Probleem Monstermarketplace

[Aquaman]

Mijn partner heeft op haar pc last van dit fenomeen: MonsterMarketPlace

Hoe help ik haar daarvan af?

Graag snel een oplossing, dankjewel

[Jean-Pierre]

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

De download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere PC en het bestand met een USB-stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Dit kan je HIER doen.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden.

---

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

---

3. Na het plaatsen van je logje wordt dit door een expert nagekeken en hij begeleidt jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

[Aquaman]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:53:10, on 23/07/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Luce\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Stickies\stickies.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Certified-Toolbar Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Certified-Toolbar Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll

R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll

O3 - Toolbar: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [F.lux] "C:\Users\Luce\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')

O4 - Startup: Dropbox.lnk = Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html

O8 - Extra context menu item: Toevoegen aan Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files\SimilarWeb\SimilarWeb.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.employee-access.fortis.com/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--

End of file - 16085 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Certified-Toolbar Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Certified-Toolbar Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll

O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll

O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll

O4 - HKCU\..\Run: [F.lux] "C:\Users\Luce\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe"

O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')

O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Klik vervolgens op Verwijderen.
  
• Klik bij AdwCleaner – Informatie op OK
  
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
  

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht, samen met een nieuw logje van HijackThis.

[Aquaman]

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:52:15

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Luce - LUCE-PC

# Boot Mode : Normal

# Running from : C:\Users\Luce\Downloads\adwcleaner(1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml

File Deleted : C:\Program Files\mozilla firefox\searchplugins\Web Search.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sztsgv0g.default\searchplugins\Web Search.xml

File Deleted : C:\Users\Bart & Leen\AppData\Roaming\Mozilla\Firefox\Profiles\96kg30ij.default\searchplugins\Web Search.xml

File Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\searchplugins\Web Search.xml

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\continuetosave

Folder Deleted : C:\Program Files\DealPly

Folder Deleted : C:\Program Files\FreeRIP

Folder Deleted : C:\Program Files\FunWebProducts

Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Program Files\MyScrapNook_12

Folder Deleted : C:\Program Files\MyWebSearch

Folder Deleted : C:\Program Files\SimilarSites

Folder Deleted : C:\Program Files\SingAlong

Folder Deleted : C:\Program Files\TornTV.com

Folder Deleted : C:\Program Files\WebSearch

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\coNtinuuetosave

Folder Deleted : C:\ProgramData\FreeRIP

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coNtinuuetosave

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe Saave

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Searchh-NewwTab

Folder Deleted : C:\ProgramData\safe Saave

Folder Deleted : C:\ProgramData\Searchh-NewwTab

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sztsgv0g.default\extensions\12ffxtbr@MyScrapNook_12.com

Folder Deleted : C:\Users\Bart & Leen\AppData\LocalLow\Bandoo

Folder Deleted : C:\Users\Bart & Leen\AppData\LocalLow\MyScrapNook_12

Folder Deleted : C:\Users\Bart & Leen\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Bart & Leen\AppData\Roaming\Bandoo

Folder Deleted : C:\Users\Bart & Leen\AppData\Roaming\Mozilla\Firefox\Profiles\96kg30ij.default\extensions\12ffxtbr@MyScrapNook_12.com

Folder Deleted : C:\Users\Luce\AppData\Local\Babylon

Folder Deleted : C:\Users\Luce\AppData\Local\Conduit

Folder Deleted : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbhjckenkljnlhmgajgemiofdjaimac

Folder Deleted : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Extensions\keenikhmdmiojiplippboobhdhcjlpph

Folder Deleted : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfioajkdjpmjppobphackojlflgalfbe

Folder Deleted : C:\Users\Luce\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Luce\AppData\Local\iMesh

Folder Deleted : C:\Users\Luce\AppData\Local\MyScrapNook_12

Folder Deleted : C:\Users\Luce\AppData\Local\PackageAware

Folder Deleted : C:\Users\Luce\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Luce\AppData\LocalLow\Bandoo

Folder Deleted : C:\Users\Luce\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Luce\AppData\LocalLow\coNtinuuetosave

Folder Deleted : C:\Users\Luce\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Luce\AppData\LocalLow\MyScrapNook_12

Folder Deleted : C:\Users\Luce\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\Luce\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Luce\AppData\LocalLow\safe Saave

Folder Deleted : C:\Users\Luce\AppData\LocalLow\Searchh-NewwTab

Folder Deleted : C:\Users\Luce\AppData\LocalLow\searchquband

Folder Deleted : C:\Users\Luce\AppData\LocalLow\SimplyTech

Folder Deleted : C:\Users\Luce\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Luce\AppData\Roaming\Bandoo

