systeemcheck op virussen

Beste,

Het betreft de PC van mijn oma, maar zij heeft altijd ineens iets op haar PC gedownload en weet niet hoe dat kan . Ik ben bang dat er misschien een hoop troep op staat. Zouden jullie deze HJT-log willen bekijken?

Alvast bedankt.

Groetjes Yvonne

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:49:48, on 2-3-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

C:\Program Files (x86)\BackUpDutyLite\BackUpDutyLite.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe

C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHAF6A2I\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: FileConverter 1.4 - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files (x86)\FileConverter_1.4\prxtbFile.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\KLAVERJASSEN\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\KLAVERJASSEN\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll

O3 - Toolbar: FileConverter 1.4 Toolbar - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files (x86)\FileConverter_1.4\prxtbFile.dll

O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files (x86)\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKLM\..\Run: [backupDutyLite] C:\Program Files (x86)\BackUpDutyLite\BackUpDutyLite.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [sWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swprotray.exe

O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

O4 - HKCU\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe

O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

O4 - HKCU\..\Run: [sDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll c:\progra~2\bcool\sprote~1.dll c:\progra~2\mocaflix\sprote~1.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe

O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Web Assistant - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17687 bytes

Hallo Yvontje82,

Ik zal je log bekijken.

Ik moet echter mijn advies eerst laten keuren door een gekwalificeerd helper, hierdoor kan het iets langer duren voordat ik je verder kan helpen.

Alvast bedankt voor je begrip.

Met vriendelijke groet,

Mako

Hoi,

1. Ga naar Start - Configuratiescherm - Programma's

Deïnstalleer onderstaande programma's, indien aanwezig:

• BingBar
  
• ClaroSearch
  
• SweetIM
  
• Ask Toolbar
  

2. Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll

O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

O20 - AppInit_DLLs: c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll c:\progra~2\bcool\sprote~1.dll c:\progra~2\mocaflix\sprote~1.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

3. Download AdwCleaner by Xplode naar je bureaublad.

Sluit alle openstaande vensters.

• Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  
• Voor XP: Gewoon dubbelklikken op AdwCleaner.
  
• Klik vervolgens op Verwijderen.
  
• Klik bij AdwCleaner – Informatie op OK
  
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
  

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht samen met een nieuw logje van HijackThis.

Hallo Yvonne,

Heb je al de tijd gevonden om bovenstaande uit te voeren...?

Aangezien er geen reactie meer komt op dit topic, trek ik de conclusie dat het opgelost is en sluit ik het. Dit wordt verplaatst naar de opgeloste Hijackthis-sectie. Mocht je het topic terug heropend willen hebben, kan je mij of één van de andere moderators een PB sturen.

Met vriendelijke groet,

Mako

PC Helpforum moderator bericht:

Topic heropend op vraag van TS

12 mei 2013 aangepast door Mako

Hallo Mako,

Hierbij de twee logjes van HJT en adwcleaner

# AdwCleaner v2.300 - Verslag gemaakt op 12/05/2013 om 16:54:35

# Geactualiseerd op 28/04/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Sjaan - SJAAN-HP

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Sjaan\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

Gestopt & Verwijdert : Web Assistant

***** [Files / Mappen] *****

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-

search.xml

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Verwijdert : C:\user.js

File Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\bProtector

Web Data

File Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default

\bprotectorpreferences

File Verwijdert : C:\Users\Sjaan\AppData\Local\Temp\Uninstall.exe

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\bprotector_extensions.sqlite

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\bprotector_prefs.js

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchplugins\Askcom.xml

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchplugins\askcomsearch.xml

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchplugins\funmoods.xml

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchplugins\Search_Results.xml

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchplugins\SweetIm.xml

File Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchplugins\WebSearch.xml

File Verwijdert : C:\Users\Sjaan\Desktop\Check for Updates.lnk

Map Verwijdert : C:\Program Files (x86)\~BabylonToolbar

Map Verwijdert : C:\Program Files (x86)\Advanced System Protector

Map Verwijdert : C:\Program Files (x86)\Ask.com

Map Verwijdert : C:\Program Files (x86)\Bcool

Map Verwijdert : C:\Program Files (x86)\Claro LTD

Map Verwijdert : C:\Program Files (x86)\Conduit

Map Verwijdert : C:\Program Files (x86)\DealPly

Map Verwijdert : C:\Program Files (x86)\FileConverter_1.4

Map Verwijdert : C:\Program Files (x86)\FilesFrog Update Checker

Map Verwijdert : C:\Program Files (x86)\MocaFlix

Map Verwijdert : C:\Program Files (x86)\Optimizer Pro

Map Verwijdert : C:\Program Files (x86)\PriceGong

Map Verwijdert : C:\Program Files (x86)\Searchqu Toolbar

Map Verwijdert : C:\Program Files (x86)\searchresults

Map Verwijdert : C:\Program Files (x86)\SweetIM

Map Verwijdert : C:\Program Files\Web Assistant

Map Verwijdert : C:\ProgramData\Ask

Map Verwijdert : C:\ProgramData\Babylon

Map Verwijdert : C:\ProgramData\Bcool

Map Verwijdert : C:\ProgramData\boost_interprocess

Map Verwijdert : C:\ProgramData\InstallMate

Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System

Protector

Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro

Map Verwijdert : C:\ProgramData\SweetIM

Map Verwijdert : C:\ProgramData\Trymedia

Map Verwijdert : C:\Users\Sjaan\AppData\Local\APN

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Conduit

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bbjciahceamgodcoidkjpchnokgfpphh

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\cjpglkicenollcignonpgiafdgfeehoj

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dcillohgikpecbmgioknapdpcjofaafl

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dhkplhfnhceodhffomolpfigojocbpcb

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\djigmdmjlandfjinajloijapgkeomjle

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\gaiilaahiahdejapggenmdmafpmbipje

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jcdgjdiieiljkfkdcloehkohchhpekkn

