip 2013-07-21 08:30:18 4E6D26B796767B1CD7015005B0522746 83672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys 2013-07-21 08:30:18 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2013-07-21 08:30:18 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys 2013-07-21 08:30:18 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\System32\drivers\avipbb.sys 2013-07-21 08:30:18 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys 2013-07-21 08:30:18 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2013-07-21 08:30:18 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2221459908-2000885377-2527166229-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" ==== Startup Folders ====================== 2011-09-25 20:36:09 1010 ----a-w- C:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-05-20 07:47:03 985 ----a-w- C:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk 2013-06-12 18:16:18 1458 ----a-w- C:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-07-2013 23:07] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-04-2012 10:44] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-04-2012 10:44] C:\Windows\tasks\tqkrz.job --a------ C:6C:\Windows\system32\rundll32C:\Windows\SysWOW64\msfeedsl.dll [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default - Logitech - %ProfilePath%\extensions\DeviceDetection@logitech.com - Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default 0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash 15D2058BEB13C1805C00F6AC9B812A0D - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll - Logitech Device Detection ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaacalgebmfelllfiaoknifldpngjh - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {9883F870-BEE1-4049-AC9D-46D7CD1B6D38} Yahoo//nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: MailWasher.lnk = C:\Program Files (x86)\MailWasher\MailWasher.exe O4 - Startup: Windows Live Mail.lnk = C:\Program Files (x86)\Windows Live\Mail\wlmail.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Anna\AppData\Local\Mozilla\Firefox\Profiles\m1z2n0dk.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anna\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 23-07-2013 at 22:52:31,45 ======================

Hier de log van deel 2 # AdwCleaner v2.306 - Verslag gemaakt op 23/07/2013 om 22:29:31 # Geactualiseerd op 19/07/2013 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Anna - ANNA-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Anna\Downloads\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** Gestopt & Verwijdert : APNMCP ***** [Files / Mappen] ***** File Verwijderd : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Verwijderd : C:\user.js Map Verwijderd : C:\Program Files (x86)\AskPartnerNetwork Map Verwijderd : C:\Program Files (x86)\AVG Secure Search Map Verwijderd : C:\Program Files (x86)\Wondershare Map Verwijderd : C:\ProgramData\APN Map Verwijderd : C:\ProgramData\AskPartnerNetwork Map Verwijderd : C:\ProgramData\Babylon Map Verwijderd : C:\Users\Anna\AppData\Local\PackageAware Map Verwijderd : C:\Users\Anna\AppData\Local\Temp\APN Map Verwijderd : C:\Users\Anna\AppData\Roaming\Babylon Map Verwijderd : C:\Users\Anna\AppData\Roaming\pdfforge ***** [Register] ***** Sleutel Verwijderd : HKCU\Software\AskPartnerNetwork Sleutel Verwijderd : HKCU\Software\InstallCore Sleutel Verwijderd : HKCU\Software\Softonic Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Verwijderd : HKLM\Software\AskPartnerNetwork Sleutel Verwijderd : HKLM\Software\AVG Secure Search Sleutel Verwijderd : HKLM\Software\AVG Security Toolbar Sleutel Verwijderd : HKLM\Software\Babylon Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Sleutel Verwijderd : HKLM\Software\systweak Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] ***** [browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v22.0 (nl) File : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\prefs.js C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\user.js ... Verwijderd ! Verwijderd : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Verwijderd : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110819&tt=010712_4&babsrc=NT_ss&mn[...] Verwijderd : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Verwijderd : user_pref("browser.search.order.1", "Search the web (Babylon)"); Verwijderd : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Verwijderd : user_pref("extensions.BabylonToolbar_i.babExt", ""); Verwijderd : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=010712_4"); Verwijderd : user_pref("extensions.BabylonToolbar_i.hardId", "fc941c4d000000000000bcaec5cf00f8"); Verwijderd : user_pref("extensions.BabylonToolbar_i.id", "fc941c4d000000000000bcaec5cf00f8"); Verwijderd : user_pref("extensions.BabylonToolbar_i.instlDay", "15527"); Verwijderd : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Verwijderd : user_pref("extensions.BabylonToolbar_i.newTab", true); Verwijderd : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=01071[...] Verwijderd : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Verwijderd : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Verwijderd : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Verwijderd : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Verwijderd : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Verwijderd : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Verwijderd : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:16:21"); Verwijderd : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Verwijderd : user_pref("extensions.speeddial.thumbnail-13-url", "hxxps://mail.google.com/mail/?shva=1#inbox"); ************************* AdwCleaner[s1].txt - [5788 octets] - [23/07/2013 22:29:31] ########## EOF - C:\AdwCleaner[s1].txt - [5848 octets] ##########

Hierbij dan, ben benieuwd: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:06:51, on 22-7-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\MailWasher\MailWasher.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing) O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing) O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: MailWasher.lnk = C:\Program Files (x86)\MailWasher\MailWasher.exe O4 - Startup: Windows Live Mail.lnk = C:\Program Files (x86)\Windows Live\Mail\wlmail.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ask-updateservice (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10878 bytes

Dank! Ik zal dit binnenkort doen en de uitslag hier plaatsen.

Ik vermoed althans dat er een virus oid op mijn computer zit, hoewel diverse antivirusprogramma's niets vinden. Het geval is als volgt: Als ik in Google bovenaan op een betaalde link klik, verschijnt niet de link die ik verwacht maar een heel andere. Klik ik bijvoorbeeld op Fietskarretje.nl (bovenaan dus, in het roze vlak in Google), dan duurt het even en verschijnt er een willekeurige links zoals: tekopenzakken.com. En na een tweede keer klikken verschijnt reistvandaag.com, met reizen naar Maleisië. Nu valt dit nog mee, want hiervoor werkte andere links in Google ook niet, nu dus alleen de betaalde. Overigens kon ik Microsoft Essentials al enige tijd niet meer openen. Tenminste, het programma verscheen wel een paar seconden, maar werd dan meteen gesloten. Toen heb ik het verwijderd en een andere antivirusprogramma geïnstalleerd (Avira). Wel vreemd, lijkt me, want het werkte altijd goed. Iemand die dit herkent?