Ga naar inhoud

search.conduit.com verwijderen


Aanbevolen berichten

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:58:23, on 8/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [searchProtect] C:\Users\Paul\AppData\Roaming\SearchProtect\cltmng.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: FancyStart daemon.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O20 - AppInit_DLLs: c:\progra~2\saveas\sprote~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LlamaYA movil. OUC (LlamaYA movil. RunOuc) - Unknown owner - C:\Program Files (x86)\LlamaYA movil\UpdateDog\ouc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11972 bytes

Link naar reactie
Delen op andere sites

Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop CltMngSvc en druk op Enter.

Tik in: sc delete CltMngSvc en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

O4 - HKCU\..\Run: [searchProtect] C:\Users\Paul\AppData\Roaming\SearchProtect\cltmng.exe

O4 - Global Startup: FancyStart daemon.lnk = ?

O20 - AppInit_DLLs: c:\progra~2\saveas\sprote~1.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

Malwarebytes : Free anti-malware download

Databaseversie: v2012.12.11.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: PAUL-LPT [administrator]

Realtime bescherming: Ingeschakeld

11/12/2012 23:33:41

mbam-log-2012-12-11 (23-33-41).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 210861

Verstreken tijd: 4 minuut/minuten, 49 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\Users\Paul\Downloads\installer_winzip(1).exe (PUP.BundleInstaller.BEN) -> Geen actie ondernomen.

C:\Users\Paul\Downloads\installer_winzip.exe (PUP.BundleInstaller.BEN) -> Geen actie ondernomen.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:58:40, on 9/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LlamaYA movil. OUC (LlamaYA movil. RunOuc) - Unknown owner - C:\Program Files (x86)\LlamaYA movil\UpdateDog\ouc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11178 bytes

Link naar reactie
Delen op andere sites

Bij Malwarebytes heb je niet gekozen om de aangeduide items te verwijderen. "Geen actie ondernomen" wijst alvast in die richting. Wil je dit nog eens herhalen en dan wél kiezen voor verwijderen.

Download AdwCleaner by Xplode naar je bureaublad.

A3qkP9RCEAAOZhQ.jpg

  • Sluit alle openstaande vensters.
  • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Voor XP: Gewoon dubbelklikken op AdwCleaner.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht.

Link naar reactie
Delen op andere sites

Heel erg bedankt om te helpen.logbestand antivirus volgt

# AdwCleaner v2.105 - Verslag gemaakt op 09/01/2013 om 11:36:29

# Geactualiseerd op 08/01/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Paul - PAUL-LPT

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Paul\Downloads\adwcleaner(3).exe

# Optie [Verwijderen]

***** [Diensten] *****

Gestopt & Verwijdert : CltMngSvc

***** [Files / Mappen] *****

File Verwijdert : C:\Users\Paul\AppData\Local\Temp\Uninstall.exe

Map Verwijdert : C:\Program Files (x86)\Conduit

Map Verwijdert : C:\Program Files (x86)\SaveAs

Map Verwijdert : C:\Program Files (x86)\SearchProtect

Map Verwijdert : C:\ProgramData\Ask

Map Verwijdert : C:\ProgramData\InstallMate

Map Verwijdert : C:\ProgramData\Partner

Map Verwijdert : C:\Users\Paul\AppData\Local\Conduit

Map Verwijdert : C:\Users\Paul\AppData\Local\SwvUpdater

Map Verwijdert : C:\Users\Paul\AppData\LocalLow\Conduit

Map Verwijdert : C:\Users\Paul\AppData\LocalLow\PriceGong

Map Verwijdert : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\Smartbar

Map Verwijdert : C:\Users\Paul\AppData\Roaming\SearchProtect

Verwijdert bij het opstarten : C:\ProgramData\Premium

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector

Sleutel Verwijdert : HKCU\Software\Conduit

Sleutel Verwijdert : HKCU\Software\InstallCore

Sleutel Verwijdert : HKCU\Software\SearchProtect

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\SearchProtect

Sleutel Verwijdert : HKLM\Software\SP Global

Sleutel Verwijdert : HKLM\Software\SProtector

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v17.0.1 (nl)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\prefs.js

Verwijdert : user_pref("CT2865317.1000234.TWC_TMP_city", "HERENTALS");

Verwijdert : user_pref("CT2865317.1000234.TWC_TMP_country", "BE");

Verwijdert : user_pref("CT2865317.1000234.TWC_locId", "BEXX0206");

Verwijdert : user_pref("CT2865317.1000234.TWC_location", "Herentals, Belgium");

Verwijdert : user_pref("CT2865317.1000234.TWC_region", "OT");

Verwijdert : user_pref("CT2865317.1000234.TWC_temp_dis", "C");

Verwijdert : user_pref("CT2865317.1000234.TWC_wind_dis", "kmh");

Verwijdert : user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"7°C\",\"temperatu[...]

Verwijdert : user_pref("CT2865317.CBOpenMAMSettings.enc", "MA==");

Verwijdert : user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijdert : user_pref("CT2865317.FirstTime", "true");

Verwijdert : user_pref("CT2865317.FirstTimeFF3", "true");

Verwijdert : user_pref("CT2865317.LoginRevertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.PairingKey.enc", "RThGN0I2MDFBRThGNEYwMTgyMEUzRjM0NTQyMUREOUVFRTMwQzY2Nw==");

Verwijdert : user_pref("CT2865317.RevertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]

Verwijdert : user_pref("CT2865317.UserID", "UN58750992632368830");

Verwijdert : user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true");

Verwijdert : user_pref("CT2865317.autoDisableScopes", -1);

Verwijdert : user_pref("CT2865317.browser.search.defaultthis.engineName", true);

Verwijdert : user_pref("CT2865317.cbcountry_001.enc", "QkU=");

Verwijdert : user_pref("CT2865317.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDE4OjEzOjMxIEdNVCswMTAw");

Verwijdert : user_pref("CT2865317.defaultSearch", "true");

Verwijdert : user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"cross[...]

