Hijackthis log-file wegens politievirus

whoopy1970 · 27 juni 2013

Hallo

hierbij mijn log, kan iemand me verder helpen ?

Alvast bedankt

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 6:48:36, on 27/06/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

FIREFOX: 21.0 (en-US)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe

C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Ellen\AppData\Roaming\BrowserCompanion\tcbhn.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Windows\syswow64\svchost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Users\Nick\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628065641.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-889363557-2036165539-3501339599-1004\..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (User 'Nick')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Dropbox.lnk = Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: tcbhn.lnk = Ellen\AppData\Roaming\BrowserCompanion\tcbhn.exe

O4 - Global Startup: Update-agent.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 21394 bytes

kape · 27 juni 2013

Er is véél meer aan de hand op deze PC, dan enkel het politievirus. Werk aan de winkel dus ;-)

Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop "Updater Service for StartNow Toolbar" en druk op Enter.

Tik in: sc delete "Updater Service for StartNow Toolbar" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PRGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe

O4 - HKUS\S-1-5-21-889363557-2036165539-3501339599-1004\..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (User 'Nick')

O4 - Startup: tcbhn.lnk = Ellen\AppData\Roaming\BrowserCompanion\tcbhn.exe

O4 - Global Startup: Update-agent.lnk = ?

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Verwijder Ask Toolbar of Ask.com via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files (x86)\Ask.com

Download AdwCleaner by Xplode naar het bureaublad.

Sluit alle openstaande vensters.
Dubbelklik op AdwCleaner om hem te starten.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht, samen met een nieuw logje van HijackThis.

whoopy1970 · 27 juni 2013

Hallo

Bedankt voor de hulp tot nu toe alvast.

Hieronder de adcleaner log.

HijackThis maakt een lege log-file ?

# AdwCleaner v2.303 - Verslag gemaakt op 27/06/2013 om 09:52:43

# Geactualiseerd op 08/06/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Ellen - ELLEN-LAPTOP

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Ellen\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijderd : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Verwijderd : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

File Verwijderd : C:\user.js

File Verwijderd : C:\Users\Ellen\AppData\Local\Temp\Searchqu.ini

File Verwijderd : C:\Users\Ellen\AppData\Local\Temp\searchqutoolbar-manifest.xml

File Verwijderd : C:\Users\Ellen\AppData\Local\Temp\SetupDataMngr_Searchqu.exe

File Verwijderd : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

Map Verwijderd : C:\Program Files (x86)\AVG Secure Search

Map Verwijderd : C:\Program Files (x86)\DealPly

Map Verwijderd : C:\Program Files (x86)\Searchqu Toolbar

Map Verwijderd : C:\ProgramData\Ask

Map Verwijderd : C:\ProgramData\AVG Secure Search

Map Verwijderd : C:\ProgramData\Babylon

Map Verwijderd : C:\ProgramData\boost_interprocess

Map Verwijderd : C:\ProgramData\InstallMate

Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Map Verwijderd : C:\ProgramData\Premium

Map Verwijderd : C:\Users\Ellen\AppData\Local\AVG Secure Search

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho

Map Verwijderd : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Map Verwijderd : C:\Users\Ellen\AppData\Local\Temp\BabylonToolbar

Map Verwijderd : C:\Users\Ellen\AppData\LocalLow\AVG Secure Search

Map Verwijderd : C:\Users\Ellen\AppData\LocalLow\boost_interprocess

Map Verwijderd : C:\Users\Ellen\AppData\Roaming\Babylon

Map Verwijderd : C:\Users\Ellen\AppData\Roaming\BrowserCompanion

Map Verwijderd : C:\Users\Ellen\AppData\Roaming\DealPly

Map Verwijderd : C:\Users\Nick\AppData\Local\AVG Secure Search

Map Verwijderd : C:\Users\Nick\AppData\LocalLow\AVG Secure Search

Map Verwijderd : C:\Users\Nick\AppData\LocalLow\facemoods.com

Verwijderd bij het opstarten : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Register] *****

