Betaalde Google-links werken niet meer

Anna123 · 21 juli 2013

Ik vermoed althans dat er een virus oid op mijn computer zit, hoewel diverse antivirusprogramma's niets vinden.

Het geval is als volgt:

Als ik in Google bovenaan op een betaalde link klik, verschijnt niet de link die ik verwacht maar een heel andere. Klik ik bijvoorbeeld op Fietskarretje.nl (bovenaan dus, in het roze vlak in Google), dan duurt het even en verschijnt er een willekeurige links zoals: tekopenzakken.com. En na een tweede keer klikken verschijnt reistvandaag.com, met reizen naar Maleisië.

Nu valt dit nog mee, want hiervoor werkte andere links in Google ook niet, nu dus alleen de betaalde. Overigens kon ik Microsoft Essentials al enige tijd niet meer openen. Tenminste, het programma verscheen wel een paar seconden, maar werd dan meteen gesloten. Toen heb ik het verwijderd en een andere antivirusprogramma geïnstalleerd (Avira). Wel vreemd, lijkt me, want het werkte altijd goed.

Iemand die dit herkent?

jahewi · 21 juli 2013

Hoi Anna123,

Welkom op PC-Helpforum.

Ik zal je graag helpen met je probleem.

Voer de volgende instrukties uit om mij wat meer inzicht te geven over wat er gaande is op je computer:

1. Download HijackThis. (klik er op)

De download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere PC en het bestand met een USB-stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Dit kan je HIER doen.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

sukses,

jahewi

22 juli 2013 aangepast door kape
DDS vervangen door HJT

Anna123 · 22 juli 2013

Dank! Ik zal dit binnenkort doen en de uitslag hier plaatsen.

Anna123 · 22 juli 2013

Hierbij dan, ben benieuwd:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:06:51, on 22-7-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\MailWasher\MailWasher.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: MailWasher.lnk = C:\Program Files (x86)\MailWasher\MailWasher.exe

O4 - Startup: Windows Live Mail.lnk = C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Ask-updateservice (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10878 bytes

jahewi · 22 juli 2013

Hoi Anna123,

We gaan eens even je computer scannen en eventueel aanwezige malware verwijderen.

Deel 1:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Deel 2:

Download AdwCleaner by Xplode naar het bureaublad.

Sluit alle openstaande vensters.
Dubbelklik op AdwCleaner om hem te starten.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht.

Deel 3:

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.

Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
emptyclsid;
autoclean;
standardsearch;

Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.

sukses,

jahewi

Anna123 · 23 juli 2013

Hier de log van deel 2

# AdwCleaner v2.306 - Verslag gemaakt op 23/07/2013 om 22:29:31

# Geactualiseerd op 19/07/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Anna - ANNA-PC

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Anna\Downloads\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

Gestopt & Verwijdert : APNMCP

***** [Files / Mappen] *****

File Verwijderd : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Verwijderd : C:\user.js

Map Verwijderd : C:\Program Files (x86)\AskPartnerNetwork

Map Verwijderd : C:\Program Files (x86)\AVG Secure Search

Map Verwijderd : C:\Program Files (x86)\Wondershare

Map Verwijderd : C:\ProgramData\APN

Map Verwijderd : C:\ProgramData\AskPartnerNetwork

Map Verwijderd : C:\ProgramData\Babylon

Map Verwijderd : C:\Users\Anna\AppData\Local\PackageAware

Map Verwijderd : C:\Users\Anna\AppData\Local\Temp\APN

Map Verwijderd : C:\Users\Anna\AppData\Roaming\Babylon

Map Verwijderd : C:\Users\Anna\AppData\Roaming\pdfforge

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\AskPartnerNetwork

Sleutel Verwijderd : HKCU\Software\InstallCore

Sleutel Verwijderd : HKCU\Software\Softonic

Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Verwijderd : HKLM\Software\AskPartnerNetwork

Sleutel Verwijderd : HKLM\Software\AVG Secure Search

Sleutel Verwijderd : HKLM\Software\AVG Security Toolbar

Sleutel Verwijderd : HKLM\Software\Babylon

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Verwijderd : HKLM\Software\systweak

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v22.0 (nl)

File : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\prefs.js

C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\user.js ... Verwijderd !

Verwijderd : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Verwijderd : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110819&tt=010712_4&babsrc=NT_ss&mn[...]

Verwijderd : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Verwijderd : user_pref("browser.search.order.1", "Search the web (Babylon)");

Verwijderd : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Verwijderd : user_pref("extensions.BabylonToolbar_i.babExt", "");

Verwijderd : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=010712_4");

Verwijderd : user_pref("extensions.BabylonToolbar_i.hardId", "fc941c4d000000000000bcaec5cf00f8");

Verwijderd : user_pref("extensions.BabylonToolbar_i.id", "fc941c4d000000000000bcaec5cf00f8");

Verwijderd : user_pref("extensions.BabylonToolbar_i.instlDay", "15527");

Verwijderd : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Verwijderd : user_pref("extensions.BabylonToolbar_i.newTab", true);

Verwijderd : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=01071[...]

Verwijderd : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Verwijderd : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Verwijderd : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Verwijderd : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Verwijderd : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Verwijderd : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Verwijderd : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:16:21");

Verwijderd : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Verwijderd : user_pref("extensions.speeddial.thumbnail-13-url", "hxxps://mail.google.com/mail/?shva=1#inbox");

*************************

AdwCleaner[s1].txt - [5788 octets] - [23/07/2013 22:29:31]

########## EOF - C:\AdwCleaner[s1].txt - [5848 octets] ##########

Anna123 · 23 juli 2013

En hier de log van stap 3. Alvast superbedankt voor de hulp!

Zoek.exe Version 4.0.0.4 Updated 21-07-2013

Tool run by Anna on di 23-07-2013 at 22:43:06,36.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Anna\Downloads\zoek(1).exe [script inserted]

==== System Restore Info ======================

23-7-2013 22:44:50 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2221459908-2000885377-2527166229-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully

HKEY_USERS\S-1-5-21-2221459908-2000885377-2527166229-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

C:\Users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\MailWasher\MailWasher.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Anna\Downloads\zoek.exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default

user.js not found

---- Lines ask.com removed from prefs.js ----

---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1372849176110,\"rdfTime\":1372849175960}}},{\"name\":\"app-profile\",\"addons\":{\"DeviceDetection@logitech.com\":{\"descriptor\":\"C:\\\\Users\\\\Anna\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m1z2n0dk.default\\\\extensions\\\\DeviceDetection@logitech.com\",\"mtime\":1337421789134,\"rdfTime\":1326822666000},\"toolbar_AVIRA-V7@apn.ask.com\":{\"descriptor\":\"C:\\\\Users\\\\Anna\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m1z2n0dk.default\\\\extensions\\\\toolbar_AVIRA-V7@apn.ask.com.xpi\",\"mtime\":1372804929061},\"{64161300-e22b-11db-8314-0800200c9a66}\":{\"descriptor\":\"C:\\\\Users\\\\Anna\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m1z2n0dk.default\\\\extensions\\\\{64161300-e22b-11db-8314-0800200c9a66}.xpi\",\"mtime\":1370509965016}}}]");

---- FireFox user.js and prefs.js backups ----

prefs_23-07-2013_2246_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi" deleted

"C:\Users\Anna\Downloads\SoftonicDownloader_voor_google-earth.exe" deleted

"C:\Users\Anna\Downloads\SoftonicDownloader_voor_irfanview(1).exe" deleted

"C:\Users\Anna\Downloads\SoftonicDownloader_voor_irfanview.exe" deleted

"C:\Windows\Syswow64\SETD8A6.tmp" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 8174 MB

CPU Info: Intel® Core i7-2600K CPU @ 3.40GHz

CPU Speed: 3497,3 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Realtek Digital Output (Realtek |

Realtek Digital Output(Optical) |

Display Adapters: NVIDIA GeForce GT 440 | NVIDIA GeForce GT 440 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1280 X 1024 - 32 bit

Network: Network Present

Network Adapters: Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (G: | ) G: Optiarc DVD RW AD-5260S

Ports: COM1 LPT1

Mouse: 4 Button Wheel Mouse Present

Hard Disks: C: 130,9GB | D: 465,8GB | E: 100,0MB | F: 102,0GB | H: 55,8GB

Hard Disks - Free: C: 85,7GB | D: 376,1GB | E: 70,4MB | F: 23,4GB | H: 22,7GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009

Time Zone: West-Europa (standaardtijd)

Motherboard *: ASUSTeK Computer INC. P8P67-M

Internet Explorer Version: 10.0.9200.16635

Sun Java version: No Java Installed?

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Anna\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-07-11 20:37:07 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-07-11 20:37:07 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-07-11 20:37:06 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-07-11 20:37:06 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-07-11 20:37:05 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-07-11 20:37:05 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-07-11 20:37:05 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-11 20:37:04 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-07-11 20:37:04 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-07-11 20:37:03 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-07-11 20:37:03 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-07-11 20:37:01 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-07-11 20:37:01 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-07-11 20:37:00 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-07-11 20:36:57 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-07-11 13:04:35 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2013-07-11 13:04:35 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-11 13:04:11 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-07-11 20:37:07 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-07-11 20:37:06 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-07-11 20:37:06 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-07-11 20:37:06 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-07-11 20:37:05 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-07-11 20:37:05 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-07-11 20:37:05 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-07-11 20:37:05 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-07-11 20:37:04 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-07-11 20:37:04 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-07-11 20:37:03 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-07-11 20:37:02 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-07-11 20:37:02 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-07-11 20:37:01 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-07-11 20:36:59 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-07-11 20:36:58 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-07-11 13:04:36 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL

2013-07-11 13:04:35 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2013-07-11 13:04:29 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-07-11 13:04:11 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll

====== C:\Windows\Sysnative\drivers =====

2013-07-21 14:35:44 4E6D26B796767B1CD7015005B0522746 83672 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys

2013-07-21 08:30:18 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\Sysnative\drivers\avkmgr.sys

2013-07-21 08:30:18 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\Sysnative\drivers\avipbb.sys

2013-07-21 08:30:18 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\Sysnative\drivers\avgntflt.sys

2013-07-06 07:43:39 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum

2013-07-06 07:43:39 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum

2013-07-06 07:43:39 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum

====== C:\Windows\Tasks ======

2013-07-04 14:00:27 67256E44BE1EE091711E3E88621F1485 304 ----a-w- C:\Windows\Tasks\tqkrz.job

2013-07-04 14:00:27 5B8CA095E73DC0818DD93645C4AA7158 2584 ----a-w- C:\Windows\Sysnative\Tasks\tqkrz

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

2013-07-22 10:05:39 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-21 08:30:18 -------- d-----w- C:\Program Files (x86)\Avira

2013-07-06 07:22:31 -------- d-----w- C:\Program Files (x86)\AVG

======= C: =====

2013-07-23 20:29:31 906A0A2D2C2C9287F604B37C256EB30C 5887 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\Anna\AppData\Roaming ======

2013-07-21 08:32:28 -------- d-----w- C:\users\Anna\AppData\Roaming\Avira

2013-07-12 20:40:01 E2AC7544663E8398382BC2610863485C 825328 ----a-w- C:\users\Anna\AppData\Local\census.cache

2013-07-12 20:39:54 66A5732778820900A03BB38D4A59F76D 107815 ----a-w- C:\users\Anna\AppData\Local\ars.cache

2013-07-12 20:31:11 05B591F8FE42B957A4A9871DBCA1FE72 36 ----a-w- C:\users\Anna\AppData\Local\housecall.guid.cache

2013-07-06 07:20:01 -------- d-----w- C:\users\Anna\AppData\Local\MFAData

2013-07-06 07:20:01 -------- d-----w- C:\users\Anna\AppData\Local\Avg2013

====== C:\Users\Anna ======

2013-07-23 20:29:16 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Users\Anna\Downloads\adwcleaner.exe

2013-07-21 08:30:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2013-07-21 08:30:18 -------- d-----w- C:\ProgramData\Avira

2013-07-21 08:20:23 4754539F6D178B84DE28DBCBE7CDA23A 2092792 ----a-w- C:\Users\Anna\Downloads\avira_free_antivirus.exe

2013-07-12 20:31:00 1FBB338FD54A8E1697488658705BAE05 2406064 ----a-w- C:\Users\Anna\Downloads\HousecallLauncher64.exe

2013-07-12 20:23:51 D91FE85477A1FB1933AAAF340ACEE250 3510056 ----a-w- C:\Users\Anna\Downloads\hitmanpro.exe

2013-07-06 07:22:41 -------- d-----w- C:\ProgramData\AVG2013

2013-07-06 07:20:01 -------- d--h--w- C:\ProgramData\Common Files

2013-07-06 07:20:01 -------- d-----w- C:\ProgramData\MFAData

====== C: exe-files ==

2013-07-23 20:29:16 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Users\Anna\Downloads\adwcleaner.exe

2013-07-21 08:30:19 F4848A6610D89E885E4BCAF5B8C080B3 145464 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe

2013-07-21 08:30:19 F14001B45938D45F771CA18B0FDDF549 44088 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe

2013-07-21 08:30:19 E22BA275B96AEAE292548E334D93CB79 598584 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe

2013-07-21 08:30:18 FBE44C10D00C07A364DA98D0CC2FA8F8 284728 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe

2013-07-21 08:30:18 F20D248B2F34E3A4F80D087CFCCEC821 634936 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

2013-07-21 08:30:18 F02806D9B6E13BF3836DC140A3F2DD45 89144 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe

2013-07-21 08:30:18 E4846A00FA436E9128E74E7F1AA85FE8 55352 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe

2013-07-21 08:30:18 E45891A40C75F193937EA282776399E1 95816 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe

2013-07-21 08:30:18 DF92C3C7713D1034DDC8ABC9983FE412 245304 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

2013-07-21 08:30:18 DC529D0BB04C8E7A6D6660370C1EC3B8 81976 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe

2013-07-21 08:30:18 DAF4D673DB35BF6109A594C721EB5B8A 431672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe

2013-07-21 08:30:18 D4992F43340344D337DC5ADE1CE0863A 345144 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

2013-07-21 08:30:18 CB0DB76C19AD2FBAD5BF36E3DBEE8ADB 589368 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

2013-07-21 08:30:18 AE88282D08916C00A324F6A269924EA9 1291696 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe

2013-07-21 08:30:18 8EB0742F483DC37E767DD8F6144A3214 111160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe

2013-07-21 08:30:18 805265080FC624C96FEC23C1D3E571AD 504424 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe

2013-07-21 08:30:18 7420E10AB539071688C64ADE437886BA 167992 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe

2013-07-21 08:30:18 5FA26A9283BE1F745FC130963DCD4DFD 775736 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe

2013-07-21 08:30:18 52377C29474DEF48E09AD5B221BE59DC 231480 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe

2013-07-21 08:30:18 4B21D5FE2E5A9F3A8452CCA65FABBBB5 328760 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

2013-07-21 08:30:18 4A66ECADEF725017025045A29FC04C85 84024 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

2013-07-21 08:30:18 2879D808D87DF9A77D184D9E1861BF40 122424 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe

2013-07-21 08:30:18 1AD30E14619BB09D7FDBE75737F9EE88 108088 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

2013-07-21 08:30:18 189FABFC424E9CA5628BAA9A76A145CF 179256 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe

2013-07-21 08:30:18 166488F973188B49AC74737ACC8E9769 811064 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

2013-07-21 08:30:18 1535A7798D042ABEA4546CD0F5FBA885 133176 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe

2013-07-21 08:30:18 150B00FDF887103D4E5BE5D7BCEBA693 455224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe

2013-07-21 08:20:23 4754539F6D178B84DE28DBCBE7CDA23A 2092792 ----a-w- C:\Users\Anna\Downloads\avira_free_antivirus.exe

=== C: other files ==

2013-07-21 14:35:44 4E6D26B796767B1CD7015005B0522746 83672 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2013-07-21 08:30:19 53A58B057A8C5A4622EAD625C773DAE3 100384 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip

2013-07-21 08:30:18 4E6D26B796767B1CD7015005B0522746 83672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys

2013-07-21 08:30:18 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-07-21 08:30:18 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys

2013-07-21 08:30:18 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\System32\drivers\avipbb.sys

2013-07-21 08:30:18 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys

2013-07-21 08:30:18 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-07-21 08:30:18 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2221459908-2000885377-2527166229-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

==== Startup Folders ======================

2011-09-25 20:36:09 1010 ----a-w- C:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-05-20 07:47:03 985 ----a-w- C:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk

2013-06-12 18:16:18 1458 ----a-w- C:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-07-2013 23:07]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-04-2012 10:44]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-04-2012 10:44]

C:\Windows\tasks\tqkrz.job --a------ C:6C:\Windows\system32\rundll32C:\Windows\SysWOW64\msfeedsl.dll []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default

- Logitech - %ProfilePath%\extensions\DeviceDetection@logitech.com

- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default

0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash

15D2058BEB13C1805C00F6AC9B812A0D - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\m1z2n0dk.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll - Logitech Device Detection

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aaaaacalgebmfelllfiaoknifldpngjh - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://google.nl/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://google.nl/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{9883F870-BEE1-4049-AC9D-46D7CD1B6D38} Yahoo//nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh deleted successfully

==== HijackThis Entries ======================