Qvo6 virus

[IMPEGA]

2 logbestanden op datum van 06/04 van malwarebytes

Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100

Malwarebytes : Free anti-malware download

Databaseversie: v2013.04.06.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lies :: LIES-PC [administrator]

Bescherming: Ingeschakeld

6/04/2013 10:11:21

mbam-log-2013-04-06 (10-11-21).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 210114

Verstreken tijd: 5 minuut/minuten, 24 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\Windows\System32\user32.dat (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Windows\SysWOW64\user32.dat (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

2013/04/06 09:11:57 +0200 LIES-PC Lies MESSAGE Executing scheduled update: Daily

2013/04/06 09:11:58 +0200 LIES-PC Lies ERROR Scheduled update failed: No address found failed with error code 0

2013/04/06 09:12:03 +0200 LIES-PC Lies MESSAGE Starting protection

2013/04/06 09:12:03 +0200 LIES-PC Lies MESSAGE Protection started successfully

2013/04/06 09:12:03 +0200 LIES-PC Lies MESSAGE Starting IP protection

2013/04/06 09:12:32 +0200 LIES-PC Lies MESSAGE IP Protection started successfully

2013/04/06 10:07:27 +0200 LIES-PC Lies MESSAGE Starting protection

2013/04/06 10:07:27 +0200 LIES-PC Lies MESSAGE Protection started successfully

2013/04/06 10:07:27 +0200 LIES-PC Lies MESSAGE Starting IP protection

2013/04/06 10:07:59 +0200 LIES-PC Lies MESSAGE IP Protection started successfully

2013/04/06 10:10:53 +0200 LIES-PC Lies MESSAGE Starting database refresh

2013/04/06 10:10:53 +0200 LIES-PC Lies MESSAGE Stopping IP protection

2013/04/06 10:10:55 +0200 LIES-PC Lies MESSAGE IP Protection stopped successfully

2013/04/06 10:10:59 +0200 LIES-PC Lies MESSAGE Database refreshed successfully

2013/04/06 10:10:59 +0200 LIES-PC Lies MESSAGE Starting IP protection

2013/04/06 10:11:19 +0200 LIES-PC Lies MESSAGE IP Protection started successfully

2013/04/06 10:31:04 +0200 LIES-PC Lies MESSAGE Starting protection

2013/04/06 10:31:04 +0200 LIES-PC Lies MESSAGE Protection started successfully

2013/04/06 10:31:04 +0200 LIES-PC Lies MESSAGE Starting IP protection

2013/04/06 10:31:44 +0200 LIES-PC Lies MESSAGE IP Protection started successfully

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:36:44, on 6/04/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16470)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Lies\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Moborobo Device Service (MoboroboDeviceService) - Unknown owner - C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8932 bytes

(Qvo6 opent zich nog steeds als startpagina)

[kape]

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

 
startupall; 
filesrcm; 

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
  • Firefox Look
    
  • Chrome Look
    
  • Firefox Defaults
    
  • Reset Chrome
    
  • Empty Temp Folders
    
  • Shortcut Fix
    
  • IE Defaults
    
  • Auto Clean
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[IMPEGA]

Zoek.exe Version 4.0.0.2 Updated 05-April-2013

Tool run by Lies on za 06/04/2013 at 15:47:59,29.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== FireFox Fix ======================

Deleted from C:\Users\Lies\AppData\Roaming\Mozilla\Firefox\Profiles\r87s9fc7.default\prefs.js:

user_pref("browser.startup.homepage", "www.google.be");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("browser.search.defaulturl", "");

user_pref("browser.search.defaultenginename", "qvo6");

user_pref("browser.search.defaultenginename,S", "");

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("browser.search.selectedEngine", "");

user_pref("browser.search.selectedEngine,S", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("browser.search.order.1", "qvo6");

user_pref("browser.search.order.1,S", "");

user_pref("keyword.URL", "http://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=bcd4939b000000000000002622631fb9&q=");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Lies\AppData\Roaming\Mozilla\Firefox\Profiles\r87s9fc7.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Lies\AppData\Roaming\Mozilla\Firefox\Profiles\r87s9fc7.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");

user_pref("extensions.BabylonToolbar_i.hardId", "bcd4939b000000000000002622631fb9");

user_pref("extensions.BabylonToolbar_i.id", "bcd4939b000000000000002622631fb9");

user_pref("extensions.BabylonToolbar_i.instlDay", "15466");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=109986&babsrc=NT_ss&mntrId=bcd4939b000000000000002622631fb9");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:07:37");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.id", "bcd4939b000000000000002622631fb9");

user_pref("extensions.BabylonToolbar_i.hardId", "bcd4939b000000000000002622631fb9");

user_pref("extensions.BabylonToolbar_i.instlDay", "15466");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:07:37");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- Lines qvo6 removed from prefs.js ----