Verwijdert : user_pref("CT2865317.enableAlerts", "always");

Verwijdert : user_pref("CT2865317.enableSearchFromAddressBar", "true");

Verwijdert : user_pref("CT2865317.firstTimeDialogOpened", "true");

Verwijdert : user_pref("CT2865317.fixPageNotFoundError", "true");

Verwijdert : user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true");

Verwijdert : user_pref("CT2865317.fixUrls", true);

Verwijdert : user_pref("CT2865317.installType", "xpe");

Verwijdert : user_pref("CT2865317.isCheckedStartAsHidden", true);

Verwijdert : user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.isFirstTimeToolbarLoading", "false");

Verwijdert : user_pref("CT2865317.isNewTabEnabled", true);

Verwijdert : user_pref("CT2865317.isPerformedSmartBarTransition", "true");

Verwijdert : user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Verwijdert : user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.keyword", true);

Verwijdert : user_pref("CT2865317.migrateAppsAndComponents", true);

Verwijdert : user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Verwijdert : user_pref("CT2865317.openThankYouPage", "true");

Verwijdert : user_pref("CT2865317.openUninstallPage", "false");

Verwijdert : user_pref("CT2865317.revertSettingsEnabled", "false");

Verwijdert : user_pref("CT2865317.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");

Verwijdert : user_pref("CT2865317.search.searchAppId", "129363015615338104");

Verwijdert : user_pref("CT2865317.search.searchCount", "0");

Verwijdert : user_pref("CT2865317.searchInNewTabEnabledInHidden", "true");

Verwijdert : user_pref("CT2865317.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Verwijdert : user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357665210290");

Verwijdert : user_pref("CT2865317.serviceLayer_services_appTracking_lastUpdate", "1357665304474");

Verwijdert : user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1357665209918");

Verwijdert : user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357665211154");

Verwijdert : user_pref("CT2865317.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357671411880");

Verwijdert : user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357665210842");

Verwijdert : user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1357665209120");

Verwijdert : user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1357665208882");

Verwijdert : user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357665211211");

Verwijdert : user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1357672592175");

Verwijdert : user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1357665209930");

Verwijdert : user_pref("CT2865317.settingsINI", true);

Verwijdert : user_pref("CT2865317.shouldFirstTimeDialog", "false");

Verwijdert : user_pref("CT2865317.smartbar.CTID", "CT2865317");

Verwijdert : user_pref("CT2865317.smartbar.Uninstall", "0");

Verwijdert : user_pref("CT2865317.smartbar.homepage", true);

Verwijdert : user_pref("CT2865317.smartbar.isHidden", true);

Verwijdert : user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL ");

Verwijdert : user_pref("CT2865317.startPage", "userChanged");

Verwijdert : user_pref("CT2865317.toolbarBornServerTime", "8-1-2013");

Verwijdert : user_pref("CT2865317.toolbarCurrentServerTime", "8-1-2013");

Verwijdert : user_pref("CT2865317.uTTorrents.enc", "eyJidWlsZCI6Mjg3MDUsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjhFM0E4R[...]

Verwijdert : user_pref("CT2865317.url_history0001.enc", "aHR0cDovL2thdC5waC86OjpjbGlja2hhbmRsZXI6OjoxMzU3NjY1MzQz[...]

Verwijdert : user_pref("CT2865317_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Verwijdert : user_pref("CT3272810.1000082.isDisplayHidden", "true");

Verwijdert : user_pref("CT3272810.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Verwijdert : user_pref("CT3272810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijdert : user_pref("CT3272810.FirstTime", "true");

Verwijdert : user_pref("CT3272810.FirstTimeFF3", "true");

Verwijdert : user_pref("CT3272810.InstallDate", "8/1/2013 19:43:18");

Verwijdert : user_pref("CT3272810.LoginRevertSettingsEnabled", true);

Verwijdert : user_pref("CT3272810.RevertSettingsEnabled", true);

Verwijdert : user_pref("CT3272810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]

Verwijdert : user_pref("CT3272810.UserID", "UN79361368422498797");

Verwijdert : user_pref("CT3272810.addressBarTakeOverEnabledInHidden", "true");

Verwijdert : user_pref("CT3272810.autoDisableScopes", -1);

Verwijdert : user_pref("CT3272810.browser.search.defaultthis.engineName", true);

Verwijdert : user_pref("CT3272810.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDE5OjUwOjUwIEdNVCswMTAw");

Verwijdert : user_pref("CT3272810.defaultSearch", "true");

Verwijdert : user_pref("CT3272810.embeddedsData", "[{\"appId\":\"130004960265293823\",\"apiPermissions\":{\"cross[...]

Verwijdert : user_pref("CT3272810.enableAlerts", "always");

Verwijdert : user_pref("CT3272810.enableSearchFromAddressBar", "true");

Verwijdert : user_pref("CT3272810.firstTimeDialogOpened", "true");

Verwijdert : user_pref("CT3272810.fixPageNotFoundError", "true");

Verwijdert : user_pref("CT3272810.fixPageNotFoundErrorInHidden", "true");

Verwijdert : user_pref("CT3272810.fixUrls", true);

Verwijdert : user_pref("CT3272810.hxxp___api16_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api21_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api28_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api6_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.installId", "9818");

Verwijdert : user_pref("CT3272810.installType", "conduitnsisintegration");

Verwijdert : user_pref("CT3272810.isCheckedStartAsHidden", true);

Verwijdert : user_pref("CT3272810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.isFirstTimeToolbarLoading", "false");

Verwijdert : user_pref("CT3272810.isNewTabEnabled", true);

Verwijdert : user_pref("CT3272810.isPerformedSmartBarTransition", "true");

Verwijdert : user_pref("CT3272810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Verwijdert : user_pref("CT3272810.keyword", true);

Verwijdert : user_pref("CT3272810.mam_CouponBuddy_appState.enc", "b24=");

Verwijdert : user_pref("CT3272810.mam_PriceGong_appState.enc", "b24=");

Verwijdert : user_pref("CT3272810.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9z[...]

Verwijdert : user_pref("CT3272810.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]

Verwijdert : user_pref("CT3272810.mam_gk_first_time.enc", "MQ==");

Verwijdert : user_pref("CT3272810.mam_gk_lastLoginTime.enc", "MTM1NzY3MDY0ODIyNQ==");

Verwijdert : user_pref("CT3272810.mam_gk_settings.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoy[...]

Verwijdert : user_pref("CT3272810.mam_gk_userId.enc", "M2VhZGNlNTQtY2VmMS00M2ZkLWIwMjUtOGE2M2IzNjdhMTAx");

Verwijdert : user_pref("CT3272810.mam_gk_user_apps_selection.enc", "eyJQcmljZUdvbmciOnRydWUsIkNvdXBvbkJ1ZGR5Ijp0c[...]