Folder Deleted : C:\Users\Luce\AppData\Roaming\ExpressFiles

Folder Deleted : C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\extensions\12ffxtbr@MyScrapNook_12.com

Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\fjv0aa@hbxzfyf.org

Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\oyiiagw5hxrz@htbie.co.uk

Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\rude5@eyiaini.com

Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\jetpack

Folder Deleted : C:\Users\Luce\AppData\Roaming\NCdownloader

Folder Deleted : C:\Users\Luce\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Luce\AppData\Roaming\SimilarSites

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\contin~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\ExpressFiles

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Imesh

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77769D93-C606-2855-121F-988EF6B93401}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B8007C11-6C11-6EAF-15D8-309768F2942C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBC82358-891D-AF9A-B1CC-1E5FDD31DE9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77769D93-C606-2855-121F-988EF6B93401}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8007C11-6C11-6EAF-15D8-309768F2942C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBC82358-891D-AF9A-B1CC-1E5FDD31DE9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F}

Key Deleted : HKCU\Software\MyWebSearch

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Bandoo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214754E-4E7D-4589-829D-E2523E6A3085}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77769D93-C606-2855-121F-988EF6B93401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8007C11-6C11-6EAF-15D8-309768F2942C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBC82358-891D-AF9A-B1CC-1E5FDD31DE9F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE6F06FB-0FC0-4499-828F-EE48088F504F}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849859

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\ExpressFiles

Key Deleted : HKLM\Software\FocusInteractive

Key Deleted : HKLM\Software\Fun Web Products

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Key Deleted : HKLM\Software\MyWebSearch

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=44393&st=bs&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q=%s --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=44393&st=bs&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q=%s --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=588773379&lg=EN&cc=BE --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (nl)

File : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\prefs.js

C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\user.js ... Deleted !

Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts[...]

Deleted : user_pref("browser.search.defaultenginename", "Web Search");

Deleted : user_pref("browser.search.defaultengine", "Web Search");

Deleted : user_pref("browser.search.selectedEngine", "Web Search");

Deleted : user_pref("browser.search.order.1", "Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786[...]

Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...]

File : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\prefs.js

C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...]

Deleted : user_pref("browser.search.defaultengine", "Web Search");

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=5[...]

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("extensions.519716e27a9c8.scode", "if(window.top==window.self){new function(){if(!document[...]

Deleted : user_pref("extensions.5197170f8c5f3.scode", "if (window.self.location.protocol.indexOf('hxxp') > -1 [...]

Deleted : user_pref("extensions.51bdbb6e3fa15.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...]

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 22);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BE");

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "533B4F3A551BAC473688AFC1AC38DBD7");

Deleted : user_pref("extensions.BabylonToolbar.lastActv", "22");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 22);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.30.021:00:44");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 60509069);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=588773379&lg=EN[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

File : C:\Users\Bart & Leen\AppData\Roaming\Mozilla\Firefox\Profiles\96kg30ij.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.2.0.3");

Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...]

Deleted : user_pref("browser.search.defaultengine", "Web Search");

Deleted : user_pref("browser.search.defaultenginename", "Web Search");

Deleted : user_pref("browser.search.order.1", "Web Search");

Deleted : user_pref("browser.search.selectedEngine", "Web Search");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 16);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BE");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "6BD884D4615D094FF87CA8E7BA4E78F8");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);

Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=100512[...]

Deleted : user_pref("extensions.BabylonToolbar.lastActv", "5");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 16);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "18.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 96913476);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sztsgv0g.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Web Search");

Deleted : user_pref("browser.search.defaultengine", "Web Search");

Deleted : user_pref("browser.search.selectedEngine", "Web Search");

Deleted : user_pref("browser.search.order.1", "Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786[...]

Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...]

Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.407] : homepage = "hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=588773379&lg=EN&cc=BE",

File : C:\Users\Bart & Leen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : homepage ={"plugins":{"plugins_list":[{"name":"Chrome PDF Viewer", "version":"", "path":"C:\\Program Files\\Go[...]

*************************

AdwCleaner[R1].txt - [36660 octets] - [22/07/2013 19:38:19]

AdwCleaner[R2].txt - [35169 octets] - [23/07/2013 11:50:55]

AdwCleaner[s1].txt - [30849 octets] - [23/07/2013 11:52:15]

########## EOF - C:\AdwCleaner[s1].txt - [30910 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:58:59, on 23/07/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Stickies\stickies.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')

O4 - Startup: Dropbox.lnk = Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html

O8 - Extra context menu item: Toevoegen aan Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files\SimilarWeb\SimilarWeb.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.employee-access.fortis.com/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--

End of file - 12372 bytes

[kape]

AdwCleaner heeft een berg rotzooi van deze PC gehaald en logje HijackThis ziet er al veel beter uit. Krijg je nu nog meldingen van MonsterMarketPlace ?