---- Lines qvo6 modified from prefs.js ----

---- Lines WebSearch removed from prefs.js ----

user_pref("extensions.toolbar.mindspark._5mMembers_.homepage", "http://home.mywebsearch.com/index.jhtml?ptb=0E3AAE7C-1A36-4663-9CDA-C867FBF0416F&n=77eda26c&ptnrS=ZUxpt175YYbe&si=CLaonNzM5LACFUYntAodxze8yQ");

---- Lines WebSearch modified from prefs.js ----

---- Lines search.com removed from prefs.js ----

---- Lines search.com modified from prefs.js ----

---- Lines SweetIM removed from prefs.js ----

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

---- Lines SweetIM modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

user_20130604_1552_.backup

prefs_20130604_1552_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\System32\roboot64.exe deleted successfully

==== Deleting Files \ Folders ======================

"C:\Windows\SysNative\roboot64.exe" not found

"C:\user.js" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted

"C:\user.js" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml" deleted

"C:\Program Files (x86)\BrowseToSave" deleted

"C:\Users\Lies\AppData\Roaming\eIntaller" deleted

"C:\Users\Lies\AppData\Roaming\Babylon" deleted

"C:\Users\Lies\AppData\Roaming\YoudaGames" deleted

"C:\Users\Lies\AppData\Roaming\Systweak" deleted

"C:\ProgramData\eSafe" deleted

"C:\ProgramData\Partner" deleted

"C:\ProgramData\SoftSafe" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Babylon" deleted

"C:\Users\Lies\AppData\Local\Babylon" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Lies\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-04-03 19:42:51 886B8021074DE010AD6AF053A1722632 420944 ----a-w- C:\Windows\SysWOW64\msvcp100.dll

2013-04-03 19:42:51 63F13A8C7D297EFD8166EBC39566A24F 773712 ----a-w- C:\Windows\SysWOW64\msvcr100.dll

====== C:\Windows\SysWOW64\drivers =====

2013-03-31 19:08:52 732C8923749A526AB726D867FC9129AB 13608 ----a-w- C:\Windows\SysWOW64\drivers\MoborobAssDriver64.sys

====== C:\Windows\Sysnative =====

2013-04-06 08:10:06 F448ADBEC1DD571CB9FD94887E7690E9 108448 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll

====== C:\Windows\Sysnative\drivers =====

2013-04-03 20:44:02 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-04-01 09:57:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ggsemc_01009.Wdf

2013-04-01 09:57:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ggflt_01009.Wdf

2013-03-31 18:00:52 6B503DF845EABF3457E49FBBDA26C10E 27760 ----a-w- C:\Windows\Sysnative\drivers\ggsemc.sys

2013-03-31 18:00:51 16C2A6BCDDA8952C2035DEC861492A19 14448 ----a-w- C:\Windows\Sysnative\drivers\ggflt.sys

2013-03-31 17:55:52 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_WinUsb_01009.Wdf

2013-03-30 10:26:36 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-13 13:03:48 -------- d-----w- C:\Program Files\Microsoft Silverlight

======= C:\Program Files (x86) =====

2013-03-31 19:08:37 -------- d-----w- C:\Program Files (x86)\Moborobo

2013-03-31 17:59:03 -------- d-----w- C:\Program Files (x86)\Sony Ericsson

2013-03-31 17:36:13 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared

2013-03-31 17:34:37 -------- d-----w- C:\Program Files (x86)\Sony Media Go Install

2013-03-31 17:14:09 -------- d-----w- C:\Program Files (x86)\Sony

2013-03-13 13:03:48 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight

======= C: =====

2013-04-03 20:37:18 199CF21E039A10A29D9AD54F73486338 10398 ----a-w- C:\AdwCleaner[R5].txt