Verwijdert : user_pref("CT3272810.migrateAppsAndComponents", true);

Verwijdert : user_pref("CT3272810.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Verwijdert : user_pref("CT3272810.openThankYouPage", "false");

Verwijdert : user_pref("CT3272810.openUninstallPage", "false");

Verwijdert : user_pref("CT3272810.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Verwijdert : user_pref("CT3272810.revertSettingsEnabled", "false");

Verwijdert : user_pref("CT3272810.search.searchAppId", "130004960265293823");

Verwijdert : user_pref("CT3272810.search.searchCount", "0");

Verwijdert : user_pref("CT3272810.searchInNewTabEnabledInHidden", "true");

Verwijdert : user_pref("CT3272810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Verwijdert : user_pref("CT3272810.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357670644582");

Verwijdert : user_pref("CT3272810.serviceLayer_services_appsMetadata_lastUpdate", "1357670644238");

Verwijdert : user_pref("CT3272810.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357670646475");

Verwijdert : user_pref("CT3272810.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357671360516");

Verwijdert : user_pref("CT3272810.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357670646269");

Verwijdert : user_pref("CT3272810.serviceLayer_services_searchAPI_lastUpdate", "1357670642618");

Verwijdert : user_pref("CT3272810.serviceLayer_services_serviceMap_lastUpdate", "1357670642243");

Verwijdert : user_pref("CT3272810.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357670646515");

Verwijdert : user_pref("CT3272810.serviceLayer_services_toolbarSettings_lastUpdate", "1357670642546");

Verwijdert : user_pref("CT3272810.serviceLayer_services_translation_lastUpdate", "1357670644250");

Verwijdert : user_pref("CT3272810.serviceLayer_services_userApps_lastUpdate", "1357671068372");

Verwijdert : user_pref("CT3272810.settingsINI", true);

Verwijdert : user_pref("CT3272810.shouldFirstTimeDialog", "false");

Verwijdert : user_pref("CT3272810.smartbar.CTID", "CT3272810");

Verwijdert : user_pref("CT3272810.smartbar.Uninstall", "0");

Verwijdert : user_pref("CT3272810.smartbar.homepage", true);

Verwijdert : user_pref("CT3272810.smartbar.isHidden", true);

Verwijdert : user_pref("CT3272810.smartbar.toolbarName", "WhiteSmoke US New E1 ");

Verwijdert : user_pref("CT3272810.toolbarBornServerTime", "8-1-2013");

Verwijdert : user_pref("CT3272810.toolbarCurrentServerTime", "8-1-2013");

Verwijdert : user_pref("CT3272810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Verwijdert : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT327281[...]

Verwijdert : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US New E1 Customized Web Search");

Verwijdert : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810[...]

Verwijdert : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]

Verwijdert : user_pref("Smartbar.keywordURLSelectedCTID", "CT3272810");

Verwijdert : user_pref("aol_toolbar.default.homepage.check", false);

Verwijdert : user_pref("aol_toolbar.default.search.check", false);

Verwijdert : user_pref("browser.search.order.1", "Ask.com");

Verwijdert : user_pref("browser.search.selectedEngine", "WhiteSmoke US New E1 Customized Web Search");

Verwijdert : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT3272810&Sea[...]

Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Verwijdert : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CU[...]

Verwijdert : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13[...]

Verwijdert : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Verwijdert : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Verwijdert : user_pref("smartbar.originalSearchAddressUrl", "");

Verwijdert : user_pref("smartbar.originalSearchEngine", false);

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R1].txt - [19324 octets] - [09/01/2013 11:33:49]

AdwCleaner[s2].txt - [19743 octets] - [09/01/2013 11:36:29]

########## EOF - C:\AdwCleaner[s2].txt - [19804 octets] ##########

# AdwCleaner v2.105 - Verslag gemaakt op 09/01/2013 om 11:36:29

# Geactualiseerd op 08/01/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Paul - PAUL-LPT

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Paul\Downloads\adwcleaner(3).exe

# Optie [Verwijderen]

***** [Diensten] *****

Gestopt & Verwijdert : CltMngSvc

***** [Files / Mappen] *****

File Verwijdert : C:\Users\Paul\AppData\Local\Temp\Uninstall.exe

Map Verwijdert : C:\Program Files (x86)\Conduit

Map Verwijdert : C:\Program Files (x86)\SaveAs

Map Verwijdert : C:\Program Files (x86)\SearchProtect

Map Verwijdert : C:\ProgramData\Ask

Map Verwijdert : C:\ProgramData\InstallMate

Map Verwijdert : C:\ProgramData\Partner

Map Verwijdert : C:\Users\Paul\AppData\Local\Conduit

Map Verwijdert : C:\Users\Paul\AppData\Local\SwvUpdater

Map Verwijdert : C:\Users\Paul\AppData\LocalLow\Conduit

Map Verwijdert : C:\Users\Paul\AppData\LocalLow\PriceGong

Map Verwijdert : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\Smartbar

Map Verwijdert : C:\Users\Paul\AppData\Roaming\SearchProtect

Verwijdert bij het opstarten : C:\ProgramData\Premium

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector

Sleutel Verwijdert : HKCU\Software\Conduit

Sleutel Verwijdert : HKCU\Software\InstallCore

Sleutel Verwijdert : HKCU\Software\SearchProtect

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\SearchProtect

Sleutel Verwijdert : HKLM\Software\SP Global

Sleutel Verwijdert : HKLM\Software\SProtector

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v17.0.1 (nl)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\prefs.js

Verwijdert : user_pref("CT2865317.1000234.TWC_TMP_city", "HERENTALS");

Verwijdert : user_pref("CT2865317.1000234.TWC_TMP_country", "BE");

Verwijdert : user_pref("CT2865317.1000234.TWC_locId", "BEXX0206");

Verwijdert : user_pref("CT2865317.1000234.TWC_location", "Herentals, Belgium");

Verwijdert : user_pref("CT2865317.1000234.TWC_region", "OT");

Verwijdert : user_pref("CT2865317.1000234.TWC_temp_dis", "C");

Verwijdert : user_pref("CT2865317.1000234.TWC_wind_dis", "kmh");

Verwijdert : user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"7°C\",\"temperatu[...]

Verwijdert : user_pref("CT2865317.CBOpenMAMSettings.enc", "MA==");

Verwijdert : user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijdert : user_pref("CT2865317.FirstTime", "true");

Verwijdert : user_pref("CT2865317.FirstTimeFF3", "true");

Verwijdert : user_pref("CT2865317.LoginRevertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.PairingKey.enc", "RThGN0I2MDFBRThGNEYwMTgyMEUzRjM0NTQyMUREOUVFRTMwQzY2Nw==");

Verwijdert : user_pref("CT2865317.RevertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]

Verwijdert : user_pref("CT2865317.UserID", "UN58750992632368830");

Verwijdert : user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true");

Verwijdert : user_pref("CT2865317.autoDisableScopes", -1);

Verwijdert : user_pref("CT2865317.browser.search.defaultthis.engineName", true);

Verwijdert : user_pref("CT2865317.cbcountry_001.enc", "QkU=");

Verwijdert : user_pref("CT2865317.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDE4OjEzOjMxIEdNVCswMTAw");

Verwijdert : user_pref("CT2865317.defaultSearch", "true");

Verwijdert : user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"cross[...]