[Aquaman]

AdwCleaner heeft een berg rotzooi van deze PC gehaald en logje HijackThis ziet er al veel beter uit. Krijg je nu nog meldingen van MonsterMarketPlace ?

Ja, op dat vlak is er, jammer genoeg, nog geen verbetering.

[kape]

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  
• Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  
• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  
• Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  
• Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  
• Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  
• Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
  

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.
  

[Aquaman]

Beste Kape,

hier dan het logbestand.

Gisteren heb ik problemen gehad om te printen, ik heb de printer moeten herinstalleren. Komt dit door de handelingen die uitgevoerd werden of is dit toeval?

ComboFix 13-07-23.01 - Luce 24/07/2013 8:08.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2038.534 [GMT 2:00]

Gestart vanuit: c:\users\Luce\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bart & Leen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86956BC0-87EA-4350-9E52-0A6E8E0BDE84}.xps

c:\users\Bart & Leen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4658C55-73EA-4440-8D4D-95A2F4A0465C}.xps

c:\windows\IsUn0413.exe

c:\windows\system32\X86

c:\windows\tmp

c:\windows\tmp\dd_vcredistMSI5DC8.txt

c:\windows\tmp\dd_vcredistUI5DC8.txt

c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile

K:\install.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-24 to 2013-07-24 ))))))))))))))))))))))))))))))

.

.

2013-07-24 06:17 . 2013-07-24 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-24 06:17 . 2013-07-24 06:17 -------- d-----w- c:\users\Bart & Leen\AppData\Local\temp

2013-07-24 06:17 . 2013-07-24 06:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-07-24 05:43 . 2013-07-24 05:43 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{849688D2-5F20-46EC-8DEB-95EA3A15CBB2}\offreg.dll

2013-07-24 05:18 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{849688D2-5F20-46EC-8DEB-95EA3A15CBB2}\mpengine.dll

2013-07-23 21:01 . 2013-05-08 05:07 1571160 ------w- c:\windows\TotalUninstaller.exe

2013-07-23 21:01 . 2013-07-23 21:01 -------- d-----w- c:\program files\Samsung

2013-07-23 08:40 . 2013-07-23 08:40 388096 ----a-r- c:\users\Luce\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-23 08:40 . 2013-07-23 08:40 -------- d-----w- c:\program files\Trend Micro

2013-07-22 20:58 . 2013-07-22 20:58 -------- d-----w- c:\users\Bart & Leen\AppData\Local\Microsoft Help

2013-07-13 21:34 . 2013-07-13 21:37 -------- d-----w- c:\windows\system32\MRT

2013-07-12 04:51 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-12 04:51 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-12 04:51 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-12 04:51 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-12 04:51 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-12 04:51 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-12 04:51 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-12 04:51 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-12 04:51 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-12 04:51 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-12 04:51 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-11 09:14 . 2013-07-11 09:20 -------- d-----w- c:\users\Bart & Leen\AppData\Roaming\vlc

2013-07-10 16:34 . 2013-07-16 14:35 -------- d-----w- c:\program files\LyricsSpeaker

2013-07-03 21:08 . 2013-07-03 21:12 -------- d-----r- c:\users\Luce\Copy

2013-07-03 21:07 . 2013-07-04 18:04 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-07-03 21:05 . 2013-07-23 09:37 -------- d-----w- c:\users\Luce\AppData\Roaming\Copy

2013-06-25 17:11 . 2013-06-26 16:36 -------- d-----w- c:\program files\Mozilla Thunderbird

2013-06-25 16:22 . 2013-06-25 16:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-22 16:26 . 2012-04-03 16:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-22 16:26 . 2011-05-19 17:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-27 19:22 . 2013-03-16 13:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-27 19:22 . 2012-05-28 10:45 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-27 19:22 . 2010-05-03 19:10 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-25 16:22 . 2012-05-22 19:06 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-06-25 16:22 . 2012-01-31 11:21 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-21 11:32 . 2013-06-21 11:32 212600 ----a-w- c:\windows\system32\SBuySupplies.exe

2013-06-21 11:32 . 2013-04-25 08:30 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst6cpc.dll

2013-05-13 04:45 . 2013-06-13 16:47 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45 . 2013-06-13 16:47 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45 . 2013-06-13 16:47 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-13 16:47 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-13 16:47 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 18:37 . 2010-04-17 17:38 249856 ------w- c:\windows\Setup1.exe