2013-04-03 20:36:56 05D2745B2064CDB06223D6EF51EF73DE 10337 ----a-w- C:\AdwCleaner[R4].txt

2013-04-03 20:35:55 F262BED8D162034D08F8D03BAEF53395 10273 ----a-w- C:\AdwCleaner[R3].txt

2013-04-03 20:35:40 9EC22D53B86A5DB03DE51CF920B7E255 10212 ----a-w- C:\AdwCleaner[R2].txt

2013-04-03 20:34:50 34675A542941277B06A014479F36D771 10151 ----a-w- C:\AdwCleaner[R1].txt

2013-03-23 16:33:55 87A8AC905A8D4C9A3A1D9DB69B69D520 10256480 ----a-w- C:\nj.jpg

====== C:\Users\Lies\AppData\Roaming ======

2013-04-03 20:43:52 -------- d-----w- C:\users\Lies\AppData\Local\Programs

2013-04-03 17:22:23 -------- d-----w- C:\users\Lies\AppData\Local\Xenocode

2013-03-31 17:36:18 -------- d-----w- C:\users\Lies\AppData\Local\Sony

2013-03-31 17:34:53 -------- d-----w- C:\users\Lies\AppData\Local\Downloaded Installations

2013-03-31 17:34:36 -------- d-----w- C:\users\Lies\AppData\Roaming\Sony

2013-03-15 16:12:32 -------- d-----w- C:\users\Lies\AppData\Local\Chromium

====== C:\Users\Lies ======

2013-03-31 19:08:37 -------- d-----w- C:\ProgramData\Moborobo

2013-03-31 17:59:28 -------- d-----w- C:\ProgramData\Sony Ericsson

2013-03-31 17:36:41 -------- d-----w- C:\Users\Lies\Podcasts

2013-03-31 17:36:13 -------- d-----w- C:\ProgramData\Sony Corporation

2013-03-31 17:14:09 -------- d-----w- C:\ProgramData\Sony

====== C: exe-files ==

2013-04-06 08:01:13 9C2FE0561CB31A762AE2A1EA74A6E121 33003424 ----a-w- C:\Users\Lies\Desktop\jre-7u17-windows-x64.exe

2013-04-03 21:16:09 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Users\Lies\AppData\Local\Temp\{13A5014D-11A4-4F20-ADCB-5986C84623BB}\x86\regsvr32.exe

2013-04-03 21:16:09 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Users\Lies\AppData\Local\Temp\{13A5014D-11A4-4F20-ADCB-5986C84623BB}\x64\regsvr32.exe

2013-04-03 20:43:03 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\Users\Lies\Downloads\mbam-setup-1.70.0.1100.exe

2013-04-03 19:42:41 B6DF79993609D49DD949B7EFF9E18F69 1411664 ----a-w- C:\Users\Lies\AppData\Local\Temp\Desk365\eInstall\eInstall.exe

2013-04-03 17:22:23 1FADB5E128AB938AE07BFDC1EA876910 117248 ----a-w- C:\Users\Lies\AppData\Local\Xenocode\XSandbox\installAPK\1.0.0.0\2009.06.01T16.17\Virtual\MODIFIED\@PROGRAMFILES@\installAPK\installAPK.EXE

2013-04-01 09:53:16 6E0105823B4FE91632C9DA8314418417 655536 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe

2013-04-01 09:43:20 738FFA4D0DD95618A793BFF870780D28 183928 ----a-w- C:\ProgramData\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\89\1\.cp\lib\x64\DeviceRemover.exe

2013-04-01 08:22:04 C46257D70EA8326D72C5A4ED79C4601C 19752 ----a-w- C:\Program Files (x86)\Moborobo\FuncStaticPczs.exe

2013-04-01 08:22:04 0B443F8B221A1F4996628D9D26365A46 1277937 ----a-w- C:\Program Files (x86)\Moborobo\unins000.exe

2013-03-31 19:08:46 DCFB2F5DD98728785302260B10E3A80F 731432 ----a-w- C:\Program Files (x86)\Moborobo\update.exe

2013-03-31 19:08:42 DCFB2F5DD98728785302260B10E3A80F 731432 ----a-w- C:\Program Files (x86)\Moborobo\update\update.exe

2013-03-31 19:08:41 5B9277B9DB672E59B94E81D6D8F98507 76800 ----a-w- C:\Program Files (x86)\Moborobo\Common\Codes\faac.exe