Verwijdert : user_pref("CT2865317.enableAlerts", "always");

Verwijdert : user_pref("CT2865317.enableSearchFromAddressBar", "true");

Verwijdert : user_pref("CT2865317.firstTimeDialogOpened", "true");

Verwijdert : user_pref("CT2865317.fixPageNotFoundError", "true");

Verwijdert : user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true");

Verwijdert : user_pref("CT2865317.fixUrls", true);

Verwijdert : user_pref("CT2865317.installType", "xpe");

Verwijdert : user_pref("CT2865317.isCheckedStartAsHidden", true);

Verwijdert : user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.isFirstTimeToolbarLoading", "false");

Verwijdert : user_pref("CT2865317.isNewTabEnabled", true);

Verwijdert : user_pref("CT2865317.isPerformedSmartBarTransition", "true");

Verwijdert : user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Verwijdert : user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.keyword", true);

Verwijdert : user_pref("CT2865317.migrateAppsAndComponents", true);

Verwijdert : user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Verwijdert : user_pref("CT2865317.openThankYouPage", "true");

Verwijdert : user_pref("CT2865317.openUninstallPage", "false");

Verwijdert : user_pref("CT2865317.revertSettingsEnabled", "false");

Verwijdert : user_pref("CT2865317.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");

Verwijdert : user_pref("CT2865317.search.searchAppId", "129363015615338104");

Verwijdert : user_pref("CT2865317.search.searchCount", "0");

Verwijdert : user_pref("CT2865317.searchInNewTabEnabledInHidden", "true");

Verwijdert : user_pref("CT2865317.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Verwijdert : user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357665210290");

Verwijdert : user_pref("CT2865317.serviceLayer_services_appTracking_lastUpdate", "1357665304474");

Verwijdert : user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1357665209918");

Verwijdert : user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357665211154");

Verwijdert : user_pref("CT2865317.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357671411880");

Verwijdert : user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357665210842");

Verwijdert : user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1357665209120");

Verwijdert : user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1357665208882");

Verwijdert : user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357665211211");

Verwijdert : user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1357672592175");

Verwijdert : user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1357665209930");

Verwijdert : user_pref("CT2865317.settingsINI", true);

Verwijdert : user_pref("CT2865317.shouldFirstTimeDialog", "false");

Verwijdert : user_pref("CT2865317.smartbar.CTID", "CT2865317");

Verwijdert : user_pref("CT2865317.smartbar.Uninstall", "0");

Verwijdert : user_pref("CT2865317.smartbar.homepage", true);

Verwijdert : user_pref("CT2865317.smartbar.isHidden", true);

Verwijdert : user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL ");

Verwijdert : user_pref("CT2865317.startPage", "userChanged");

Verwijdert : user_pref("CT2865317.toolbarBornServerTime", "8-1-2013");

Verwijdert : user_pref("CT2865317.toolbarCurrentServerTime", "8-1-2013");

Verwijdert : user_pref("CT2865317.uTTorrents.enc", "eyJidWlsZCI6Mjg3MDUsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjhFM0E4R[...]

Verwijdert : user_pref("CT2865317.url_history0001.enc", "aHR0cDovL2thdC5waC86OjpjbGlja2hhbmRsZXI6OjoxMzU3NjY1MzQz[...]

Verwijdert : user_pref("CT2865317_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Verwijdert : user_pref("CT3272810.1000082.isDisplayHidden", "true");

Verwijdert : user_pref("CT3272810.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Verwijdert : user_pref("CT3272810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijdert : user_pref("CT3272810.FirstTime", "true");

Verwijdert : user_pref("CT3272810.FirstTimeFF3", "true");

Verwijdert : user_pref("CT3272810.InstallDate", "8/1/2013 19:43:18");

Verwijdert : user_pref("CT3272810.LoginRevertSettingsEnabled", true);

Verwijdert : user_pref("CT3272810.RevertSettingsEnabled", true);

Verwijdert : user_pref("CT3272810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]

Verwijdert : user_pref("CT3272810.UserID", "UN79361368422498797");

Verwijdert : user_pref("CT3272810.addressBarTakeOverEnabledInHidden", "true");

Verwijdert : user_pref("CT3272810.autoDisableScopes", -1);

Verwijdert : user_pref("CT3272810.browser.search.defaultthis.engineName", true);

Verwijdert : user_pref("CT3272810.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDE5OjUwOjUwIEdNVCswMTAw");

Verwijdert : user_pref("CT3272810.defaultSearch", "true");

Verwijdert : user_pref("CT3272810.embeddedsData", "[{\"appId\":\"130004960265293823\",\"apiPermissions\":{\"cross[...]

Verwijdert : user_pref("CT3272810.enableAlerts", "always");

Verwijdert : user_pref("CT3272810.enableSearchFromAddressBar", "true");

Verwijdert : user_pref("CT3272810.firstTimeDialogOpened", "true");

Verwijdert : user_pref("CT3272810.fixPageNotFoundError", "true");

Verwijdert : user_pref("CT3272810.fixPageNotFoundErrorInHidden", "true");

Verwijdert : user_pref("CT3272810.fixUrls", true);

Verwijdert : user_pref("CT3272810.hxxp___api16_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api21_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api28_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api6_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.installId", "9818");

Verwijdert : user_pref("CT3272810.installType", "conduitnsisintegration");

Verwijdert : user_pref("CT3272810.isCheckedStartAsHidden", true);

Verwijdert : user_pref("CT3272810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.isFirstTimeToolbarLoading", "false");

Verwijdert : user_pref("CT3272810.isNewTabEnabled", true);

Verwijdert : user_pref("CT3272810.isPerformedSmartBarTransition", "true");

Verwijdert : user_pref("CT3272810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Verwijdert : user_pref("CT3272810.keyword", true);

Verwijdert : user_pref("CT3272810.mam_CouponBuddy_appState.enc", "b24=");

Verwijdert : user_pref("CT3272810.mam_PriceGong_appState.enc", "b24=");

Verwijdert : user_pref("CT3272810.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9z[...]

Verwijdert : user_pref("CT3272810.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]

Verwijdert : user_pref("CT3272810.mam_gk_first_time.enc", "MQ==");

Verwijdert : user_pref("CT3272810.mam_gk_lastLoginTime.enc", "MTM1NzY3MDY0ODIyNQ==");

Verwijdert : user_pref("CT3272810.mam_gk_settings.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoy[...]

Verwijdert : user_pref("CT3272810.mam_gk_userId.enc", "M2VhZGNlNTQtY2VmMS00M2ZkLWIwMjUtOGE2M2IzNjdhMTAx");

Verwijdert : user_pref("CT3272810.mam_gk_user_apps_selection.enc", "eyJQcmljZUdvbmciOnRydWUsIkNvdXBvbkJ1ZGR5Ijp0c[...]

Verwijdert : user_pref("CT3272810.migrateAppsAndComponents", true);

Verwijdert : user_pref("CT3272810.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Verwijdert : user_pref("CT3272810.openThankYouPage", "false");

Verwijdert : user_pref("CT3272810.openUninstallPage", "false");

Verwijdert : user_pref("CT3272810.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Verwijdert : user_pref("CT3272810.revertSettingsEnabled", "false");

Verwijdert : user_pref("CT3272810.search.searchAppId", "130004960265293823");

Verwijdert : user_pref("CT3272810.search.searchCount", "0");

Verwijdert : user_pref("CT3272810.searchInNewTabEnabledInHidden", "true");

Verwijdert : user_pref("CT3272810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Verwijdert : user_pref("CT3272810.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357670644582");

Verwijdert : user_pref("CT3272810.serviceLayer_services_appsMetadata_lastUpdate", "1357670644238");

Verwijdert : user_pref("CT3272810.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357670646475");

Verwijdert : user_pref("CT3272810.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357671360516");

Verwijdert : user_pref("CT3272810.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357670646269");

Verwijdert : user_pref("CT3272810.serviceLayer_services_searchAPI_lastUpdate", "1357670642618");

Verwijdert : user_pref("CT3272810.serviceLayer_services_serviceMap_lastUpdate", "1357670642243");

Verwijdert : user_pref("CT3272810.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357670646515");

Verwijdert : user_pref("CT3272810.serviceLayer_services_toolbarSettings_lastUpdate", "1357670642546");

Verwijdert : user_pref("CT3272810.serviceLayer_services_translation_lastUpdate", "1357670644250");

Verwijdert : user_pref("CT3272810.serviceLayer_services_userApps_lastUpdate", "1357671068372");

Verwijdert : user_pref("CT3272810.settingsINI", true);

Verwijdert : user_pref("CT3272810.shouldFirstTimeDialog", "false");

Verwijdert : user_pref("CT3272810.smartbar.CTID", "CT3272810");

Verwijdert : user_pref("CT3272810.smartbar.Uninstall", "0");

Verwijdert : user_pref("CT3272810.smartbar.homepage", true);

Verwijdert : user_pref("CT3272810.smartbar.isHidden", true);

Verwijdert : user_pref("CT3272810.smartbar.toolbarName", "WhiteSmoke US New E1 ");

Verwijdert : user_pref("CT3272810.toolbarBornServerTime", "8-1-2013");

Verwijdert : user_pref("CT3272810.toolbarCurrentServerTime", "8-1-2013");

Verwijdert : user_pref("CT3272810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Verwijdert : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT327281[...]

Verwijdert : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US New E1 Customized Web Search");

Verwijdert : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810[...]

Verwijdert : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]

Verwijdert : user_pref("Smartbar.keywordURLSelectedCTID", "CT3272810");

Verwijdert : user_pref("aol_toolbar.default.homepage.check", false);

Verwijdert : user_pref("aol_toolbar.default.search.check", false);

Verwijdert : user_pref("browser.search.order.1", "Ask.com");

Verwijdert : user_pref("browser.search.selectedEngine", "WhiteSmoke US New E1 Customized Web Search");

Verwijdert : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT3272810&Sea[...]

Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Verwijdert : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CU[...]

Verwijdert : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13[...]

Verwijdert : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Verwijdert : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Verwijdert : user_pref("smartbar.originalSearchAddressUrl", "");

Verwijdert : user_pref("smartbar.originalSearchEngine", false);

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R1].txt - [19324 octets] - [09/01/2013 11:33:49]

AdwCleaner[s2].txt - [19743 octets] - [09/01/2013 11:36:29]

########## EOF - C:\AdwCleaner[s2].txt - [19804 octets] ##########

# AdwCleaner v2.105 - Verslag gemaakt op 09/01/2013 om 11:36:29

# Geactualiseerd op 08/01/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Paul - PAUL-LPT

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Paul\Downloads\adwcleaner(3).exe

# Optie [Verwijderen]

***** [Diensten] *****

Gestopt & Verwijdert : CltMngSvc

***** [Files / Mappen] *****

File Verwijdert : C:\Users\Paul\AppData\Local\Temp\Uninstall.exe

Map Verwijdert : C:\Program Files (x86)\Conduit

Map Verwijdert : C:\Program Files (x86)\SaveAs

Map Verwijdert : C:\Program Files (x86)\SearchProtect

Map Verwijdert : C:\ProgramData\Ask

Map Verwijdert : C:\ProgramData\InstallMate

Map Verwijdert : C:\ProgramData\Partner

Map Verwijdert : C:\Users\Paul\AppData\Local\Conduit

Map Verwijdert : C:\Users\Paul\AppData\Local\SwvUpdater

Map Verwijdert : C:\Users\Paul\AppData\LocalLow\Conduit

Map Verwijdert : C:\Users\Paul\AppData\LocalLow\PriceGong

Map Verwijdert : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\Smartbar

Map Verwijdert : C:\Users\Paul\AppData\Roaming\SearchProtect

Verwijdert bij het opstarten : C:\ProgramData\Premium

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector

Sleutel Verwijdert : HKCU\Software\Conduit

Sleutel Verwijdert : HKCU\Software\InstallCore

Sleutel Verwijdert : HKCU\Software\SearchProtect

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\SearchProtect

Sleutel Verwijdert : HKLM\Software\SP Global

Sleutel Verwijdert : HKLM\Software\SProtector

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v17.0.1 (nl)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\prefs.js

Verwijdert : user_pref("CT2865317.1000234.TWC_TMP_city", "HERENTALS");

Verwijdert : user_pref("CT2865317.1000234.TWC_TMP_country", "BE");

Verwijdert : user_pref("CT2865317.1000234.TWC_locId", "BEXX0206");

Verwijdert : user_pref("CT2865317.1000234.TWC_location", "Herentals, Belgium");

Verwijdert : user_pref("CT2865317.1000234.TWC_region", "OT");

Verwijdert : user_pref("CT2865317.1000234.TWC_temp_dis", "C");

Verwijdert : user_pref("CT2865317.1000234.TWC_wind_dis", "kmh");

Verwijdert : user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"7°C\",\"temperatu[...]

Verwijdert : user_pref("CT2865317.CBOpenMAMSettings.enc", "MA==");

Verwijdert : user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijdert : user_pref("CT2865317.FirstTime", "true");

Verwijdert : user_pref("CT2865317.FirstTimeFF3", "true");

Verwijdert : user_pref("CT2865317.LoginRevertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.PairingKey.enc", "RThGN0I2MDFBRThGNEYwMTgyMEUzRjM0NTQyMUREOUVFRTMwQzY2Nw==");

Verwijdert : user_pref("CT2865317.RevertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]

Verwijdert : user_pref("CT2865317.UserID", "UN58750992632368830");

Verwijdert : user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true");

Verwijdert : user_pref("CT2865317.autoDisableScopes", -1);

Verwijdert : user_pref("CT2865317.browser.search.defaultthis.engineName", true);

Verwijdert : user_pref("CT2865317.cbcountry_001.enc", "QkU=");

Verwijdert : user_pref("CT2865317.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDE4OjEzOjMxIEdNVCswMTAw");

Verwijdert : user_pref("CT2865317.defaultSearch", "true");

Verwijdert : user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"cross[...]

Verwijdert : user_pref("CT2865317.enableAlerts", "always");

Verwijdert : user_pref("CT2865317.enableSearchFromAddressBar", "true");

Verwijdert : user_pref("CT2865317.firstTimeDialogOpened", "true");

Verwijdert : user_pref("CT2865317.fixPageNotFoundError", "true");

Verwijdert : user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true");

Verwijdert : user_pref("CT2865317.fixUrls", true);

Verwijdert : user_pref("CT2865317.installType", "xpe");

Verwijdert : user_pref("CT2865317.isCheckedStartAsHidden", true);

Verwijdert : user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.isFirstTimeToolbarLoading", "false");

Verwijdert : user_pref("CT2865317.isNewTabEnabled", true);

Verwijdert : user_pref("CT2865317.isPerformedSmartBarTransition", "true");

Verwijdert : user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Verwijdert : user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.keyword", true);

Verwijdert : user_pref("CT2865317.migrateAppsAndComponents", true);

Verwijdert : user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Verwijdert : user_pref("CT2865317.openThankYouPage", "true");

Verwijdert : user_pref("CT2865317.openUninstallPage", "false");

Verwijdert : user_pref("CT2865317.revertSettingsEnabled", "false");

Verwijdert : user_pref("CT2865317.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");

Verwijdert : user_pref("CT2865317.search.searchAppId", "129363015615338104");

Verwijdert : user_pref("CT2865317.search.searchCount", "0");

Verwijdert : user_pref("CT2865317.searchInNewTabEnabledInHidden", "true");

Verwijdert : user_pref("CT2865317.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Verwijdert : user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357665210290");

Verwijdert : user_pref("CT2865317.serviceLayer_services_appTracking_lastUpdate", "1357665304474");

Verwijdert : user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1357665209918");

Verwijdert : user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357665211154");

Verwijdert : user_pref("CT2865317.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357671411880");

Verwijdert : user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357665210842");

Verwijdert : user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1357665209120");

Verwijdert : user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1357665208882");

Verwijdert : user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357665211211");

Verwijdert : user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1357672592175");

Verwijdert : user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1357665209930");

Verwijdert : user_pref("CT2865317.settingsINI", true);

Verwijdert : user_pref("CT2865317.shouldFirstTimeDialog", "false");

Verwijdert : user_pref("CT2865317.smartbar.CTID", "CT2865317");

Verwijdert : user_pref("CT2865317.smartbar.Uninstall", "0");

Verwijdert : user_pref("CT2865317.smartbar.homepage", true);

Verwijdert : user_pref("CT2865317.smartbar.isHidden", true);

Verwijdert : user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL ");

Verwijdert : user_pref("CT2865317.startPage", "userChanged");

Verwijdert : user_pref("CT2865317.toolbarBornServerTime", "8-1-2013");

Verwijdert : user_pref("CT2865317.toolbarCurrentServerTime", "8-1-2013");

Verwijdert : user_pref("CT2865317.uTTorrents.enc", "eyJidWlsZCI6Mjg3MDUsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjhFM0E4R[...]

Verwijdert : user_pref("CT2865317.url_history0001.enc", "aHR0cDovL2thdC5waC86OjpjbGlja2hhbmRsZXI6OjoxMzU3NjY1MzQz[...]

Verwijdert : user_pref("CT2865317_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Verwijdert : user_pref("CT3272810.1000082.isDisplayHidden", "true");

Verwijdert : user_pref("CT3272810.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Verwijdert : user_pref("CT3272810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Verwijdert : user_pref("CT3272810.FirstTime", "true");

Verwijdert : user_pref("CT3272810.FirstTimeFF3", "true");

Verwijdert : user_pref("CT3272810.InstallDate", "8/1/2013 19:43:18");

Verwijdert : user_pref("CT3272810.LoginRevertSettingsEnabled", true);

Verwijdert : user_pref("CT3272810.RevertSettingsEnabled", true);

Verwijdert : user_pref("CT3272810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]

Verwijdert : user_pref("CT3272810.UserID", "UN79361368422498797");

Verwijdert : user_pref("CT3272810.addressBarTakeOverEnabledInHidden", "true");

Verwijdert : user_pref("CT3272810.autoDisableScopes", -1);

Verwijdert : user_pref("CT3272810.browser.search.defaultthis.engineName", true);

Verwijdert : user_pref("CT3272810.cbfirsttime.enc", "VHVlIEphbiAwOCAyMDEzIDE5OjUwOjUwIEdNVCswMTAw");

Verwijdert : user_pref("CT3272810.defaultSearch", "true");

Verwijdert : user_pref("CT3272810.embeddedsData", "[{\"appId\":\"130004960265293823\",\"apiPermissions\":{\"cross[...]

Verwijdert : user_pref("CT3272810.enableAlerts", "always");

Verwijdert : user_pref("CT3272810.enableSearchFromAddressBar", "true");

Verwijdert : user_pref("CT3272810.firstTimeDialogOpened", "true");

Verwijdert : user_pref("CT3272810.fixPageNotFoundError", "true");

Verwijdert : user_pref("CT3272810.fixPageNotFoundErrorInHidden", "true");

Verwijdert : user_pref("CT3272810.fixUrls", true);

Verwijdert : user_pref("CT3272810.hxxp___api16_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api21_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api28_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.hxxp___api6_starwebnet_com.pid2.enc", "YTAyYjlhOWU3ZTMwMzg0Yg==");

Verwijdert : user_pref("CT3272810.installId", "9818");

Verwijdert : user_pref("CT3272810.installType", "conduitnsisintegration");

Verwijdert : user_pref("CT3272810.isCheckedStartAsHidden", true);

Verwijdert : user_pref("CT3272810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.isFirstTimeToolbarLoading", "false");

Verwijdert : user_pref("CT3272810.isNewTabEnabled", true);

Verwijdert : user_pref("CT3272810.isPerformedSmartBarTransition", "true");

Verwijdert : user_pref("CT3272810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Verwijdert : user_pref("CT3272810.keyword", true);

Verwijdert : user_pref("CT3272810.mam_CouponBuddy_appState.enc", "b24=");

Verwijdert : user_pref("CT3272810.mam_PriceGong_appState.enc", "b24=");

Verwijdert : user_pref("CT3272810.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9z[...]

Verwijdert : user_pref("CT3272810.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]

Verwijdert : user_pref("CT3272810.mam_gk_first_time.enc", "MQ==");

Verwijdert : user_pref("CT3272810.mam_gk_lastLoginTime.enc", "MTM1NzY3MDY0ODIyNQ==");

Verwijdert : user_pref("CT3272810.mam_gk_settings.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoy[...]

Verwijdert : user_pref("CT3272810.mam_gk_userId.enc", "M2VhZGNlNTQtY2VmMS00M2ZkLWIwMjUtOGE2M2IzNjdhMTAx");

Verwijdert : user_pref("CT3272810.mam_gk_user_apps_selection.enc", "eyJQcmljZUdvbmciOnRydWUsIkNvdXBvbkJ1ZGR5Ijp0c[...]

Verwijdert : user_pref("CT3272810.migrateAppsAndComponents", true);

Verwijdert : user_pref("CT3272810.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Verwijdert : user_pref("CT3272810.openThankYouPage", "false");

Verwijdert : user_pref("CT3272810.openUninstallPage", "false");

Verwijdert : user_pref("CT3272810.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]

Verwijdert : user_pref("CT3272810.revertSettingsEnabled", "false");

Verwijdert : user_pref("CT3272810.search.searchAppId", "130004960265293823");

Verwijdert : user_pref("CT3272810.search.searchCount", "0");

Verwijdert : user_pref("CT3272810.searchInNewTabEnabledInHidden", "true");

Verwijdert : user_pref("CT3272810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Verwijdert : user_pref("CT3272810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Verwijdert : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Verwijdert : user_pref("CT3272810.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357670644582");

Verwijdert : user_pref("CT3272810.serviceLayer_services_appsMetadata_lastUpdate", "1357670644238");

Verwijdert : user_pref("CT3272810.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357670646475");

Verwijdert : user_pref("CT3272810.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357671360516");

Verwijdert : user_pref("CT3272810.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357670646269");

Verwijdert : user_pref("CT3272810.serviceLayer_services_searchAPI_lastUpdate", "1357670642618");

Verwijdert : user_pref("CT3272810.serviceLayer_services_serviceMap_lastUpdate", "1357670642243");

Verwijdert : user_pref("CT3272810.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357670646515");

Verwijdert : user_pref("CT3272810.serviceLayer_services_toolbarSettings_lastUpdate", "1357670642546");

Verwijdert : user_pref("CT3272810.serviceLayer_services_translation_lastUpdate", "1357670644250");

Verwijdert : user_pref("CT3272810.serviceLayer_services_userApps_lastUpdate", "1357671068372");

Verwijdert : user_pref("CT3272810.settingsINI", true);

Verwijdert : user_pref("CT3272810.shouldFirstTimeDialog", "false");

Verwijdert : user_pref("CT3272810.smartbar.CTID", "CT3272810");

Verwijdert : user_pref("CT3272810.smartbar.Uninstall", "0");

Verwijdert : user_pref("CT3272810.smartbar.homepage", true);

Verwijdert : user_pref("CT3272810.smartbar.isHidden", true);

Verwijdert : user_pref("CT3272810.smartbar.toolbarName", "WhiteSmoke US New E1 ");

Verwijdert : user_pref("CT3272810.toolbarBornServerTime", "8-1-2013");

Verwijdert : user_pref("CT3272810.toolbarCurrentServerTime", "8-1-2013");

Verwijdert : user_pref("CT3272810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Verwijdert : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT327281[...]

Verwijdert : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US New E1 Customized Web Search");

Verwijdert : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810[...]

Verwijdert : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]

Verwijdert : user_pref("Smartbar.keywordURLSelectedCTID", "CT3272810");

Verwijdert : user_pref("aol_toolbar.default.homepage.check", false);

Verwijdert : user_pref("aol_toolbar.default.search.check", false);

Verwijdert : user_pref("browser.search.order.1", "Ask.com");

Verwijdert : user_pref("browser.search.selectedEngine", "WhiteSmoke US New E1 Customized Web Search");

Verwijdert : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT3272810&Sea[...]

Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Verwijdert : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CU[...]

Verwijdert : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13[...]

Verwijdert : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Verwijdert : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Verwijdert : user_pref("smartbar.originalSearchAddressUrl", "");

Verwijdert : user_pref("smartbar.originalSearchEngine", false);

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R1].txt - [19324 octets] - [09/01/2013 11:33:49]

AdwCleaner[s2].txt - [19743 octets] - [09/01/2013 11:36:29]

########## EOF - C:\AdwCleaner[s2].txt - [19804 octets] ##########

- - - Updated - - -

Het log bestand van het antivirus dat is het enige dat ik u kan toesturen ik kan ook geen resultaten zijn en het enige dat ik kan verwijderen is het logbestand.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Databaseversie: v2013.01.09.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: PAUL-LPT [administrator]

Bescherming: Ingeschakeld

9/01/2013 11:57:34

mbam-log-2013-01-09 (11-57-34).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 215031

Verstreken tijd: 2 minuut/minuten, 19 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

mvg Paul

Link naar reactie
Delen op andere sites

AdwCleaner heeft een berg rotzooi van de PC gehaald en logje Malwarebytes ziet er nu goed uit.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Het logbestand

ComboFix 13-01-08.01 - Paul 09/01/2013 14:50:44.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.2989.1764 [GMT 1:00]

Gestart vanuit: c:\users\Paul\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\windows\msvcr71.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-09 to 2013-01-09 ))))))))))))))))))))))))))))))

.