Data Verwijderd : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll

Data Verwijderd : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll

Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Crossrider

Sleutel Verwijderd : HKCU\Software\AVG Secure Search

Sleutel Verwijderd : HKCU\Software\Conduit

Sleutel Verwijderd : HKCU\Software\DataMngr

Sleutel Verwijderd : HKCU\Software\DealPly

Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Sleutel Verwijderd : HKCU\Software\InstallCore

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Sleutel Verwijderd : HKCU\Software\Softonic

Sleutel Verwijderd : HKCU\Software\StartNow Toolbar

Sleutel Verwijderd : HKCU\Software\Zugo

Sleutel Verwijderd : HKLM\Software\AVG Secure Search

Sleutel Verwijderd : HKLM\Software\AVG Security Toolbar

Sleutel Verwijderd : HKLM\Software\Babylon

Sleutel Verwijderd : HKLM\Software\BrowserCompanion

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\S

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ZGClnt.Mngr

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1

Sleutel Verwijderd : HKLM\Software\Conduit

Sleutel Verwijderd : HKLM\Software\DealPly

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Sleutel Verwijderd : HKLM\Software\StartNow Toolbar

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Sleutel Verwijderd : HKLM\SOFTWARE\DataMngr

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16537

Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\hxmq9odt.default-1372315826583\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Verwijderd [l.1] : icon_url ={"backup":{"_signature":"sulEaWfosnMsFUYhBvZ3RCXubo5pWLO486TPUFYtmIU=","_version":4,"browser":{"show[...]

File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences

Verwijderd [l.1] : icon_url ={"browser":{"window_placement":{"bottom":718,"left":10,"maximized":false,"right":1060,"top":10,"work[...]

*************************

AdwCleaner[s1].txt - [18731 octets] - [27/06/2013 09:52:43]

########## EOF - C:\AdwCleaner[s1].txt - [18792 octets] ##########

-------------------------------------------------------------------------

kape · 27 juni 2013

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Klik op de knop "Options" en vink nu de onderstaande opties aan.
- Recently Created
- HijackThis Log
- Firefox Look
- Chrome Look
- Firefox Defaults
- Reset Chrome
- Shortcut Fix
- IE Defaults
- Auto Clean
[*] Klik nu op de knop "Run script".

[*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

[*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

[*] Post nu de inhoud van het geopende logje in het volgende bericht.

whoopy1970 · 27 juni 2013

Bijgaand de log vanuit zoek.exe

Zoek.exe Version 4.0.0.2 Updated 26-June-2013

Tool run by Ellen on do 27/06/2013 at 10:26:57,08.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

27/06/2013 10:27:59 Zoek.exe System Restore Point Created Succesfully.

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\extensions.sqlite" deleted

"C:\windows\SysNative\Tasks\DealPly" deleted

"C:\windows\SysNative\Tasks\DealPlyUpdate" deleted

"C:\prefs.js" deleted

"C:\Windows\Syswow64\sho6BBC.tmp" deleted

"C:\ProgramData\CodecCheck" deleted

"C:\Users\Ellen\AppData\Local\Software" deleted

"C:\Users\Ellen\AppData\LocalLow\DataMngr" deleted

==== EOF on do 27/06/2013 at 10:31:48,93 ======================

kape · 27 juni 2013

Is dit het volledige log van zoek.exe dat je gekregen hebt ? Want er ontbreken blijkbaar nogal wat onderdelen ? Laat anders - ter controle - zoek.exe nog eens opnieuw scannen en hang het nieuwe logje in een volgend bericht.

whoopy1970 · 27 juni 2013

Na reboot kwam er inderdaad meer uit

Zoek.exe Version 4.0.0.3 Updated 27-June-2013

Tool run by Ellen on do 27/06/2013 at 11:44:27,56.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\6kgt2miw.default\prefs.js:

Added to C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\6kgt2miw.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\hxmq9odt.default-1372315826583\prefs.js:

Added to C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\hxmq9odt.default-1372315826583\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\6kgt2miw.default

user.js not found

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\hxmq9odt.default-1372315826583

user.js not found

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\McAfee\\\\SiteAdvisor\",\"mtime\":1372310808954,\"rdfTime\":1347361592000},\"crossriderapp435@crossrider.com\":{\"descriptor\":\"C:\\\\ProgramData\\\\CodecCheck\\\\firefox\",\"mtime\":1321885748271,\"rdfTime\":1321547706000},\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\",\"mtime\":1326722908613,\"rdfTime\":1315397198000},\"{D19CA586-DD6C-4a0a-96F8-14644F340D60}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Common Files\\\\McAfee\\\\SystemCore\",\"mtime\":1372310804679},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.2.0.5\",\"mtime\":1372310836769,\"rdfTime\":1369168262601}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1369339222341,\"rdfTime\":1369339222340}}}]");

---- FireFox user.js and prefs.js backups ----

prefs_20132706_1151_.backup

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\CrossriderWebApps" deleted

"C:\Program Files (x86)\StartNow Toolbar" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Ellen\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-06-27 06:20:04 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe

====== C:\Windows\Sysnative\drivers =====

2013-06-27 05:42:30 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-06-11 20:18:25 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

====== C:\Windows\Tasks ======

2013-06-27 08:29:27 1A0C0583892BB2F907F4CD61557253B1 3116 ----a-w- C:\Windows\Sysnative\Tasks\{F2D8CA20-BDA9-4F6B-ADD9-946F1792B701}

2013-05-29 17:24:30 E9B61EFE20BC46B262B88F27988DED68 2854 ----a-w- C:\Windows\Sysnative\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv

2013-05-29 17:24:30 CB7780D806908E5C9CFC05A7E52473B3 350 ----a-w- C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-06-27 06:11:04 -------- d-----w- C:\Program Files\HitmanPro

2013-06-24 18:52:55 -------- d-----w- C:\Program Files\Common Files\Adobe

2013-06-24 18:51:50 -------- d-----w- C:\Program Files\Adobe

======= C:\Program Files (x86) =====

2013-06-27 07:41:30 -------- d-----w- C:\Program Files (x86)\Trend Micro

======= C: =====

2013-06-27 07:52:43 8B7B9DFB995077D0D82528DF264EA03E 18820 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\Ellen\AppData\Roaming ======

2013-06-27 05:42:04 -------- d-----w- C:\users\Ellen\AppData\Local\Programs

2013-05-29 18:51:34 -------- d-----w- C:\users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-05-29 18:51:08 -------- d-----w- C:\users\Ellen\AppData\Roaming\Dropbox

====== C:\Users\Ellen ======

2013-06-27 07:51:54 4EF33D516F31BEB1C9847D1FDA69375C 648201 ----a-w- C:\Users\Ellen\Desktop\adwcleaner.exe

2013-06-27 07:00:35 C57324BDFE3063EDF7DFD1942242917E 21840856 ----a-w- C:\Users\Ellen\Downloads\Firefox Setup 22.0.exe

2013-06-27 06:11:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2013-06-27 06:08:52 B2E0F30FC400FA9E70C6DFF98420085D 9833328 ----a-w- C:\Users\Ellen\Downloads\HitmanPro_x64.exe

2013-06-27 06:08:44 -------- d-----w- C:\ProgramData\HitmanPro

2013-06-27 06:07:58 0011AC7B83C557D3273A1E093BD46F8E 9171472 ----a-w- C:\Users\Ellen\Downloads\HitmanPro.exe

2013-06-27 05:41:42 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Nick\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-24 19:13:08 A5AFDF81FB7E6C9D898529A6CBC4B285 826229968 ----a-w- C:\Users\Ellen\Downloads\Lightroom_4_LS11_win_4_4.exe

2013-05-29 18:53:19 -------- d-----r- C:\Users\Ellen\Dropbox

====== C: exe-files ==

2013-06-27 07:51:54 4EF33D516F31BEB1C9847D1FDA69375C 648201 ----a-w- C:\Users\Ellen\Desktop\adwcleaner.exe

2013-06-27 07:00:35 C57324BDFE3063EDF7DFD1942242917E 21840856 ----a-w- C:\Users\Ellen\Downloads\Firefox Setup 22.0.exe

2013-06-27 06:20:04 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-06-27 06:11:05 1712747C844CC12EED8BC92FB0E56E4C 109352 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe

2013-06-27 06:11:04 B2E0F30FC400FA9E70C6DFF98420085D 9833328 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe

2013-06-27 06:08:52 B2E0F30FC400FA9E70C6DFF98420085D 9833328 ----a-w- C:\Users\Ellen\Downloads\HitmanPro_x64.exe

2013-06-27 06:07:58 0011AC7B83C557D3273A1E093BD46F8E 9171472 ----a-w- C:\Users\Ellen\Downloads\HitmanPro.exe

2013-06-27 05:55:58 D53D5A464755B876306507FA0580737B 399440 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_E22AE377E2374FD1.exe

2013-06-27 05:55:54 10B01048B1DA075CD1EE27E30B4CF342 308816 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_16A328A5A291F177.exe

2013-06-27 05:55:37 9227CD96860A2B54E7CF4C91B255C420 1070672 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_80ACC8E3971CD605.exe

2013-06-27 05:54:25 FF288AD39AFA4B198C744E47A2994DCB 530912 ----a-w- C:\Program Files (x86)\Google\Update\Install\{047A2996-16E5-4F09-AE46-765542D39830}\GoogleToolbarInstaller_updater_signed.exe

2013-06-27 05:54:25 FF288AD39AFA4B198C744E47A2994DCB 530912 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4209.2358\GoogleToolbarInstaller_updater_signed.exe

2013-06-27 05:41:42 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Nick\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-26 16:10:40 ED9B02A4431ED15765652CF362F99501 915120 ----a-w- C:\Windows\Temp\avg_a05748\ProgFiles\AVG Secure Search\lip.exe

2013-06-26 16:10:40 EB57E661367E410BDD1F00D5BE69CCB5 1791152 ----a-w- C:\Windows\Temp\avg_a05748\ProgFiles\AVG Secure Search\Uninstall.exe

2013-06-26 16:10:40 D186EEC1E724DAD957CEC048A2B3F76E 639664 ----a-w- C:\Windows\Temp\avg_a05748\ProgFiles\AVG Secure Search\PostInstall.exe

2013-06-26 16:10:40 94071BD09B381F82E1ADBC72252167C5 147120 ----a-w- C:\Windows\Temp\avg_a05748\CommonFiles\AVG Secure Search\DriverInstaller_64.exe

2013-06-26 16:10:40 835C890A32822657B40DC9E4221FEC0E 572080 ----a-w- C:\Windows\Temp\avg_a05748\ConfigFiles\MachineIdCreator.exe

2013-06-26 16:10:40 61A9B11B263FA811474E5D8D96ECF96E 2236080 ----a-w- C:\Windows\Temp\avg_a05748\ProgFiles\AVG Secure Search\vprot.exe

2013-06-26 16:10:40 60260049219F2B353AA894892B8B3B32 2239664 ----a-w- C:\Windows\Temp\avg_a05748\CommonFiles\AVG Secure Search\ScriptHelper.exe

2013-06-26 16:10:40 40D1F5434F4C245B4D162A9001832C70 2170544 ----a-w- C:\Windows\Temp\avg_a05748\avg-secure-search-installer.exe

2013-06-26 16:10:40 3974107E7FDC345AC3D7FFBB7D8D5F6B 638128 ----a-w- C:\Windows\Temp\avg_a05748\CommonFiles\AVG Secure Search\DriverInstaller.exe

2013-06-26 16:10:40 254E8F9BA44E9F55416B0E51DBFF3C5F 1598128 ----a-w- C:\Windows\Temp\avg_a05748\CommonFiles\AVG Secure Search\ToolbarUpdater.exe

2013-06-26 16:09:55 3CF49C8FC8C9E2B14ACE4CA1D4CBE1AE 4520984 ----a-w- C:\Windows\Temp\{779D0F94-4DBC-46AC-8CE6-29C91B01A51D}.exe

2013-06-24 19:20:21 8953C14F326367F70C96A3DD3CD04EE0 412317608 ------w- C:\Users\Ellen\Desktop\Adobe\Photoshop Lightroom 4.4\Adobe Photoshop Lightroom 4\setup64.exe

2013-06-24 19:19:43 4024EBA2B17D379659379ED6002921A5 404679560 ----a-w- C:\Users\Ellen\Desktop\Adobe\Photoshop Lightroom 4.4\Adobe Photoshop Lightroom 4\setup32.exe