2013-03-31 19:08:40 BEF52BDBC9FDCCE8820E73156EA5BB01 61440 ----a-w- C:\Program Files (x86)\Moborobo\Common\Codes\BeSweet.exe

2013-03-31 19:08:40 93FEA87EA9E64CD6E9EA8617AA2C587E 20904 ----a-w- C:\Program Files (x86)\Moborobo\wavstk.exe

2013-03-31 19:08:40 8026B6B24B4EC9F04A4072D8EE482C69 80680 ----a-w- C:\Program Files (x86)\Moborobo\NoticeWordUpdate.exe

2013-03-31 19:08:38 F7628F488950959E8A94AD599C63575D 71976 ----a-w- C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe

2013-03-31 19:08:38 EB9E6895D2CA548E647B287DD83483BC 752056 ----a-w- C:\Program Files (x86)\Moborobo\MoboroboDeviceNotice.exe

2013-03-31 19:08:38 DD55AB65C45DF5550E4F4F83FFE446C9 116520 ----a-w- C:\Program Files (x86)\Moborobo\iTunesKbHelper.exe

2013-03-31 19:08:38 AB9FF234A263E45B527A9C7D13E14200 81704 ----a-w- C:\Program Files (x86)\Moborobo\Moborobo PC Suite.exe

2013-03-31 19:08:37 C5C7F519BBD1B8999B7BCB25F6B34DAC 485672 ----a-w- C:\Program Files (x86)\Moborobo\Moborobo.exe

2013-03-31 19:08:37 2EF068E0C4E7C2191B727ABFCBB66880 821544 ----a-w- C:\Program Files (x86)\Moborobo\AndroidInterface.exe

2013-03-31 17:59:35 83957520224D1C8441988C5F403A3606 191608 ----a-w- C:\ProgramData\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\91\1\.cp\lib\x64\DriverInstaller.exe

2013-03-31 17:38:33 AF0F4824911C46AE517148051545FC67 84992 ----a-w- C:\Program Files (x86)\Sony\Sony PC Companion\Pexplore.exe

2013-03-31 17:35:21 0011A27DEBC94A4D04D0208381412677 23584360 ----a-w- C:\Program Files (x86)\Sony Media Go Install\B64072D6-3955-4ce6-BB4F-BDA62E58EEA1\sdkupdate.exe

2013-03-31 17:14:10 CD306F302AE7955BCD3347ACB825B373 447152 ----a-w- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

2013-03-31 17:14:10 9C88D70C1F8136452C7C46C3D57DEAD6 106160 ----a-w- C:\Program Files (x86)\Sony\Sony PC Companion\rpshell.exe

2013-03-31 17:14:10 3A4F2C0BB87A0895ABEBA341AA1E341B 155824 ----a-w- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

2013-03-31 17:14:10 14AB31B4F673A3AF348A40B20BB2F587 70832 ----a-w- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

2013-03-31 17:14:09 578CC14A972EBE6B1FAE1A19AF1D3AE8 49152 ----a-w- C:\Program Files (x86)\Sony\Sony PC Companion\AvqBtEnum.exe

=== C: other files ==

2013-04-03 20:44:02 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-31 19:08:52 732C8923749A526AB726D867FC9129AB 13608 ----a-w- C:\Windows\SysWOW64\drivers\MoborobAssDriver64.sys

2013-03-31 19:08:38 732C8923749A526AB726D867FC9129AB 13608 ----a-w- C:\Program Files (x86)\Moborobo\MoboroboAssDriver64.sys

2013-03-31 19:08:38 4F534ACBA8E27AA2F6337D6EFEF173D1 12072 ----a-w- C:\Program Files (x86)\Moborobo\MoboroboAssDriver.sys

2013-03-31 18:00:52 6B503DF845EABF3457E49FBBDA26C10E 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys

2013-03-31 18:00:51 16C2A6BCDDA8952C2035DEC861492A19 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-963788649-3157601562-336401128-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe"

"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AVG9_TRAY"="C:\PROGRA~2\AVG\AVG9\avgtray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acer ePower Management"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe Reader Speed Launcher"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Apoint"

"hkey"="HKLM"