2013-05-10 18:37 . 2010-04-17 17:38 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-05-10 03:20 . 2013-06-13 16:46 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-09 08:59 . 2013-03-16 13:27 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59 . 2012-05-28 10:45 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59 . 2010-05-03 19:10 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-09 08:59 . 2010-05-03 19:10 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:59 . 2010-05-03 19:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-09 08:58 . 2010-06-29 15:24 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 08:58 . 2010-05-03 19:10 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-09 07:12 . 2012-06-19 19:08 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-08 05:38 . 2013-06-13 16:46 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06 . 2013-06-13 16:46 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06 . 2013-06-13 16:46 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-06 00:48 . 2013-05-11 13:33 17408 ----a-w- c:\windows\Launcher.exe

2013-05-02 00:06 . 2009-11-28 15:37 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-26 04:55 . 2013-06-13 16:46 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-04-25 23:30 . 2013-06-13 16:47 1505280 ----a-w- c:\windows\system32\d3d11.dll

.

<pre>
c:\program files\IQNotes\Uninst_iQ-Notes .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]

@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"

[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]

@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"

[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]

@="{F6378A7A-F753-449B-AE1B-997A96132E61}"

[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]

@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"

[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]

@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"

[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]

@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"

[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]

@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"

[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]

@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"

[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]

2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="c:\users\Luce\AppData\Roaming\Copy\CopyAgent.exe" [2013-07-17 13267600]

.

c:\users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-1-10 1078624]

Stickies.lnk - c:\program files\Stickies\stickies.exe [2013-3-27 1134592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Luce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=c:\users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 01:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2011-05-23 11:36 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belkin Storage Manager]

c:\program files\Belkin Storage Manager\StorageManager.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

2012-07-12 08:14 138096 ----atw- c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-02-27 11:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite]

2009-10-01 06:36 3144736 ----a-w- c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT]

c:\program files\AVG Secure Search\ROC_ROC_NT.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12]

c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

c:\windows\vsnpstd.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Suite]

2009-10-01 06:36 3144736 ----a-w- c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

.

R1 MpKsl148f2eef;MpKsl148f2eef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85DBA74C-6511-4122-AA75-2EEDAF3A76DC}\MpKsl148f2eef.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-12-15 37632]

R3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [2012-08-11 24880]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2013-02-22 134144]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 MyScrapNook_12Service;My Scrap NookService;c:\progra~1\MYSCRA~2\bar\1.bin\12barsvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 66776]

S1 NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899);c:\windows\system32\Drivers\NEOFLTR_700_16899.SYS [2010-10-23 84336]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-08-10 5120]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:26]

.

2013-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3323627426-1777380327-1123927095-1001Core.job

- c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 08:14]

.

2013-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3323627426-1777380327-1123927095-1001UA.job

- c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 08:14]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com

IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Nieuwe notitie - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: Toevoegen aan Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html

Trusted Zone: fortis.com\PC Helpforum - Gratis hulp bij computer problemen

TCP: DhcpNameServer = 195.130.131.1 195.130.130.129

FF - ProfilePath - c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?pli=1&gsessionid=6vVdNTGRbIVUtlBQx_9RsQ|iGoogle

FF - ExtSQL: 2013-06-01 09:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-07-08 22:46; lspeaker@lyricsspeaker.net; c:\program files\LyricsSpeaker\120.xpi

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

c:\users\Bart & Leen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr

AddRemove-AND Route 2000 Benelux - c:\windows\IsUn0413.exe

AddRemove-SP_09b71135 - c:\program files\ContinueToSave\uninstall.exe

AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe

AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-07-24 08:19:55

ComboFix-quarantined-files.txt 2013-07-24 06:19

.

Pre-Run: 86.782.849.024 bytes beschikbaar

Post-Run: 86.514.913.280 bytes beschikbaar

.

- - End Of File - - 281C7AB4E24F69169C480BDBFA6763CC

A36C5E4F47E84449FF07ED3517B43A31

[kape]

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
 Folder::
 c:\program files\LyricsSpeaker
 c:\program files\ContinueToSave
 c:\program files\WebSearch
 c:\program files\Common Files\DVDVideoSoft

 Renv::
 c:\program files\IQNotes\Uninst_iQ-Notes .exe

 Firefox::
 FF - ProfilePath - c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\
 FF - ExtSQL: 2013-07-08 22:46; lspeaker@lyricsspeaker.net; c:\program files\LyricsSpeaker\120.xpi

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.