2013-06-24 19:19:43 3FB0C9C698391E5D578A62BD59EFACE2 147344 ----a-w- C:\Users\Ellen\Desktop\Adobe\Photoshop Lightroom 4.4\Install Lightroom 4.exe

2013-06-24 19:13:08 A5AFDF81FB7E6C9D898529A6CBC4B285 826229968 ----a-w- C:\Users\Ellen\Downloads\Lightroom_4_LS11_win_4_4.exe

2013-06-20 18:54:20 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe

=== C: other files ==

2013-06-27 06:50:34 FC26F8841215642DA0CC98F66BC403CE 580368 ----a-w- C:\Users\Ellen\Desktop\Old Firefox Data\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi

2013-06-27 06:24:34 463B1DBF98A885254648F88EC3612161 13399154 ----a-w- C:\Users\Ellen\Downloads\mbar-1.06.0.1004.zip

2013-06-27 05:42:30 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-26 16:10:44 C6C470CD49FE9DBA0F082540D7AF7642 37664 ----a-w- C:\Windows\Temp\avg_a05748\CommonFiles\AVG Secure Search\avgtpx86.sys

2013-06-26 16:10:43 34E9A86B0EF71BA72B58D72215EBFABC 45856 ----a-w- C:\Windows\Temp\avg_a05748\CommonFiles\AVG Secure Search\avgtpx64.sys

2013-06-26 16:10:34 C094CB3E07BA42DD42D2E257511F3B7A 257165 ----a-w- C:\Windows\Temp\avg_a05748\ProgData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx

2013-06-26 16:10:29 264F8E1A89771B80D9F2985A68BAA8C3 178115 ----a-w- C:\Windows\Temp\avg_a05748\ProgFiles\AVG Secure Search\data.zip

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\hxmq9odt.default-1372315826583

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

96C406EC877EB23BB753E59B776C6BC7 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.10

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[04/12/2012 11:47]

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 15:13]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

incfcgceegpikennjoplhfghaaikdgei - C:\Users\Ellen\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx[27/08/2012 21:14]

SiteAdvisor - Ellen - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

StartNow - Ellen - Default\Extensions\incfcgceegpikennjoplhfghaaikdgei

DivX Plus Web Player HTML5 \u003Cvideo\u003E - Ellen - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

YouTube - Nick - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Nick - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

SiteAdvisor - Nick - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

Facemoods - Nick - Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Premiumplay Codec-C - Nick - Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho

DivX Plus Web Player HTML5 \u003Cvideo\u003E - Nick - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

Gmail - Nick - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="Google"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]

"SearchAssistant"="Google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Reset Google Chrome ======================

C:\users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-889363557-2036165539-3501339599-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully

HKEY_USERS\S-1-5-21-889363557-2036165539-3501339599-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully

==== Deleting CLSID Registry Values ======================

==== shortcuts on Users Desktops ======================

C:\Users\Ellen\Desktop\Airport Simulator 2011.lnk - C:\Program Files (x86)\Airport Simulator 2011\airport.exe

C:\Users\Ellen\Desktop\BDSizer - Snelkoppeling.lnk - C:\Users\Ellen\Downloads\BDSizer.exe

C:\Users\Ellen\Desktop\DivX Movies.lnk - C:\Users\Ellen\Videos\DivX Movies

C:\Users\Ellen\Desktop\Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Ellen\Desktop\HiJackThis.lnk - C:\Users\Ellen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Ellen\Desktop\IrfanView Thumbnails.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe /thumbs

C:\Users\Ellen\Desktop\IrfanView.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe

C:\Users\Ellen\Desktop\Music tools\Ashampoo Music Studio 3.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Music Studio 3\bin\MusicStudio3.exe

C:\Users\Ellen\Desktop\Music tools\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

C:\Users\Ellen\Desktop\Music tools\MixPad.lnk - C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe

C:\Users\Ellen\Desktop\Music tools\Music Converter.lnk - C:\Program Files (x86)\MusicConverter\AudioConverter.exe

C:\Users\Ellen\Desktop\Music tools\Switch Sound File Converter.lnk - C:\Program Files (x86)\NCH Software\Switch\switch.exe