"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeDeluxeAgent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ArcadeDeluxeAgent"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EgisTecLiveUpdate"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Global Registration]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Global Registration"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Acer\\Registration\\GREG.exe\" BOOT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HotKeysCmds"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IAAnotif"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IgfxTray"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LManager"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mwlDaemon"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\EgisTec\\MyWinLocker 3\\x86\\mwlDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroFilterCheck"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Pando Media Booster"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Pando Networks\\Media Booster\\PMB.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Persistence"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PlayMovie"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFSetI]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PLFSetI"

"hkey"="HKLM"

"command"="C:\\Windows\\PLFSetI.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVCpl"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Valve\\Steam\\\\Steam.exe -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="swg"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"

"backup"="C:\\Windows\\pss\\hpoddt01.exe.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "

"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"

"backup"="C:\\Windows\\pss\\Microsoft Office.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\MICROS~1\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/03/2013 08:34]

C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ [undertermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Lies\AppData\Roaming\Mozilla\Firefox\Profiles\r87s9fc7.default

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Lies\AppData\Roaming\Mozilla\Firefox\Profiles\r87s9fc7.default

47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash

E2CCA1B3BA59949AE16EC587E89A09BA - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx[26/07/2012 03:23]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx[20/04/2012 06:18]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-963788649-3157601562-336401128-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

HKEY_USERS\S-1-5-21-963788649-3157601562-336401128-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

==== Deleting CLSID Registry Values ======================

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Public\Desktop\Media Go.lnk - C:\Program Files (x86)\Sony\Media Go\MediaGo.exe

C:\Users\Public\Desktop\Moborobo.lnk - C:\Program Files (x86)\Moborobo\Moborobo.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe Qvo6.com

C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Lies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com

C:\Users\Lies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com

C:\Users\Lies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Moborobo.lnk - C:\Program Files (x86)\Moborobo\Moborobo.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Uninstall Moborobo.lnk - C:\Program Files (x86)\Moborobo\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Media Go\Media Go.lnk - C:\Program Files (x86)\Sony\Media Go\MediaGo.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Verwijderen.lnk - C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp

==== shortcuts in Quick Launch ======================

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe Qvo6.com

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Lies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Lies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Lies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Lies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Lies\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Lies\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Lies\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Lies\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

- - - Updated - - -

Na de heropstart die het logbestand opleverde van zoek.exe en vervolgens het opnieuw openen van Firefox om de log hier op het forum te posten, lijkt het mij al of alles weer normaal is. In ieder geval geen Qvo6 qstartpagina meer!

[kape]

Na de heropstart die het logbestand opleverde van zoek.exe en vervolgens het opnieuw openen van Firefox om de log hier op het forum te posten, lijkt het mij al of alles weer normaal is. In ieder geval geen Qvo6 qstartpagina meer!

Dat klopt inderdaad ... zoek.exe mag je verwijderen van je bureaublad.

Download "Delfix by Xplode"

Start de tool middels dubbelklik.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

[IMPEGA]

Ok, maandagavond ben ik weer thuis om verder te doen.

Nog eens merci ... kheb wel het gevoel dat we er stilaan geraken

[kape]

Ok, maandagavond ben ik weer thuis om verder te doen.

Nog eens merci ... kheb wel het gevoel dat we er stilaan geraken

OK, dan lezen we hier het resultaat wel ;-)

[IMPEGA]

Delfix scane done!

Achteraf krijg ik wel een Adobe Reader bericht:Delfix.txt kan niet worden geopend omdat dit bestandstype niet wordt ondersteund of omdat het bestand is beschadigd (omdat het bv als e-mailbijlage is verzonden en niet correct is gecodeerd

[kape]

Adobe Reader die problemen heeft met een .txt-bestand ... vreemd ? Want dit .txt-bestand open je met kladblok ? Lukt dat niet ?

[IMPEGA]

Na het scannen opent zich automatisch adobe reader met bovenstaand bericht.

Ik heb niet de kans om het via kladblok te openen

- - - Updated - - -

txt is opgelost.

Er is ergens een verkeerde koppeling ontstaan met txt file.

# DelFix v10.2 - Logfile created 08/04/2013 at 18:29:15

# Updated 02/04/2013 by Xplode

# Username : Lies - LIES-PC

~ Removing disinfection tools ...

~ Cleaning system restore ...

Deleted : RP #301 [End of disinfection | 04/08/2013 16:24:32]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

[kape]

Ziet er netjes uit ... mag je enkel nog de restjes opruimen:

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.