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions

\ogccgbmabaphcakpiclgcnmcnimhokcj

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Ilivid Player

Map Verwijdert : C:\Users\Sjaan\AppData\Local\Savings Sidekick

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\Claro LTD

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\Conduit

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\FileConverter_1.4

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\PriceGong

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\searchquband

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\Searchqutoolbar

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\searchresults

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\searchresultstb

Map Verwijdert : C:\Users\Sjaan\AppData\LocalLow\SweetIM

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\AVG Secure Search

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Babylon

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\BabylonToolbar

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Claro

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\DealPly

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\iWin

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\FilesFrog Update Checker

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\crossriderapp5060@crossrider.com

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\ffxtlbr@funmoods.com

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\extensions\staged

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\Searchqutoolbar

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\searchresults

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles

\dq4sr5bc.default\SweetPacksToolbarData

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\OpenCandy

Map Verwijdert : C:\Users\Sjaan\AppData\Roaming\Optimizer Pro

Map Verwijdert : C:\Users\Sjaan\Documents\Optimizer Pro

Map Verwijdert : C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}

Map Verwijdert : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Map Verwijdert : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

Map Verwijdert : C:\Windows\SysWOW64\WNLT

Verwijdert bij het opstarten : C:\ProgramData\Premium

***** [Register] *****

Data Verwijdert : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr

\x64\datamngr.dll

Data Verwijdert : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr

\x64\IEBHO.dll

Sleutel Verwijdert : HKCU\Software\APN DTX

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Crossrider

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\FileConverter_1.4

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Savings Sidekick

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\searchqutoolbar

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\searchresults

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector

Sleutel Verwijdert : HKCU\Software\AppDataLow\Toolbar

Sleutel Verwijdert : HKCU\Software\BabylonToolbar

Sleutel Verwijdert : HKCU\Software\DataMngr

Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar

Sleutel Verwijdert : HKCU\Software\DealPly

Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions

\gaiilaahiahdejapggenmdmafpmbipje

Sleutel Verwijdert : HKCU\Software\IGearSettings

Sleutel Verwijdert : HKCU\Software\IM

Sleutel Verwijdert : HKCU\Software\ImInstaller

Sleutel Verwijdert : HKCU\Software\Microsoft\Babylon

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{296AA17D-C89E-4242-A5A4-44BFE76914A2}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{336D0C35-8A85-403A-B9D2-65C292C39087}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{EEE6C35B-6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{296AA17D-

C89E-4242-A5A4-44BFE76914A2}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-

8A85-403A-B9D2-65C292C39087}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-

EED7-4BEB-B015-A0ADB30B5646}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-

6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-

4A81-40DC-92F9-E9021F207706}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Sleutel Verwijdert : HKCU\Software\Optimizer Pro

Sleutel Verwijdert : HKCU\Software\searchresults

Sleutel Verwijdert : HKCU\Software\Softonic

Sleutel Verwijdert : HKCU\Software\Somoto

Sleutel Verwijdert : HKCU\Software\WNLT

Sleutel Verwijdert : HKCU\Software\5a4dcddb239eb10

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-

C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-

C3D4-40B7-AC73-056A5EBA4A7E}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-

9C68-4BB3-B188-DD9AF0FD2406}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-

DA91-43C2-B7E9-0E9AAFC675CD}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-

BC4C-4172-9AC4-73315F71CFFE}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-

135F-47C0-9269-B4C6572FD61A}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-

6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKLM\Software\Babylon

Sleutel Verwijdert : HKLM\Software\BabylonToolbar

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\b

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\f

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Features

\9EE58E3C298524145B73CBBED3CAC4D3

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Features

\EB6AF8AEEB922FA4392548F13812E50B

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Features

\F092B960893592640A90584BCB4B1B9B

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Products

\9EE58E3C298524145B73CBBED3CAC4D3

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Products

\EB6AF8AEEB922FA4392548F13812E50B

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Products

\F092B960893592640A90584BCB4B1B9B

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3241951

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.sweetie

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\DataMngr

Sleutel Verwijdert : HKLM\Software\DealPly

Sleutel Verwijdert : HKLM\Software\FileConverter_1.4

Sleutel Verwijdert : HKLM\Software\Funmoods

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{988ABD7F-C363-4605-A81F-5751A690548E}

Sleutel Verwijdert : HKLM\Software\SP Global

Sleutel Verwijdert : HKLM\Software\SProtector

Sleutel Verwijdert : HKLM\Software\Web Assistant

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\5a4dcddb239eb10

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-

7EEBDC476884}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-

318C928DAC1B}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{296AA17D-C89E-4242-A5A4-

44BFE76914A2}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-

4F214A2EE0B1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-

6019A7EE0610}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-

2DDA4E29E39E}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-

DC866BE87DBC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{988ABD7F-C363-4605-A81F-

5751A690548E}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-

A0ADB30B5646}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-

715C042A2575}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-

C2DD4D5060A3}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-

4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-

001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-

001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-

A3AD54915515}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-

74D46A93D370}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-

8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-

AC68-955F3EF9F191}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-

9994-14AEE0EB72CC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-

AD2E-1389062074F1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-

B9C4-6603C1E912D1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-

914E-C72BAAE1B672}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-

96FA-C9FF38EF1762}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-

B393-F48B16E071D1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-

AA4F-9AA366921792}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-

98EC-4C9412B5FC3A}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-

B5E0-D145A8C982E1}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-

B707-3FB6A2C97BD9}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-

9B8A-EE158DCA83A8}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-

B757-CF0FAFC488ED}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-

B331-296B07493D2D}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-

A2A0-EF3B125DC29D}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-

B789-9921674C3993}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-

B227-F96A77DB773F}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-

A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-

9D8E-1EB037B5F1AB}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-

A9EB-7EE27FA65599}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-

8DD6-45AD1FE00047}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-

B584-FE61C0BB6037}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-

88DE-6C150C5D4036}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-

BA69-1B67E7AB3D68}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-

A398-CD6CB6B3D020}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-

A7FD-A9F7ED375CDD}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-

AE5B-BA8CAD5B7347}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-

80F7-CFB154BF55BD}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-

8C13-DF2C9899F82E}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-

9C0D-4A5163774997}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-

9C72-001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-

9C72-001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-

9C72-001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-

B8BE-F4BC34794136}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\dcillohgikpecbmgioknapdpcjofaafl

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\dhdepfaagokllfmhfbcfmocaeigmoebo

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\dhkplhfnhceodhffomolpfigojocbpcb

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\dlnembnfbcpjnepmfjmngjenhhajpdfd

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\gaiilaahiahdejapggenmdmafpmbipje

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\jcdgjdiieiljkfkdcloehkohchhpekkn

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\ogccgbmabaphcakpiclgcnmcnimhokcj

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\pgafcinpmmpklohkojmllohd****efph

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{6099D6D0-5803-4510-9DF9-27E6A03967E2}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{9C148CD3-042E-4E55-AE75-B2D59F2F3107}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes

\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes

\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes

\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes

\{EEE6C360-6118-11DC-9C72-001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer

\Browser Helper Objects\{296AA17D-C89E-4242-A5A4-44BFE76914A2}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\claro

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\FileConverter_1.4 Toolbar

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\FilesFrog Update Checker

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\Searchqu Toolbar

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\searchresults

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\SP_8e4eb48d

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion

\Uninstall\WNLT

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-

733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-

955F3EF9F191}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-

07CD79ABFC9F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-

14AEE0EB72CC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-

1389062074F1}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-

6603C1E912D1}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-

2EFA320B0C54}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-

C72BAAE1B672}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-

C9FF38EF1762}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-

231BA74EA2F4}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-

F3FFE4961A38}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-

F48B16E071D1}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-

3F6B6D96A12C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-

E0036470D6D5}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-

9AA366921792}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-

4C9412B5FC3A}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-

D145A8C982E1}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-

3FB6A2C97BD9}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-

655CE4C416BD}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-

EE158DCA83A8}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-

CF0FAFC488ED}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-

7783533FE888}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-

296B07493D2D}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-

EF3B125DC29D}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-

9921674C3993}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-

F96A77DB773F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-

A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-

36CA4CE919D2}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-

1EB037B5F1AB}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-

72741595C2E8}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-

7EE27FA65599}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-

45AD1FE00047}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-

8A831CDB3A53}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-

FE61C0BB6037}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-

6C150C5D4036}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-

1B67E7AB3D68}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-

CD6CB6B3D020}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-

A9F7ED375CDD}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-

BA8CAD5B7347}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-

D9368133A478}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-

CFB154BF55BD}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-

FFC3C183F443}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-

DF2C9899F82E}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-

4A5163774997}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-

001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-

001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-

001320C79847}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-

F4BC34794136}

Sleutel Verwijdert : HKLM\SOFTWARE\DataMngr

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions

\bbjciahceamgodcoidkjpchnokgfpphh

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions

\cjpglkicenollcignonpgiafdgfeehoj

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions

\dlnembnfbcpjnepmfjmngjenhhajpdfd

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-

DE77-4029-AF96-B231E3B8F827}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-

9C68-4BB3-B188-DD9AF0FD2406}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-

A1CE-4FDD-B9E0-2C37D77AFB0B}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-

8A85-403a-B9D2-65C292C39087}_is1

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\OptimizerPro

Sleutel Verwijdert : HKLM\SOFTWARE\Web Assistant

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes

[bProtectorDefaultScope]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{296AA17D-C89E-4242-A5A4-44BFE76914A2}]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{D4027C7F-154A-4066-A1AD-4243D8127440}]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{EEE6C35B-6118-11DC-9C72-001320C79847}]

Waarde Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

Waarde Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [sDP]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{296AA17D-

C89E-4242-A5A4-44BFE76914A2}]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program

Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program

Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-

65C292C39087}]

Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-

34FC0F9D1052}]

Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar

[{296AA17D-C89E-4242-A5A4-44BFE76914A2}]

Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Vervangen : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] =

hxxp://websearch.just-browse.info/ --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (nl)

File : C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default\prefs.js

C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default\user.js ...

Verwijdert !

Verwijdert : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?

affID=114508&tt=4512_3&babsrc=NT_clro&[...]

Verwijdert : user_pref("browser.search.defaulturl", "hxxp://websearch.just-browse.info/?

l=1&q=");

Verwijdert : user_pref("browser.search.order.1", "WebSearch");

Verwijdert : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", true);

Verwijdert : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-

search.com/?affID=114508&tt=451[...]

Verwijdert : user_pref("extensions.claro.admin", false);

Verwijdert : user_pref("extensions.claro.aflt", "babsst");

Verwijdert : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-

69354F332062}");

Verwijdert : user_pref("extensions.claro.dfltLng", "en");

Verwijdert : user_pref("extensions.claro.excTlbr", false);

Verwijdert : user_pref("extensions.claro.id", "1224657a000000000000e0cb4efc326f");

Verwijdert : user_pref("extensions.claro.instlDay", "15656");

Verwijdert : user_pref("extensions.claro.instlRef", "sst");

Verwijdert : user_pref("extensions.claro.prdct", "claro");

Verwijdert : user_pref("extensions.claro.prtnrId", "claro");

Verwijdert : user_pref("extensions.claro.tlbrId", "claro");

Verwijdert : user_pref("extensions.claro.tlbrSrchUrl", "");

Verwijdert : user_pref("extensions.claro.vrsn", "1.8.3.10");

Verwijdert : user_pref("extensions.claro.vrsni", "1.8.3.10");

Verwijdert : user_pref("extensions.claro_i.smplGrp", "none");

Verwijdert : user_pref("extensions.claro_i.vrsnTs", "1.8.3.102:29:00");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage",

true);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1352683720);

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation",

false[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.active", true);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.addressbar", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n

\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030

0[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value",

"1352683720");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030

00[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration",

"Fri Feb 01 2030 00:00:00 [...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value",

"1352683720");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Mon Nov 12 2012

02:[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value",

"%22nonexistantdomain.com[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Mon Nov 19

2012 [...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22NL%22");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration",

"Fri Feb 01 2030 00:00:00 [...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value",

"1352684375");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb

01 [...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01

2[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B

%22source_id%2[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01

2030[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2245990%22");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030

0[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value",

"1352684377375");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030

00[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value",

"%221265%22");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration",

"Fri Feb 01 2030 00:00:[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value",

"%22105369%22");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri

Feb 01 2030 00:00:00 GM[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value",

"1352684319031");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.description", "Savings

Sidekick");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.domain", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.group", 0);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.homepage", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.iframe", false);

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb

0[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B

%22installe[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01

20[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "37");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri

Feb [...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01

2030[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Mon Nov

12[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01

203[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01

20[...]

Verwijdert : user_pref

("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B

%22AnySoftware%[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!

=typeof _GPL_PLUGIN){var _GP[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.newtab", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.opensearch", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code",

"appAPI._cr_config={appID:funct[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name",

"base");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code",

"Array.prototype.indexOf|[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name",

"GPL Plugin (Loader)");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver",

7);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code",

"var _GPL_BG={vars:{},rul[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name",

"GPL Background (BG)");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver",

4);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code",

"(function(a){a.selectedText=f[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name",

"CrossriderAppUtils");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if

(typeof(appAPI)===\"undefin[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name",

"CrossriderUtils");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code",

"(function(f){var u={};var e=M[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name",

"FacebookFFIE");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code",

"(function(f,{if(typeof(==[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name",

"FFAppAPIWrapper");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 3);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if

(typeof window!==\"undefine[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name",

"jQuery");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var

CrossriderDebugManager=(f[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name",

"debug");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code",

"(function(a){appAPI.queueMana[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name",

"resources");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var

CrossriderInitializerPlug[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name",

"initializer");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*!

jQuery v1.7.1 jquery.com |[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name",

"jquery_1_7_1");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code",

"(function(){appAPI.ready=func[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name",

"resources_background");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0",

"17,14,16,47,1000015");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1",

"17,14,13,16,15,4,1,21,22,100[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-

static.crossrider.com/plugin/a[...]

Verwijdert : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 15);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.thankyou", "");

Verwijdert : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);

Verwijdert : user_pref("extensions.crossriderapp5060.5060.ver", 37);

Verwijdert : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

Verwijdert : user_pref("extensions.crossriderapp5060.apps", "5060");

Verwijdert : user_pref("extensions.crossriderapp5060.bic",

"13af244abb91652d5418dc7a051b7ed1");

Verwijdert : user_pref("extensions.crossriderapp5060.cid", 5060);

Verwijdert : user_pref("extensions.crossriderapp5060.firstrun", false);

Verwijdert : user_pref("extensions.crossriderapp5060.hadappinstalled", true);

Verwijdert : user_pref("extensions.crossriderapp5060.installationdate", 1352684318);

Verwijdert : user_pref("extensions.crossriderapp5060.lastcheck", 22544739);

Verwijdert : user_pref("extensions.crossriderapp5060.lastcheckitem", 22544740);

Verwijdert : user_pref("extensions.crossriderapp5060.modetype", "production");

Verwijdert : user_pref("extensions.crossriderapp5060.reportInstall", true);

Verwijdert : user_pref("extensions.enabledAddons", "{EB9394A3-4AD6-4918-9537-

31A1FD8E8EDF}:2.0,{8A9386B4-E958-4c4[...]

Verwijdert : user_pref("extensions.funmoods.aflt", "download");

Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);

Verwijdert : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Verwijdert : user_pref("extensions.funmoods.cntry", "NL");

Verwijdert : user_pref("extensions.funmoods.cv", "cv5");

Verwijdert : user_pref("extensions.funmoods.dfltLng", "");

Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);

Verwijdert : user_pref("extensions.funmoods.dfltlng", "en");

Verwijdert : user_pref("extensions.funmoods.dfltsrch", true);

Verwijdert : user_pref("extensions.funmoods.dnsErr", true);

Verwijdert : user_pref("extensions.funmoods.envrmnt", "production");

Verwijdert : user_pref("extensions.funmoods.excTlbr", false);

Verwijdert : user_pref("extensions.funmoods.hdrMd5", "A0AEFA9D40FA685F79D9B80D1FC89D7D");

Verwijdert : user_pref("extensions.funmoods.hmpg", true);

Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?

f=1&a=download&chnl=download&cd[...]

Verwijdert : user_pref("extensions.funmoods.hrdid", "E0CB4EFC326F657A");

Verwijdert : user_pref("extensions.funmoods.id", "E0CB4EFC326F657A");

Verwijdert : user_pref("extensions.funmoods.instlDay", "15654");

Verwijdert : user_pref("extensions.funmoods.instlRef", "download");

Verwijdert : user_pref("extensions.funmoods.instlday", "15654");

Verwijdert : user_pref("extensions.funmoods.instlref", "download");

Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);

Verwijdert : user_pref("extensions.funmoods.keywordurl", "");

Verwijdert : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:29:26");

Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Verwijdert : user_pref("extensions.funmoods.newTab", true);

Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?

f=2&a=download&chnl=download&[...]

Verwijdert : user_pref("extensions.funmoods.newtab", true);

Verwijdert : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?

f=2&a=download&chnl=download&[...]

Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods");

Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods");

Verwijdert : user_pref("extensions.funmoods.prtnrid", "funmoods");

Verwijdert : user_pref("extensions.funmoods.savedVrsnTs", "1");

Verwijdert : user_pref("extensions.funmoods.sg", "none");

Verwijdert : user_pref("extensions.funmoods.smplGrp", "none");

Verwijdert : user_pref("extensions.funmoods.smplgrp", "none");

Verwijdert : user_pref("extensions.funmoods.srch", "");

Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Search");

Verwijdert : user_pref("extensions.funmoods.srchprvdr", "Search");

Verwijdert : user_pref("extensions.funmoods.tlbrId", "base");

Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?

f=3&a=download&chnl=downloa[...]

Verwijdert : user_pref("extensions.funmoods.tlbrid", "base");

Verwijdert : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?

f=3&a=download&chnl=downloa[...]

Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Verwijdert : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:29:26");

Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Verwijdert : user_pref("extensions.funmoods.vrsnts", "1.5.23.2217:29:26");

Verwijdert : user_pref("extensions.funmoods_i.newTab", true);

Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none");

Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:29:26");

Verwijdert : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={0A4DDFB0-D217-

4C59-B7ED-F682E5834F5F}&m[...]

Verwijdert : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Verwijdert : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

Verwijdert : user_pref("sweetim.toolbar.Visibility.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Verwijdert : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.handler",

"chrome://sim_toolbar_package/content/optionsdialog-h[...]

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.url",

"hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]

Verwijdert : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.handler",

"chrome://sim_toolbar_package/content/exampledialog-h[...]

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.url",

"chrome://sim_toolbar_package/content/exampledialog.html"[...]

Verwijdert : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.handler",

"chrome://sim_toolbar_package/content/cdadialog-handl[...]

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.url",

"hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

Verwijdert : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Verwijdert : user_pref("sweetim.toolbar.highlight.colors",

"#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Verwijdert : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Verwijdert : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Verwijdert : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Verwijdert : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Verwijdert : user_pref("sweetim.toolbar.mode.debug", "false");

Verwijdert : user_pref("sweetim.toolbar.newtab.created", "false");

Verwijdert : user_pref("sweetim.toolbar.newtab.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine",

"Ask.com");

Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage",

"hxxp://www.searchnu.com/406");

Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL",

"hxxp://search.sweetim.com/search.asp?barid={88CBA[...]

Verwijdert : user_pref("sweetim.toolbar.rc.url",

"hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]

Verwijdert : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|

apps.)?facebook\\.com.*");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.enable", "true");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Verwijdert : user_pref("sweetim.toolbar.scripts.0.url",

"hxxp://sc.sweetim.com/apps/in/fb/infb.js");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|

apps.)?facebook\\.com.*");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Verwijdert : user_pref("sweetim.toolbar.scripts.1.url",

"hxxps://sc.sweetim.com/apps/in/fb/infb.js");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.callback", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.domain-blacklist",

".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]

Verwijdert : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.elementid",

"id_predict_include_script");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Verwijdert : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-

apps.com/scripts/shared/enable.js?[...]

Verwijdert : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?

><TOOLBAR><EXTERNAL_SEARCH engin[...]

Verwijdert : user_pref("sweetim.toolbar.search.history.capacity", "10");

Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", "false");

Verwijdert : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Verwijdert : user_pref("sweetim.toolbar.simapp_id", "{88CBAC4C-05B1-47EF-AF7E-

73B0A309D849}");

Verwijdert : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?

crg=3.32010003&st=12&barid={88C[...]

Verwijdert : user_pref("sweetim.toolbar.version", "1.7.0.3");

Verwijdert : user_pref("browser.search.order.1,S", "WebSearch");

Verwijdert : user_pref("browser.search.selectedEngine,S", "WebSearch");

Verwijdert : user_pref("browser.search.defaultengine", "Ask.com Search");

Verwijdert : user_pref("browser.search.defaultenginename,S", "WebSearch");

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Verwijdert [l.1] : urls_to_restore_on_startup ={"browser":

{"check_default_browser":false,"clear_lso_data_enabled":true,"last_known_google_url":"htt

[...]

*************************

AdwCleaner[s1].txt - [59886 octets] - [12/05/2013 16:54:35]

########## EOF - C:\AdwCleaner[s1].txt - [59947 octets] ##########

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 15:51:35, on 12-5-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

FIREFOX: 15.0.1 (nl)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe

C:\Program Files (x86)\BackUpDutyLite\BackUpDutyLite.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe

C:\Windows\SysWOW64\jmdp\stij.exe

C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: FileConverter 1.4 - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files (x86)\FileConverter_1.4\prxtbFile.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\KLAVERJASSEN\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\KLAVERJASSEN\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: FileConverter 1.4 Toolbar - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files (x86)\FileConverter_1.4\prxtbFile.dll

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [backupDutyLite] C:\Program Files (x86)\BackUpDutyLite\BackUpDutyLite.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [sWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swprotray.exe

O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

O4 - HKCU\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe

O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

O4 - HKCU\..\Run: [sDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - HKCU\..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe

O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - Unknown owner - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Web Assistant - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14848 bytes

Hoi,

1. Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd, (indien nog aanwezig):
   O2 - BHO: FileConverter 1.4 - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files (x86)\FileConverter_1.4\prxtbFile.dll
   O3 - Toolbar: FileConverter 1.4 Toolbar - {296aa17d-c89e-4242-a5a4-44bfe76914a2} - C:\Program Files (x86)\FileConverter_1.4\prxtbFile.dll
   O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
   Klik op 'Fix checked' om de items te verwijderen.
   Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.
   
2. Download zoek.exe naar het bureaublad.
   
   • 
     
   • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
     (hier of hier) kan je lezen hoe je dat doet.
     
   • Dubbelklik op Zoek.exe om de tool te starten.
     
   • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
     
   • Kopieer nu onderstaande code en plak die in het grote invulvenster:
     
   • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     

 
startupall; 
filesrcm; 
C:\Windows\SysWOW64\jmdp;fs
Web Assistant;s
{296aa17d-c89e-4242-a5a4-44bfe76914a2};c
autoclean;
process;

• 
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
  • System Restore Point
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Groet,

Mako

Hoi Mako,

Hetgeet je had aangegven dat ik met HJT moest verwijderen bleek er al niet meer op te staan. Mogelijk dat dit als was verwijderd met AdwCleaner of met de MBAM die ik stiekem ook al had laten draaien (BTW, 36 infecties!!!).

Hieronder het zoek.logje en daaronder ook maar even het MBAM-logje gepost.

Ik zag dat je in het zoek.exe script een web assistant hebt opgezocht, maar als ik zelf nog in programfiles kijk dan zie ik deze nog staan: C:\Program Files\~Web Assistant. Wel een andere lokatie, maar moet deze er misschien ook af?

Maar hopelijk hebben we nu alles er af wat er af moet.

Groetjes Yvonne

Zoek.exe Version 4.0.0.2 Updated 12-May-2013

Tool run by Sjaan on zo 12-05-2013 at 22:20:40,34.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

12-5-2013 22:21:42 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C7EB3AC1-0EA2-46D2-9E79-82BF3E091EB8} deleted successfully

HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D986DB53-4C8F-4F20-866C-52845BDBBF5A} deleted successfully

HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F6D373CC-8197-4D63-A1E3-6E4C4A0DF242} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Online Games Manager\ogmservice.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Sjaan\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default

user.js not found

---- Lines ask.com removed from prefs.js ----

---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtime\":1349480841784},\"{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1352571491745},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\13.2.0.5\",\"mtime\":1352409557409}}},{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1352461629996},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1352461663753}}},{\"name\":\"app-profile\",\"addons\":{\"crossriderapp5060@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\crossriderapp5060@crossrider.com\",\"mtime\":1352683726415},\"ffxtlbr@funmoods.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\ffxtlbr@funmoods.com\",\"mtime\":1352564980418},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1352682728098},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1351694402766},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1349480762864},\"{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\",\"mtime\":1349480819851},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1352564980442},\"{fa63398e-322b-4833-9af3-15837ad12138}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{fa63398e-322b-4833-9af3-15837ad12138}\",\"mtime\":1351897388490}}}]");

---- Lines funmoods removed from prefs.js ----

---- Lines funmoods modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtime\":1349480841784},\"{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1352571491745},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\13.2.0.5\",\"mtime\":1352409557409}}},{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1352461629996},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1352461663753}}},{\"name\":\"app-profile\",\"addons\":{\"crossriderapp5060@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\crossriderapp5060@crossrider.com\",\"mtime\":1352683726415},\"ffxtlbr@funmoods.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\ffxtlbr@funmoods.com\",\"mtime\":1352564980418},\"toolbar@disabled\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\toolbar@disabled\",\"mtime\":1352682728098},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1351694402766},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1349480762864},\"{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\",\"mtime\":1349480819851},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1352564980442},\"{fa63398e-322b-4833-9af3-15837ad12138}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{fa63398e-322b-4833-9af3-15837ad12138}\",\"mtime\":1351897388490}}}]");

---- Lines crossrider removed from prefs.js ----

user_pref("extensions.crossrider.bic", "13af244abb91652d5418dc7a051b7ed1");

---- Lines crossrider modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtime\":1349480841784},\"{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1352571491745},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\13.2.0.5\",\"mtime\":1352409557409}}},{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1352461629996},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1352461663753}}},{\"name\":\"app-profile\",\"addons\":{\"crossriderapp5060@crossrider.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\crossriderapp5060@crossrider.com\",\"mtime\":1352683726415},\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1352564980418},\"toolbar@disabled\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\toolbar@disabled\",\"mtime\":1352682728098},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1351694402766},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1349480762864},\"{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\",\"mtime\":1349480819851},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1352564980442},\"{fa63398e-322b-4833-9af3-15837ad12138}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{fa63398e-322b-4833-9af3-15837ad12138}\",\"mtime\":1351897388490}}}]");

---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----

---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtime\":1349480841784},\"{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1352571491745},\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\13.2.0.5\",\"mtime\":1352409557409}}},{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1352461629996},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1352461663753}}},{\"name\":\"app-profile\",\"addons\":{\"disabledapp5060@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\disabledapp5060@disabled.com\",\"mtime\":1352683726415},\"ffxtlbr@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\ffxtlbr@disabled.com\",\"mtime\":1352564980418},\"toolbar@disabled\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\toolbar@disabled\",\"mtime\":1352682728098},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1351694402766},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1349480762864},\"{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\",\"mtime\":1349480819851},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1352564980442},\"{fa63398e-322b-4833-9af3-15837ad12138}\":{\"descriptor\":\"C:\\\\Users\\\\Sjaan\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dq4sr5bc.default\\\\extensions\\\\{fa63398e-322b-4833-9af3-15837ad12138}\",\"mtime\":1351897388490}}}]");

---- FireFox user.js and prefs.js backups ----

prefs_12-05-2013_2225_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\System32\roboot64.exe deleted successfully

C:\Windows\System32\dmwu.exe deleted successfully

C:\Windows\System32\sasnative64.exe deleted successfully

==== Deleting Files \ Folders ======================

"C:\Windows\SysNative\roboot64.exe" not found

"C:\Windows\SysNative\dmwu.exe" not found

"C:\Windows\SysNative\sasnative64.exe" not found

"C:\Windows\tasks\OptimizerProUpdaterTask{46B433EB-B140-4FA3-9C3B-386EA2CDF21A}.job" deleted

"C:\Windows\tasks\OptimizerProUpdaterTask{46B433EB-B140-4FA3-9C3B-386EA2CDF21A}.job" deleted

"C:\Users\Public\Desktop\Advanced System Protector.lnk" deleted

"C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe" deleted

"C:\Users\Sjaan\AppData\Roaming\hpqLog" deleted

"C:\Windows\SysWOW64\jmdp" deleted

"C:\Program Files (x86)\RegClean Pro" deleted

"C:\Users\Sjaan\AppData\Roaming\SpeedyPC Software" deleted

"C:\Users\Sjaan\AppData\Roaming\Systweak" deleted

"C:\ProgramData\~Browser Manager" deleted

"C:\ProgramData\Systweak" deleted

"C:\ProgramData\SpeedyPC Software" deleted

"C:\ProgramData\WoW Worldwide Software LTD" deleted

"C:\ProgramData\Premium" not deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro" deleted

"C:\Users\Sjaan\AppData\LocalLow\DataMngr" deleted

"C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted

"C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl" deleted

"C:\Windows\Syswow64\jmdp" deleted

"C:\Windows\Syswow64\ARFC" deleted

"C:\ProgramData\Premium\OptimizerPro" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-05-12 14:54:43 CD2E3C0F60906B0A6FD842E2C3297EC0 90 ----a-w- C:\Windows\DeleteOnReboot.bat

====== C:\Users\Sjaan\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-04-29 09:30:28 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\shoBEAD.tmp

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-05-12 14:56:49 5E12F7A5C53CEB652431C5487FEE5E9C 364840 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT

====== C:\Windows\Sysnative\drivers =====

2013-05-12 13:54:33 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-05-02 13:23:35 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Windows\Sysnative\drivers\revoflt.sys

2013-04-27 09:57:55 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys

2013-04-27 09:57:55 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys

2013-04-27 09:57:55 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys

2013-04-27 09:56:20 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2013-04-27 09:56:20 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2013-04-25 13:24:17 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-05-12 13:50:39 -------- d-----w- C:\Program Files\HJT

2013-05-02 13:23:29 -------- d-----w- C:\Program Files\VS Revo Group

======= C:\Program Files (x86) =====

2013-05-07 22:09:45 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe AIR

2013-05-02 14:09:43 -------- d-----w- C:\Program Files (x86)\Driver Pro

======= C: =====

2013-05-12 14:54:35 BDE8DD01CB00A3E983BCABF7DE34C72F 59873 ----a-w- C:\AdwCleaner[s1].txt

2013-05-02 13:42:09 05DEEDF503184B3278D0BCB6336DDA45 344 ----a-w- C:\UserChoice.reg

====== C:\Users\Sjaan\AppData\Roaming ======

2013-05-12 14:43:13 3C4CB2713453D69D8F5D07ED39DB9424 87856 ----a-w- C:\users\Sjaan\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-02 14:09:44 -------- d-----w- C:\users\Sjaan\AppData\Roaming\Driver Pro

2013-05-02 13:24:10 -------- d-----w- C:\users\Sjaan\AppData\Local\VS Revo Group

2013-04-24 12:47:49 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\users\Sjaan\AppData\Local\resmon.resmoncfg

2013-04-24 11:05:58 -------- d-----w- C:\users\Sjaan\AppData\Local\Diagnostics

2013-04-23 22:42:38 -------- d-----w- C:\users\Sjaan\AppData\Local\MFAData

2013-04-23 22:42:38 -------- d-----w- C:\users\Sjaan\AppData\Local\Avg2013

====== C:\Users\Sjaan ======

2013-05-02 14:09:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro

2013-05-02 13:23:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

====== C: exe-files ==

2013-05-12 20:14:13 342C2CEA814C01BBF4CCFC4151C775C0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IQGWFTH.exe

2013-05-12 20:14:13 2DDEA8FFAA974FDDC41D8E78ADE3B5B0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IW55JCP.exe

2013-05-12 20:14:12 E948548C9A52D4925621420044ECF8DE 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IGDHC9T.exe

2013-05-12 20:14:12 D5AF924600A8DE6B529EEFEA49304A5C 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IZO3RXH.exe

2013-05-12 20:14:12 CD15943A5D7ABEF957E26DE7670552F8 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I7VVFEC.exe

2013-05-12 20:14:12 A99395172B3D4B1743137567DE01E75A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I3RRILC.exe

2013-05-12 20:14:12 A3CCB04D80AD10E2771A9EEF02802350 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I8ZXN4J.exe

2013-05-12 20:14:12 9932A6ED16425112DC1C26FE8D2D0C37 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$II7X9EK.exe

2013-05-12 20:14:12 84B0145E79422842BAC7A5C096C4B1B5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IWZA9BZ.exe

2013-05-12 20:14:12 7856D6497BD3C87044B4D1C0912E90C6 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I23LQGQ.exe

2013-05-12 20:14:12 72FF1089C1742B78C7474BBA4265A004 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$ICX2N1C.exe

2013-05-12 20:14:12 6521C0FA0927E17A3D5C1720224FFD28 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IZX30P5.exe

2013-05-12 20:14:12 632E15A207C8ED7C3207CFE121625D25 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$ITHS99M.exe

2013-05-12 20:14:12 589348FB33617B5A8243DFEB39338056 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I4CCDF6.exe

2013-05-12 20:14:12 53062DC19272DC2DD2520FE63FCCAB63 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IUO48LF.exe

2013-05-12 20:14:12 29272CCCD13F65B162D7290465C02347 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IRGW8BZ.exe

2013-05-12 20:14:12 0044BFC7C1050E84A8BB8D5375032865 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IMZ4346.exe

2013-05-12 20:14:11 DE8DA897CEA41A35FF6C84F095D710A2 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IOUY97A.exe

2013-05-12 20:14:11 C3FE432DB0EE837A83841A410DFAC432 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IZGYFRI.exe

2013-05-12 20:14:11 B72CF5C1458611575F2E6E798278BD2B 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$ILBUU6W.exe

2013-05-12 20:14:11 8F5B85B1F3064031ABFE41D1239C538A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I0BCE34.exe

2013-05-12 20:14:11 8BD2D6A225055BF6D2A6ABB15B48F026 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IUUFIEP.exe

2013-05-12 20:14:11 6981B44CCB30B1B33A94F5B2D4E99BA6 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I5YS1U1.exe

2013-05-12 20:14:11 3A394C47C38DB5F96C3A2ABF2645EFFC 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IYM6X40.exe

2013-05-12 20:14:11 39D99720C65EC9F86D7499594D4C79D0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I34Y7V9.exe

2013-05-12 20:14:11 25B887D20AE11F67F3C1F9C0E076AA90 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IGWEZX6.exe

2013-05-12 20:14:11 1F6FB881D3CB80EA3336BFEE03E8A786 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I17RP2B.exe

2013-05-12 20:14:11 1F24273D4BDDC5078C13292F7C8551D0 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I9B557V.exe

2013-05-12 20:14:11 0115E8582921D88C5BE1CE2E7E05EE86 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$I31VPTD.exe

2013-05-12 14:53:34 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Users\Sjaan\Desktop\adwcleaner.exe

2013-05-12 14:16:28 A050EC8A87990067294B81A84FA00B26 3291096 ----a-w- C:\Users\Sjaan\Desktop\sysrc_trial.exe

2013-05-12 00:55:26 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe

2013-05-12 00:55:26 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe

2013-05-12 00:55:25 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateSetup.exe

2013-05-12 00:55:20 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

2013-05-12 00:55:20 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdate.exe

2013-05-12 00:55:20 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

2013-05-12 00:55:17 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe

2013-05-07 22:09:29 F64ED2E0CF4F82F5F8CCEEBCD6B828FC 103272 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

2013-05-07 22:09:29 3ECAC6384B793F4E73C71C822581EE63 54632 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe

2013-05-07 22:09:29 3ECAC6384B793F4E73C71C822581EE63 54632 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe

2013-05-07 22:09:29 2842F93E0B8EEE31CCC29C44BBE131B1 130408 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

2013-05-07 22:09:29 004E16C7DCA3FB38896478DDCC4F00F0 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe

=== C: other files ==

2013-05-12 14:54:43 CD2E3C0F60906B0A6FD842E2C3297EC0 90 ----a-w- C:\Windows\DeleteOnReboot.bat

2013-05-12 13:54:33 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-12 13:54:33 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\sysnative\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"DriverFinder"="C:\Program Files (x86)\DriverFinder\DriverFinder.exe"

"MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Driver Pro"="C:\Program Files (x86)\Driver Pro\DPLauncher.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"

"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"

"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s"

"CloneCDTray"="C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe /s"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"

"InstaLAN"="C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe startup"

"Family Tree Builder Update"="C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe"

"CommonToolkitTray"="C:\Program Files (x86)\Fighters\Tray\FightersTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DriverFinder"="C:\Program Files (x86)\DriverFinder\DriverFinder.exe"

"MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Driver Pro"="C:\Program Files (x86)\Driver Pro\DPLauncher.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"HP Software Update"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"ArcSoft Connection Service"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"

"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

"TkBellExe"="\"c:\\program files (x86)\\real\\realplayer\\Update\\realsched.exe\" -osboot"

==== Startup Folders ======================

2013-01-31 19:31:33 2048 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08-05-2013 00:18]

C:\Windows\tasks\DGChrome20410 Watcher.job --a------ C:\Program Files\Web Assistant\DGChrome.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14-04-2012 16:04]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14-04-2012 16:04]

C:\Windows\tasks\HPCeeScheduleForSjaan.job --a------ [undertermined Task]

C:\Windows\tasks\ParetoLogic Registration3.job --a------ C:\Windows\system32\rundll32GC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll []

C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job --a------ C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [28-03-2013 19:54]

C:\Windows\tasks\ParetoLogic Update Version3.job --a------ C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [28-03-2013 19:54]

C:\Windows\tasks\PC Health Advisor Defrag.job --a------ C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [05-02-2013 21:47]

C:\Windows\tasks\PC Health Advisor.job --a------ C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [05-02-2013 21:47]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default

- Search Results Toolbar - %ProfilePath%\extensions\{fa63398e-322b-4833-9af3-15837ad12138}

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default

C04FCB7EEBEB5097B30468828F20FB9E - C:\KLAVERJASSEN\bin\plugin2\npjp2.dll - Java Platform SE 7 U9

2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fgfdfcbeamjnjdejakdidpniblllnbpg - C:\Windows\SysWOW64\jmdp\pnte.crx[]

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29-11-2012 21:35]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 13:14]

New Tab for Chrome - Sjaan - Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg

RealDownloader - Sjaan - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

Skype Click to Call - Sjaan - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="nu.nl | Het laatste nieuws het eerst op nu.nl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="nu.nl | Het laatste nieuws het eerst op nu.nl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{027BDF00-B507-47ED-8F01-B030A3AF4D5D} Google Url="{searchTerms - Google zoeken}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{557E85BA-8EAB-4F9E-95D0-548E3E150D4E} Startpagina Url="Startpagina Google zoeken"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="{searchTerms} - Bing"

{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo Url="{searchTerms} - Yahoo!-Zoekresultaten"

{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="Zoekresultaten voor "{searchTerms" - Wikipedia}"

{D6537E2A-D561-4F6E-B3EB-F1C88558A962} NU.nl Url="http://www.nu.nl/zoeken/?q={searchTerms}&origin=nu_ie8"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Sjaan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Sjaan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\ProgramData\Premium" not found

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.05.12.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sjaan :: SJAAN-HP [administrator]

12-5-2013 15:55:22

mbam-log-2013-05-12 (15-55-22).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 214337

Verstreken tijd: 7 minuut/minuten, 32 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 9

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: Funmoods Search -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 7

C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 19

C:\Users\Sjaan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\AppData\Local\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Savings Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ico (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ini (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Savings Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Hallo,

Die HijackThis regels zullen inderdaad al verwijderd zijn door AdwCleaner.

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
C:\Windows\SysWOW64\shoBEAD.tmp;f
C:\UserChoice.reg;f
C:\Users\Sjaan\Desktop\sysrc_trial.exe;f
C:\Windows\SysWOW64\jmdp\pnte.crx;f
C:\Program Files\Web Assistant;fs
C:\Program Files\~Web Assistant;fs
C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000;fs 
uninstall-list; 

• 
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
  • System Restore Point
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Hé Mako,

Nog niet alles eraf dus :'-(

Ik kan deze pas volgende week of de week daarop uitvoeren.

Groetjes Yvonne