start CreateRestorePoint: ShortcutWithArgument: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=RY_298_CH&co=NL&userid=536a859c-a32e-b966-8361-6e0493b899a2&searchtype=sc&installDate=12/08/2014&barcodeid=128055&um=0 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] () GroupPolicy: Restrictie <==== AANDACHT CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT ProxyEnable: [.DEFAULT] => Proxy is ingeschakeld. ProxyServer: [.DEFAULT] => http=127.0.0.1:49727;https=127.0.0.1:49727 HKU\S-1-5-21-232980774-1606696947-1911411212-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPNQVEgaIidPexSlXJqrU0wKu7uS--qqrKS5Csnh9drWNkYpjREmrQodi7NxE9yi8wzlu_u4xanzBHMyafI99zbuqnA5hok9-ycnOOUVJ6A308FlAHj4o0uQjb2xkFx4jlJJZ9EW36cP_ksxGo1FuJ5EJw,,&q={searchTerms} HKU\S-1-5-21-232980774-1606696947-1911411212-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPNQVEgaIidPexSlXJqrU0wKu7uS--qqrKS5Csnh9drWNkYpjREmrQodi7NxE9yi8wzlu_u4xanzBHMyafI99zbuqnA1lTm2xzS1C4eOtqxwGTBko4c3or6h9nNXqrB9zjfQUZZTwfDf0Eker17_r5gd_Q,, SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPNQVEgaIidPexSlXJqrU0wKu7uS--qqrKS5Csnh9drWNkYpjREmrQodi7NxE9yi8wzlu_u4xanzBHMyafI99zbuqnA5hok9-ycnOOUVJ6A308FlAHj4o0uQjb2xkFx4jlJJZ9EW36cP_ksxGo1FuJ5EJw,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-232980774-1606696947-1911411212-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPNQVEgaIidPexSlXJqrU0wKu7uS--qqrKS5Csnh9drWNkYpjREmrQodi7NxE9yi8wzlu_u4xanzBHMyafI99zbuqnA5hok9-ycnOOUVJ6A308FlAHj4o0uQjb2xkFx4jlJJZ9EW36cP_ksxGo1FuJ5EJw,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-232980774-1606696947-1911411212-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPNQVEgaIidPexSlXJqrU0wKu7uS--qqrKS5Csnh9drWNkYpjREmrQodi7NxE9yi8wzlu_u4xanzBHMyafI99zbuqnA5hok9-ycnOOUVJ6A308FlAHj4o0uQjb2xkFx4jlJJZ9EW36cP_ksxGo1FuJ5EJw,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-232980774-1606696947-1911411212-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmPNQVEgaIidPexSlXJqrU0wKu7uS--qqrKS5Csnh9drWNkYpjREmrQodi7NxE9yi8wzlu_u4xanzBHMyafI99zbuqnA5hok9-ycnOOUVJ6A308FlAHj4o0uQjb2xkFx4jlJJZ9EW36cP_ksxGo1FuJ5EJw,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-232980774-1606696947-1911411212-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M061D126E-B6D8-4D61-86A3-B5505D8EC362&SearchSource=58&CUI=&UM=5&UP=SPF4DC5985-8ECF-4B75-A1B4-265D048D2344&q={searchTerms}&SSPV= BHO: Geen Naam -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Geen bestand BHO-x32: Geen Naam -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Geen bestand Toolbar: HKLM - Geen Naam - {ae07101b-46d4-4a98-af68-0333ea26e113} - Geen bestand Toolbar: HKLM-x32 - Geen Naam - {ae07101b-46d4-4a98-af68-0333ea26e113} - Geen bestand Toolbar: HKU\S-1-5-21-232980774-1606696947-1911411212-1001 -> Geen Naam - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - Geen bestand CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M061D126E-B6D8-4D61-86A3-B5505D8EC362&SearchSource=55&CUI=&UM=5&UP=SPF4DC5985-8ECF-4B75-A1B4-265D048D2344&SSPV= CHR HKLM-x32\...\Chrome\Extension: [kpepfkjapeclaafmhoelccknpfedainn] - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidj.crx CHR HKLM-x32\...\Chrome\Extension: [boipimhfjpakfgckhbljjengakjhkcbp] - C:\Users\Eigenaar\AppData\Roaming\BabSolution\CR\mixiDj.crx RemoveProxy: Hosts: EmptyTemp: Reboot: end