.

2013-01-09 13:55 . 2013-01-09 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-08 21:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF41AE59-81C4-46FA-BDBA-463C9A3A14A8}\mpengine.dll

2013-01-08 20:51 . 2013-01-08 20:51 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-01-08 20:51 . 2013-01-08 20:51 -------- d-----w- c:\program files (x86)\Trend Micro

2013-01-08 18:43 . 2013-01-08 18:43 -------- d-----w- c:\programdata\WoW Worldwide Software LTD

2013-01-08 18:42 . 2013-01-08 18:50 -------- d-----w- c:\program files (x86)\Optimizer Pro

2013-01-08 18:42 . 2013-01-08 18:43 -------- d-----w- c:\programdata\Premium

2013-01-08 18:25 . 2013-01-08 18:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2013-01-08 18:24 . 2013-01-08 18:24 -------- d-----w- c:\program files\Adobe

2013-01-08 18:22 . 2013-01-08 18:25 -------- d-----w- c:\program files\Common Files\Adobe

2013-01-08 18:21 . 2013-01-08 18:21 -------- d-----w- c:\program files (x86)\Adobe Media Player

2013-01-08 17:13 . 2013-01-08 17:13 -------- d-----w- c:\users\Paul\AppData\Local\CRE

2013-01-08 17:13 . 2013-01-08 17:13 -------- d-----w- c:\program files (x86)\uTorrent

2013-01-08 17:12 . 2013-01-09 13:52 -------- d-----w- c:\users\Paul\AppData\Roaming\uTorrent

2013-01-08 16:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-08 11:50 . 2013-01-08 11:50 -------- d-----w- c:\program files\Stellarium

2013-01-03 20:02 . 2013-01-03 20:03 -------- d-----w- c:\users\Paul\AppData\Roaming\HpUpdate

2013-01-03 20:02 . 2013-01-03 20:02 -------- d-----w- c:\windows\Hewlett-Packard

2013-01-02 09:20 . 2013-01-02 09:20 -------- d-----w- c:\users\Paul\AppData\Local\Google

2012-12-28 13:37 . 2012-12-28 13:37 -------- d-----w- c:\users\Paul\AppData\Local\Programs

2012-12-26 08:03 . 2012-12-26 16:50 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2012-12-25 22:40 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-25 22:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-25 22:40 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-25 22:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-25 16:49 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-25 16:49 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-25 16:48 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-25 16:48 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-25 16:45 . 2012-12-25 16:46 -------- d-----w- C:\24099cdff77651f2cd798f0041

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-20 22:24 . 2012-10-09 16:38 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-14 15:49 . 2012-10-09 13:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 19:05 . 2012-10-09 16:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 19:05 . 2012-10-09 16:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-10 12:08 . 2012-12-10 12:08 73216 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys

2012-12-10 12:08 . 2012-12-10 12:08 30720 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys

2012-12-10 12:08 . 2012-12-10 12:08 224768 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys

2012-12-10 12:08 . 2012-12-10 12:08 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys

2012-12-10 12:08 . 2012-12-10 12:08 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys

2012-12-10 12:08 . 2012-12-10 12:08 90112 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys

2012-12-10 12:08 . 2012-12-10 12:08 436224 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys

2012-12-10 12:08 . 2012-12-10 12:08 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2012-12-10 12:08 . 2012-12-10 12:08 225920 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2012-12-10 12:08 . 2012-12-10 12:08 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys

2012-12-10 12:08 . 2012-12-10 12:08 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-12-10 12:08 . 2012-12-10 12:08 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2012-12-10 12:08 . 2012-12-10 12:08 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys

2012-12-10 12:08 . 2012-12-10 12:08 104448 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys

2012-11-28 18:22 . 2012-11-28 18:22 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88DE1E05-0533-4730-B39E-A6BB90DD7F08}\gapaengine.dll

2012-11-21 10:21 . 2012-11-21 10:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-21 10:21 . 2012-11-21 10:21 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-21 10:21 . 2012-11-21 10:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-18 12:22 . 2012-10-20 13:13 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-10-16 08:38 . 2012-12-03 10:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-03 10:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-03 10:47 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-12 07:19 . 2012-10-18 12:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EE407C5-C5CB-4604-8360-2ABEB59356C3}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-08 969104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-30 2429]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 LlamaYA movil. RunOuc;LlamaYA movil. OUC;c:\program files (x86)\LlamaYA movil\UpdateDog\ouc.exe [2012-12-10 655712]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-12-10 117248]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-12-10 104448]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 QHY5II_A;QHY5II_A;c:\windows\system32\DRIVERS\QHY5II_A.sys [2012-08-08 24000]

R3 QHY5II_B;QHY5II_B;c:\windows\system32\DRIVERS\QHY5II_B.sys [2012-08-08 55232]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-10 1255736]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-12-10 90112]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 19:05]

.

2013-01-09 c:\windows\Tasks\OptimizerProUpdaterTask{3090683D-1EDB-41CF-B730-65A80BD4B2D0}.job

- c:\programdata\Premium\OptimizerPro\OptimizerPro.exe [2013-01-08 14:50]

.

2013-01-09 c:\windows\Tasks\SaveAsUpdaterTask{3DA8E909-D07A-4F1D-9BBB-FC719F927D86}.job

- c:\programdata\Premium\SaveAs\SaveAs.exe [2013-01-08 14:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\hc7khe8p.default\

FF - prefs.js: browser.search.defaulturl -

FF - ExtSQL: !HIDDEN! 2012-10-09 17:41; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-SP_156f8a5f - c:\program files (x86)\SaveAs\uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-01-09 14:57:01

ComboFix-quarantined-files.txt 2013-01-09 13:57

.

Pre-Run: 434.248.638.464 bytes beschikbaar

Post-Run: 435.724.361.728 bytes beschikbaar

.

- - End Of File - - C2D0301EC909DE97550D7CB6231DA1A6

mvg Paul

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\programdata\WoW Worldwide Software LTD

c:\program files (x86)\Optimizer Pro

c:\programdata\Premium

DirLook::

C:\24099cdff77651f2cd798f0041

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.