C:\Users\Ellen\Desktop\Music tools\WavePad Sound Editor.lnk - C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe

C:\Users\Ellen\Desktop\Music tools\Xilisoft DVD Ripper Platinum 4.lnk - C:\Program Files (x86)\Xilisoft\DVD Ripper Platinum 4\dvdrip.exe

C:\Users\Ellen\Desktop\Music tools\Zulu DJ Software.lnk - C:\Program Files (x86)\NCH Software\Zulu\zulu.exe

C:\Users\Gast\Desktop\Free DVD MP3 Ripper.lnk - C:\Program Files (x86)\Free DVD MP3 Ripper\dvd_mp3_ripper.exe

C:\Users\Gast\Desktop\Xilisoft DVD Ripper Platinum 4.lnk - C:\Program Files (x86)\Xilisoft\DVD Ripper Platinum 4\dvdrip.exe

C:\Users\Nick\Desktop\Free DVD MP3 Ripper.lnk - C:\Program Files (x86)\Free DVD MP3 Ripper\dvd_mp3_ripper.exe

C:\Users\Nick\Desktop\Xilisoft DVD Ripper Platinum 4.lnk - C:\Program Files (x86)\Xilisoft\DVD Ripper Platinum 4\dvdrip.exe

C:\Users\UpdatusUser\Desktop\Free DVD MP3 Ripper.lnk - C:\Program Files (x86)\Free DVD MP3 Ripper\dvd_mp3_ripper.exe

C:\Users\UpdatusUser\Desktop\Xilisoft DVD Ripper Platinum 4.lnk - C:\Program Files (x86)\Xilisoft\DVD Ripper Platinum 4\dvdrip.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\Cities XL 2012.lnk - C:\Program Files (x86)\Focus Home Interactive\Cities XL 2012\CitiesXL_2012.exe LOCALIZATION/LANGUAGE=en

C:\Users\Public\Desktop\clear.fi Tutorial.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe "c:\Users\Public\Videos\clear.fi_tutorial.wmv" /fullscreen

C:\Users\Public\Desktop\clear.fi.lnk - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe

C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk - C:\Program Files (x86)\Corel\Corel VideoStudio Pro X4\vstudio.exe

C:\Users\Public\Desktop\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe

C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe SW_SHOWNORMAL

C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe

C:\Users\Public\Desktop\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe

C:\Users\Public\Desktop\FileZilla Client.lnk - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe

C:\Users\Public\Desktop\Fuji Fotoservice 2.7.lnk - C:\Program Files (x86)\Fuji Fotoservice\Fuji Fotoservice\Loader.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe

C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe

C:\Users\Public\Desktop\HTML-Kit.lnk - C:\Program Files (x86)\Chami\HTML-Kit\Bin\HTMLKit.exe

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

C:\Users\Public\Desktop\Koop online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe Acer Online winkel - Welkom

C:\Users\Public\Desktop\Lightroom 4.1 64-bits.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exe

C:\Users\Public\Desktop\Luminance HDR.lnk - C:\Program Files\Luminance HDR\luminance-hdr.exe

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk - C:\Program Files (x86)\mcafee.com\agent\mcagent.exe /desktopicon

C:\Users\Public\Desktop\Microsoft Mouse.lnk - C:\Windows\Installer\{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}\Mouse.ico mouse cpl

C:\Users\Public\Desktop\Mobiel Internet Software.lnk - C:\Program Files (x86)\KPN\Mobiel Internet Software\Wilog.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Public\Desktop\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

C:\Users\Public\Desktop\Norton Security Scan.lnk - C:\Program Files (x86)\Norton Security Scan\Engine\3.6.1.11\Nss.exe

C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\Public\Desktop\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe

C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe

C:\Users\Public\Desktop\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktopoem /dp acerlt

C:\Users\Public\Desktop\ZoomBrowser EX.lnk - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Ellen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-bits.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Verwijder HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Internet Security Suite.lnk - C:\Program Files (x86)\mcafee.com\agent\mcagent.exe /desktopicon

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobiel Internet Software.lnk - C:\Program Files (x86)\KPN\Mobiel Internet Software\Wilog.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Koop online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve