wilco38

ja, ik kom nu op internet. Mijn computer is een stuk opgefrist, is ook weer sneller. Hartelijk bedankt voor de begeleiding. Het was mij een waar genoegen. vr. gr. wim verbaan

goede morgen Clarkie hierbij dan als bijlage de resultaten adw cleaner[ATTACH]37391[/ATTACH] vr. gr. wim verbaan AdwCleaner[S0].txt

[ATTACH]37362[/ATTACH] hierbij dan de zoek-results vr. gr. wim verbaan zoek-results.txt

Hallo Clarkie, Ik heb rsit in veilige modus gerund. hierbij als bijlage het resultaat. vr. gr. log.txt

Rsit 32 blijft geblokkeerd ondanks dat ik firewal en virusscanner heb uitgeschekeld. RSIT staat toch ook voor Hijack? Ik heb dat programma gedownload en geprobeerd uit te voeren. Wie schetst mijn verbazing nu blijkt dat ook dit programma zorgt dat de internetverbinding niet lukt. Ook het programma (ook als administrator) wordt niet uitgevoerd.

Mijn beveiligingssysteem (ziggo-F-secure) blokkeert RS32

Gebruik en Firefox en Chrome. Zelfde probleem bij beide browsers. Heb gedownload en geïnstalleerd AH fotoservice programma en ook Aldi fotosoftware programma. Als ik gebruik heb gemaakt van één van deze programma's en ik wil via een browser het internet op, dan lukt dat niet, noch bij firefox noch met chrome. De browser komt niet verder dan aangeven: verbinden. Ook kan ik mijn email niet meer ophalen. De computer moet weer worden opgestart en dan gaat alles weer normaal. Mijn beveiliging is via ziggo (f-secure); maar vlgs deskundigen bij ziggo ligt het niet aan de beveiliging. heeft u een suggestie?

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:17:30, on 11-1-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Codessentials\Yadis\Yadis.exe C:\Program Files\Rohos\agent.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Nuria\Nuria.exe C:\Program Files\Samsung\Kies\Kies.exe C:\Program Files\iPrint\iPrint.exe C:\Program Files\Ralink\Common\RaUI.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Translate Client\translateclient.exe C:\Users\Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Windows\system32\RunDll32.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\2.1.5\WombatBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Yadis] c:\program files\codessentials\yadis\yadis.exe O4 - HKCU\..\Run: [Rohos] C:\Program Files\Rohos\agent.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skyDrive] "C:\Users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background O4 - HKCU\..\Run: [Toolwiz BSafe] "F:\Toolwiz BSafe\BSafe.exe" -autorun O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - Startup: Dropbox.lnk = Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5510 series.lnk = ? O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe O4 - Global Startup: iPrint.lnk = C:\Program Files\iPrint\iPrint.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Program Files\LastPass\context.html?cmd=fillforms O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate1c9861ddb57cde0) (gupdate1c9861ddb57cde0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 14231 bytes AMalwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free anti-malware download Databaseversie: v2013.01.11.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Wilco :: WILCO [administrator] 11-1-2013 15:53:13 mbam-log-2013-01-11 (15-53-13).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 234485 Verstreken tijd: 11 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 1 C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 2604 -> Zal worden verwijderd tijdens het herstarten. Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 2 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 11 C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\Savings Sidekick-bg.exe (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\Savings Sidekick.exe (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\Savings Sidekick.ico (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\Savings Sidekick.ini (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Savings Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Wilco\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Wilco\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Zal worden verwijderd tijdens het herstarten. (einde)

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:11:39, on 11-1-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Codessentials\Yadis\Yadis.exe C:\Program Files\Rohos\agent.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Nuria\Nuria.exe C:\Program Files\Samsung\Kies\Kies.exe C:\Windows\System32\jmdp\stij.exe C:\Program Files\iPrint\iPrint.exe C:\Program Files\Ralink\Common\RaUI.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Translate Client\translateclient.exe C:\Users\Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Windows\system32\RunDll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) R3 - URLSearchHook: FCToolbarURLSearchHook Class - {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\2.1.5\WombatBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll O2 - BHO: FCTBPos00Pos - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll O3 - Toolbar: AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [Yadis] c:\program files\codessentials\yadis\yadis.exe O4 - HKCU\..\Run: [Rohos] C:\Program Files\Rohos\agent.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skyDrive] "C:\Users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background O4 - HKCU\..\Run: [Toolwiz BSafe] "F:\Toolwiz BSafe\BSafe.exe" -autorun O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - Startup: Dropbox.lnk = Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5510 series.lnk = ? O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe O4 - Global Startup: iPrint.lnk = C:\Program Files\iPrint\iPrint.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Program Files\LastPass\context.html?cmd=fillforms O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - http://download.sp.f-secure.com/hc/hetnet/PCHC_customization_HetNet/fscax.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\browse~1\22580~1.182\{d1538~1\brwmngr.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate1c9861ddb57cde0) (gupdate1c9861ddb57cde0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: vToolbarUpdater12.1.3 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 16716 bytes

Gisteren is mijn computer geinfecteerd. Ik gebruik de laatstse versie van firefox. Alks startpagina krijg ik steeds "http://mystart.incredibar.com/default.aspx". Deze startpagina is met mijn kennis niet te verwijderen. Aanpassing naar een andere startpagina via extra/opties lukt mij niet. Ook Spybot geeft geen resultaat. Wat kan ik doen?

# AdwCleaner v1.800 - Logfile created 08/01/2012 at 20:57:21 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Wilco - WILCO # Running from : C:\Users\Wilco\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Wilco\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\Wilco\AppData\Local\Conduit Folder Deleted : C:\Users\Wilco\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} Folder Deleted : C:\Users\Wilco\AppData\Local\OpenCandy Folder Deleted : C:\Users\Wilco\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Wilco\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Wilco\AppData\LocalLow\bbrs_002.tb Folder Deleted : C:\Users\Wilco\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Wilco\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\Conduit Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\ConduitCommon Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\ConduitEngine Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\extensions\bbrs_002@blabbers.com Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Conduit Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\searchplugins\Conduit.xml File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2860347 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\BrowserCompanion Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Search Settings Key Deleted : HKLM\SOFTWARE\Softonic.com.NL_FF Key Deleted : HKLM\SOFTWARE\uTorrentBar_NL Key Deleted : HKLM\SOFTWARE\WebShot\OpenCandy Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8BC0518-CD52-4C78-ADD3-A150867FA658} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D191F5-B870-4FD6-93AA-FF94FA095814} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{636E5F38-E406-49D3-8972-EDE6C26D8C91} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6F242D2-75EC-4C67-B359-E585A2F19364} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10D8B2EE-0954-4069-A12B-B1A5B66FAAD9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0C5A98B-3984-46FA-BF5B-670000B84BE6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8BC0518-CD52-4C78-ADD3-A150867FA658} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{636E5F38-E406-49D3-8972-EDE6C26D8C91} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48FB8510-61E8-4DFF-88FD-5FB277118ED9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9D191F5-B870-4FD6-93AA-FF94FA095814} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48FB8510-61E8-4DFF-88FD-5FB277118ED9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{48FB8510-61E8-4DFF-88FD-5FB277118ED9}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={CE363A22-D38C-4457-9E92-DFC17C8AD85A}&mid=d764d610c77447d0805dd15256e44867-b90dcfaa81cb16f4920114b5c86d3a9c40865e4a〈=nl&ds=od011&pr=sa&d=2012-07-19 08:47:50&v=12.1.0.20&sap=hp --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (en-GB) Profile name : default File : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\prefs.js C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\user.js ... Deleted ! Deleted : user_pref("CT1460988.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT1460988.CT1667811.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1668860.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1668889.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1669100.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1669115.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1670222.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1670245.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1729581.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1729585.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1729585.DialogsAlignMode", "LTR"); Deleted : user_pref("CT1460988.CT1729585.FeedLastCount128460900971181341", 226); Deleted : user_pref("CT1460988.CT1729585.GroupingInvalidateCache", false); Deleted : user_pref("CT1460988.CT1729585.GroupingLastCheckTime", "Tue Jan 19 2010 16:05:56 GMT+0100"); Deleted : user_pref("CT1460988.CT1729585.GroupingLastErrorCode", ""); Deleted : user_pref("CT1460988.CT1729585.GroupingLastResponse", true); Deleted : user_pref("CT1460988.CT1729585.GroupingLastServerUpdateTime", "129083020843070000"); Deleted : user_pref("CT1460988.CT1729585.InvalidateCache", false); Deleted : user_pref("CT1460988.CT1729585.LanguagePackLastCheckTime", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.CT1729585.Locale", "nl"); Deleted : user_pref("CT1460988.CT1729585.RadioLastCheckTime", "Tue Jan 19 2010 16:05:56 GMT+0100"); Deleted : user_pref("CT1460988.CT1729585.RadioLastUpdateIPServer", "4"); Deleted : user_pref("CT1460988.CT1729585.RadioLastUpdateServer", "4"); Deleted : user_pref("CT1460988.CT1729585.SearchEngine", "Zoek||hxxp://search.conduit.com/Results.aspx?q=UCM_SE[...] Deleted : user_pref("CT1460988.CT1729585.SearchInNewTabLastCheckTime", "Tue Jan 19 2010 16:03:16 GMT+0100"); Deleted : user_pref("CT1460988.CT1729585.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT1460988.CT1729585.SettingsLastCheckTime", "Tue Jan 19 2010 16:05:55 GMT+0100"); Deleted : user_pref("CT1460988.CT1729585.SettingsLastUpdate", "1263821284"); Deleted : user_pref("CT1460988.CT1729585.ThirdPartyComponentsLastCheck", "Sun Jan 17 2010 10:16:16 GMT+0100"); Deleted : user_pref("CT1460988.CT1729585.ThirdPartyComponentsLastUpdate", "1263484715"); Deleted : user_pref("CT1460988.CT1729585.components.128460851192119579", false); Deleted : user_pref("CT1460988.CT1729585.components.128460900971181341", false); Deleted : user_pref("CT1460988.CT1729585.components.128471966754825544", false); Deleted : user_pref("CT1460988.CT1729585.components.128551719552877929", false); Deleted : user_pref("CT1460988.CT1729585.components.128793523396200505", false); Deleted : user_pref("CT1460988.CT1729585.components.128809958847144598", false); Deleted : user_pref("CT1460988.CT1729585.components.128815983753575738", false); Deleted : user_pref("CT1460988.CT1729585.components.128816065480138193", false); Deleted : user_pref("CT1460988.CT1729585.components.128824677339131748", false); Deleted : user_pref("CT1460988.CT1729585.components.128921590430743976", false); Deleted : user_pref("CT1460988.CT1729585.components.128933358426907094", false); Deleted : user_pref("CT1460988.CT1729585.components.7946447417813871543", false); Deleted : user_pref("CT1460988.CT1729587.CommunityChanged", true); Deleted : user_pref("CT1460988.CT1729593.CommunityChanged", true); Deleted : user_pref("CT1460988.CT2164362.CommunityChanged", true); Deleted : user_pref("CT1460988.CTID", "CT1729585"); Deleted : user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Tue Jan 19 2010 16:07:52 GMT+0100"); Deleted : user_pref("CT1460988.CommunitiesStatus.CT1729585", 0); Deleted : user_pref("CT1460988.CommunityChanged", true); Deleted : user_pref("CT1460988.CurrentServerDate", "19-1-2010"); Deleted : user_pref("CT1460988.DialogsAlignMode", "LTR"); Deleted : user_pref("CT1460988.EMailNotifierPollDate", "Tue Jan 19 2010 16:03:18 GMT+0100"); Deleted : user_pref("CT1460988.FeedPollDate128460898315556274", "Tue Jan 19 2010 16:03:16 GMT+0100"); Deleted : user_pref("CT1460988.FeedPollDate128460899415556929", "Tue Jan 19 2010 16:03:16 GMT+0100"); Deleted : user_pref("CT1460988.FeedPollDate128460899564463182", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.FeedPollDate128460899661963361", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.FeedPollDate128460899768994715", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.FeedPollDate128479826070094154", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.FeedTTL128460898315556274", 5); Deleted : user_pref("CT1460988.FeedTTL128460899415556929", 20); Deleted : user_pref("CT1460988.FeedTTL128460899564463182", 30); Deleted : user_pref("CT1460988.FeedTTL128460899661963361", 15); Deleted : user_pref("CT1460988.FirstServerDate", "17-1-2010"); Deleted : user_pref("CT1460988.FirstTime", true); Deleted : user_pref("CT1460988.FirstTimeFF3", true); Deleted : user_pref("CT1460988.FixPageNotFoundErrors", true); Deleted : user_pref("CT1460988.GroupingLastCheckTime", "Tue Jan 19 2010 16:03:16 GMT+0100"); Deleted : user_pref("CT1460988.GroupingLastErrorCode", ""); Deleted : user_pref("CT1460988.GroupingLastResponse", true); Deleted : user_pref("CT1460988.GroupingLastServerUpdateTime", "129083928859130000"); Deleted : user_pref("CT1460988.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT1460988.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT1460988.Initialize", true); Deleted : user_pref("CT1460988.InitializeCommonPrefs", true); Deleted : user_pref("CT1460988.InstalledDate", "Sun Jan 17 2010 10:12:20 GMT+0100"); Deleted : user_pref("CT1460988.IsGrouping", true); Deleted : user_pref("CT1460988.IsMulticommunity", false); Deleted : user_pref("CT1460988.IsOpenThankYouPage", false); Deleted : user_pref("CT1460988.IsOpenUninstallPage", true); Deleted : user_pref("CT1460988.LanguagePackLastCheckTime", "Sun Jan 17 2010 10:12:21 GMT+0100"); Deleted : user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT1460988.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT1460988.LastLogin_2.5.4.6", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.LatestVersion", "2.1.0.18"); Deleted : user_pref("CT1460988.Locale", "en-us"); Deleted : user_pref("CT1460988.LoginCache", 4); Deleted : user_pref("CT1460988.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT1460988.MCDetectTooltipShow", false); Deleted : user_pref("CT1460988.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT1460988.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT1460988.RadioIsPodcast", false); Deleted : user_pref("CT1460988.RadioMediaID", "9962"); Deleted : user_pref("CT1460988.RadioMediaType", "Media Player"); Deleted : user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609889962"); Deleted : user_pref("CT1460988.RadioShrinked", "shrinked"); Deleted : user_pref("CT1460988.RadioStationName", "California%20Rock"); Deleted : user_pref("CT1460988.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT1460988.SHRINK_TOOLBAR", 0); Deleted : user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT1460988.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146[...] Deleted : user_pref("CT1460988.SearchInNewTabEnabled", true); Deleted : user_pref("CT1460988.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT1460988.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...] Deleted : user_pref("CT1460988.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT1460988.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT1460988.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT1460988.SettingsLastCheckTime", "Sun Jan 17 2010 10:12:19 GMT+0100"); Deleted : user_pref("CT1460988.SettingsLastUpdate", "1263572606"); Deleted : user_pref("CT1460988.ThirdPartyComponentsInterval", 72); Deleted : user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Sun Jan 17 2010 10:12:18 GMT+0100"); Deleted : user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1263572606"); Deleted : user_pref("CT1460988.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT1460988.UserID", "UN30811847687079275"); Deleted : user_pref("CT1460988.ValidationData_Search", 0); Deleted : user_pref("CT1460988.ValidationData_Toolbar", 2); Deleted : user_pref("CT1460988.WeatherNetwork", ""); Deleted : user_pref("CT1460988.WeatherPollDate", "Tue Jan 19 2010 16:03:17 GMT+0100"); Deleted : user_pref("CT1460988.WeatherUnit", "C"); Deleted : user_pref("CT1460988.clientLogIsEnabled", false); Deleted : user_pref("CT1460988.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT1460988.components.1000034", false); Deleted : user_pref("CT1460988.ct1729585.DialogsAlignMode", "LTR"); Deleted : user_pref("CT1460988.ct1729585.FeedLastCount128460900971181341", 155); Deleted : user_pref("CT1460988.ct1729585.GroupingInvalidateCache", false); Deleted : user_pref("CT1460988.ct1729585.GroupingLastCheckTime", "Sun Jan 17 2010 10:12:20 GMT+0100"); Deleted : user_pref("CT1460988.ct1729585.GroupingLastErrorCode", ""); Deleted : user_pref("CT1460988.ct1729585.GroupingLastResponse", true); Deleted : user_pref("CT1460988.ct1729585.GroupingLastServerUpdateTime", "129079655152100000"); Deleted : user_pref("CT1460988.ct1729585.InvalidateCache", false); Deleted : user_pref("CT1460988.ct1729585.LanguagePackLastCheckTime", "Sun Jan 17 2010 10:12:22 GMT+0100"); Deleted : user_pref("CT1460988.ct1729585.Locale", "nl"); Deleted : user_pref("CT1460988.ct1729585.RadioLastCheckTime", "Sun Jan 17 2010 10:12:21 GMT+0100"); Deleted : user_pref("CT1460988.ct1729585.RadioLastUpdateIPServer", "4"); Deleted : user_pref("CT1460988.ct1729585.RadioLastUpdateServer", "4"); Deleted : user_pref("CT1460988.ct1729585.SearchEngine", "Zoek||hxxp://search.conduit.com/Results.aspx?q=UCM_SE[...] Deleted : user_pref("CT1460988.ct1729585.SearchInNewTabLastCheckTime", "Sun Jan 17 2010 10:12:21 GMT+0100"); Deleted : user_pref("CT1460988.ct1729585.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT1460988.ct1729585.SettingsLastCheckTime", "Sun Jan 17 2010 10:12:20 GMT+0100"); Deleted : user_pref("CT1460988.ct1729585.SettingsLastUpdate", "1263484715"); Deleted : user_pref("CT1460988.ct1729585.ThirdPartyComponentsLastCheck", "Sun Jan 17 2010 10:12:20 GMT+0100"); Deleted : user_pref("CT1460988.ct1729585.ThirdPartyComponentsLastUpdate", "1263484715"); Deleted : user_pref("CT1460988.myStuffEnabled", true); Deleted : user_pref("CT1460988.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT1460988.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...] Deleted : user_pref("CT1460988.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT1460988.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT1460988.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2860347..clientLogIsEnabled", true); Deleted : user_pref("CT2860347..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2860347..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2860347.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2860347.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2860347.CTID", "CT2860347"); Deleted : user_pref("CT2860347.CurrentServerDate", "20-11-2011"); Deleted : user_pref("CT2860347.DSInstall", true); Deleted : user_pref("CT2860347.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2860347.DialogsGetterLastCheckTime", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.DownloadReferralCookieData", ""); Deleted : user_pref("CT2860347.EMailNotifierPollDate", "Sun Nov 20 2011 09:47:51 GMT+0100"); Deleted : user_pref("CT2860347.FeedLastCount129359256046388233", 709); Deleted : user_pref("CT2860347.FeedPollDate129150409730308153", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150410477960158", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150411149992123", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150411149992124", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150413057804235", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150414312491517", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150414941085546", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150415506867223", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150416295308354", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150416821245960", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150417598276979", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150418464839018", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150418961870358", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150419428120755", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150421384370672", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150422141713870", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150443759997630", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150461459212855", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate129150462560150661", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate3927911755645313500", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.FeedPollDate3927911755645379000", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.FeedTTL129150410477960158", 2); Deleted : user_pref("CT2860347.FeedTTL129150414312491517", 5); Deleted : user_pref("CT2860347.FeedTTL129150417598276979", 10); Deleted : user_pref("CT2860347.FirstServerDate", "13-11-2011"); Deleted : user_pref("CT2860347.FirstTime", true); Deleted : user_pref("CT2860347.FirstTimeFF3", true); Deleted : user_pref("CT2860347.FixPageNotFoundErrors", true); Deleted : user_pref("CT2860347.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2860347.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2860347.HPInstall", false); Deleted : user_pref("CT2860347.HasUserGlobalKeys", true); Deleted : user_pref("CT2860347.HomePageProtectorEnabled", true); Deleted : user_pref("CT2860347.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2860347&SearchSource=[...] Deleted : user_pref("CT2860347.Initialize", true); Deleted : user_pref("CT2860347.InitializeCommonPrefs", true); Deleted : user_pref("CT2860347.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2860347.InstallationId", "CT2860347_00699_00706_072054_BL"); Deleted : user_pref("CT2860347.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2860347.InstalledDate", "Sun Nov 13 2011 10:21:11 GMT+0100"); Deleted : user_pref("CT2860347.InvalidateCache", false); Deleted : user_pref("CT2860347.IsAlertDBUpdated", true); Deleted : user_pref("CT2860347.IsGrouping", false); Deleted : user_pref("CT2860347.IsInitSetupIni", true); Deleted : user_pref("CT2860347.IsMulticommunity", false); Deleted : user_pref("CT2860347.IsOpenThankYouPage", false); Deleted : user_pref("CT2860347.IsOpenUninstallPage", true); Deleted : user_pref("CT2860347.IsProtectorsInit", true); Deleted : user_pref("CT2860347.LanguagePackLastCheckTime", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2860347.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2860347.LastLogin_3.7.0.6", "Sun Nov 13 2011 10:21:13 GMT+0100"); Deleted : user_pref("CT2860347.LastLogin_3.8.0.8", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.LatestVersion", "3.5.0.12"); Deleted : user_pref("CT2860347.Locale", "nl"); Deleted : user_pref("CT2860347.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2860347.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2860347.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2860347.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2860347.OriginalFirstVersion", "3.7.0.6"); Deleted : user_pref("CT2860347.RadioIsPodcast", false); Deleted : user_pref("CT2860347.RadioLastCheckTime", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2860347.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2860347.RadioMediaID", "9962"); Deleted : user_pref("CT2860347.RadioMediaType", "Media Player"); Deleted : user_pref("CT2860347.RadioMenuSelectedID", "EBRadioMenu_CT28603479962"); Deleted : user_pref("CT2860347.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2860347.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2860347.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2860347.SavedHomepage", "hxxp://www.seniorweb.nl/default.aspx"); Deleted : user_pref("CT2860347.SearchCaption", "Softonic.com.NL FF Customized Web Search"); Deleted : user_pref("CT2860347.SearchEngineBeforeUnload", "Softonic.com.NL FF Customized Web Search"); Deleted : user_pref("CT2860347.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2860347.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...] Deleted : user_pref("CT2860347.SearchInNewTabEnabled", true); Deleted : user_pref("CT2860347.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2860347.SearchInNewTabLastCheckTime", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2860347.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2860347.SearchProtectorEnabled", true); Deleted : user_pref("CT2860347.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2860347.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2860347.ServiceMapLastCheckTime", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CT2860347.SettingsLastCheckTime", "Sun Nov 20 2011 09:47:50 GMT+0100"); Deleted : user_pref("CT2860347.SettingsLastUpdate", "1318930104"); Deleted : user_pref("CT2860347.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2860347&SearchSource=13"); Deleted : user_pref("CT2860347.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2860347.ThirdPartyComponentsLastCheck", "Sun Nov 13 2011 10:21:10 GMT+0100"); Deleted : user_pref("CT2860347.ThirdPartyComponentsLastUpdate", "1256026239"); Deleted : user_pref("CT2860347.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2860347.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2860347"); Deleted : user_pref("CT2860347.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2860347.UserID", "UN82112093246467953"); Deleted : user_pref("CT2860347.WeatherNetwork", ""); Deleted : user_pref("CT2860347.WeatherPollDate", "Sun Nov 20 2011 09:47:53 GMT+0100"); Deleted : user_pref("CT2860347.WeatherUnit", "C"); Deleted : user_pref("CT2860347.alertChannelId", "1252363"); Deleted : user_pref("CT2860347.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2860347.globalFirstTimeInfoLastCheckTime", "Sun Nov 20 2011 09:47:55 GMT+0100"); Deleted : user_pref("CT2860347.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2860347.initDone", true); Deleted : user_pref("CT2860347.isAppTrackingManagerOn", true); Deleted : user_pref("CT2860347.isFirstRadioInstallation", false); Deleted : user_pref("CT2860347.myStuffEnabled", true); Deleted : user_pref("CT2860347.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2860347.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2860347.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2860347.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2860347.oldAppsList", "129359256026544019,129359256026700270,111,3109033329227924510,12[...] Deleted : user_pref("CT2860347.revertSettingsEnabled", true); Deleted : user_pref("CT2860347.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2860347.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2860347.testingCtid", ""); Deleted : user_pref("CT2860347.toolbarAppMetaDataLastCheckTime", "Sun Nov 20 2011 09:47:54 GMT+0100"); Deleted : user_pref("CT2860347.toolbarContextMenuLastCheckTime", "Sun Nov 13 2011 10:21:13 GMT+0100"); Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2866295,CT2865317"); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2860347&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Softonic.com.NL FF Customized Web Search"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/10896/10676/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1252363/1248036/NL", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24183/23680/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24247/23744/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24250/23747/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24264/23761/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24266/23763/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24349/23846/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24350/23847/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28311/27793/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28312/27794/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28313/27795/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28315/27797/NL", "\"0\""); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/563458/559322/NL", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2860347", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2866295", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2860347",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2866295",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2860347&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2866295/CT2866295[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"1ec[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true); Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Wilco\\AppData\\Roaming\\Mozilla\\F[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2865317"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{87775fdb-6972-41f9-ae51-8326e38cb206}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_nl"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://toolbar.ask.com/toolbarv/askRedir[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1460988,ConduitEngine,CT2860347"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,ConduitEngine,CT2860347"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2860347"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 08:55:49 GMT+01[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 11:34:39 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 09:46:55 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "{736d7011-7b7a-4dab-940b-f829ad7e0207}"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 14 2011 18:52:51 GMT+0100"); Deleted : user_pref("CommunityToolbar.globalUserId", "73fbd730-4223-44b4-bf72-3c28c193b35c"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2860347"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 13 2011 10:21:1[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 20 2011 09:48:00 GMT+010[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 20 2011 09:47:52 GMT+0100"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "f942a688-185e-4c6e-ba54-21f7d13224ad"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.seniorweb.nl/default.aspx"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google"); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 20 2011 08:28:27 GMT+0200"); Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jan 10 2011 15:38:18 GMT+0100"); Deleted : user_pref("ConduitEngine.FirstServerDate", "01/09/2011 11"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Jan 09 2011 09:55:13 GMT+0100"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jan 10 2011 15:38:21 GMT+0100"); Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jan 09 2011 09:55:13 GMT+0100"); Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Mon Jan 10 2011 15:38:21 GMT+0100"); Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13"[...] Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jan 10 2011 15:38:18 GMT+0100"); Deleted : user_pref("ConduitEngine.UserID", "UN50479045714002962"); Deleted : user_pref("ConduitEngine.engineLocale", "nl"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jan 10 2011 15:38:18 GMT+0100"); Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jan 10 2011 15:38:22 GMT+0100"); Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic.com.NL FF Customized Web Search"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111805"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111805&babsrc=N[...] Deleted : user_pref("extensions.asktb.cbid", "F4"); Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...] Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.emailing.nespresso.com/r/?id=he54e99c,5aa[...] Deleted : user_pref("extensions.asktb.fresh-install", false); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1273338507141"); Deleted : user_pref("extensions.asktb.locale", "en_US"); Deleted : user_pref("extensions.asktb.o", "101699"); Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.r", "2"); Deleted : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...] Deleted : user_pref("extensions.snipit.askTbInstalled", true); Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&g[...] -\\ Google Chrome v20.0.1132.57 File : C:\Users\Wilco\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "urls_to_restore_on_startup": [ "hxxp://www.seniorweb.nl/", "hxxps://isearch.avg.com/?cid={[...] Deleted : "description": "AVG Secure Search", Deleted : "name": "AVG Secure Search", Deleted : "description": "SweetIm for Facebook", Deleted : "name": "SweetIM for Facebook", Deleted : "urls_to_restore_on_startup": [ "hxxp://www.seniorweb.nl/", "hxxps://isearch.avg.com/?cid={CE3[...] ************************* AdwCleaner[s1].txt - [49524 octets] - [01/08/2012 20:57:21] ########## EOF - C:\AdwCleaner[s1].txt - [49653 octets] ##########

Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 1-8-2012 17:00:46 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 1-8-2012 17:02:52 Key: hkey_local_machine\software\trymedia systems Ontdekt: Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software Ontdekt: Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\classes\appid\updatebho.dll Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Ontdekt: Trace.Registry.getstyles!E1 C:\Users\Wilco\AppData\Roaming\OpenCandy\OpenCandy_2225F6DD86274A77B110ED563F01E31A\LatestDLMgr.exe Ontdekt: Adware.Win32.OpenCandy.AMN!E1 C:\Users\Wilco\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap392_1226925343.gif Ontdekt: Attached PE/Script!E2 C:\Program Files\Ixquick Deskbar\deskbar.dll Ontdekt: Adware.Win32.Softomate.AC!E1 Gescand 647511 Gevonden 9 Scan geëindigd: 1-8-2012 17:54:26 Scantijd: 0:51:34 C:\Program Files\Ixquick Deskbar\deskbar.dll Verwijderd Adware.Win32.Softomate.AC!E1 C:\Users\Wilco\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap392_1226925343.gif Verwijderd Attached PE/Script!E2 C:\Users\Wilco\AppData\Roaming\OpenCandy\OpenCandy_2225F6DD86274A77B110ED563F01E31A\LatestDLMgr.exe Verwijderd Adware.Win32.OpenCandy.AMN!E1 Key: hkey_local_machine\software\classes\appid\updatebho.dll Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\trymedia systems Verwijderd Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software Verwijderd Trace.Registry.trymedia!E1 Verwijderd 9

Helaas is het probleem nog niet opgelost. Ik krijg nog steeds een popup met name van adserver. De andere twee popups die ik had heb ik al enige tijd niet meer gezien. Adserver vertoont zich niet al te vaak komt plotseling te voorschijn, maar het valt niet te voorspellen wanneer.

ComboFix 12-07-30.03 - Wilco 31-07-2012 18:27:17.3.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1580 [GMT 2:00] Gestart vanuit: c:\users\Wilco\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Wilco\Desktop\CFscript.txt AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Softonic.com.NL_FF c:\program files\Softonic.com.NL_FF\GottenAppsContextMenu.xml c:\program files\Softonic.com.NL_FF\ldrtbSoft.dll c:\program files\Softonic.com.NL_FF\OtherAppsContextMenu.xml c:\program files\Softonic.com.NL_FF\prxtbSoft.dll c:\program files\Softonic.com.NL_FF\SharedAppsContextMenu.xml c:\program files\Softonic.com.NL_FF\Softonic.com.NL_FFToolbarHelper.exe c:\program files\Softonic.com.NL_FF\tbSoft.dll c:\program files\Softonic.com.NL_FF\toolbar.cfg c:\program files\Softonic.com.NL_FF\ToolbarContextMenu.xml c:\program files\Softonic.com.NL_FF\uninstall.exe c:\programdata\Iconix c:\programdata\Iconix\Wilco.usr c:\users\Wilco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))) . . 2012-07-31 16:37 . 2012-07-31 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-31 06:46 . 2012-07-31 06:46 -------- d-----w- c:\users\Wilco\AppData\Roaming\Sammsoft 2012-07-30 09:55 . 2008-10-01 18:01 1995776 ----a-w- c:\windows\system32\vcl120.bpl 2012-07-30 09:55 . 2008-10-01 18:01 1095168 ----a-w- c:\windows\system32\rtl120.bpl 2012-07-30 09:55 . 2012-07-30 09:55 -------- d-----w- c:\program files\MyPoi Manager 2012-07-30 09:55 . 2012-07-30 09:55 -------- d-----w- c:\program files\Common Files\MyPoiWorld Shared 2012-07-30 09:55 . 2012-07-31 16:19 -------- d-----w- c:\programdata\MyPoiWorld 2012-07-19 12:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-07-19 06:48 . 2012-07-19 06:48 -------- d-----w- c:\users\Wilco\AppData\Local\AVG Secure Search 2012-07-19 06:48 . 2012-07-19 06:48 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-19 06:47 . 2012-07-19 06:47 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-07-19 06:47 . 2012-07-19 06:47 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-07-19 06:47 . 2012-07-19 06:47 -------- d-----w- c:\program files\AVG Secure Search 2012-07-19 06:46 . 2012-07-19 06:46 -------- d--h--w- c:\programdata\Common Files 2012-07-13 07:11 . 2012-07-13 07:11 -------- d-----w- c:\users\Wilco\AppData\Roaming\Malwarebytes 2012-07-13 07:11 . 2012-07-13 07:11 -------- d-----w- c:\programdata\Malwarebytes 2012-07-12 12:40 . 2012-07-12 12:40 388096 ----a-r- c:\users\Wilco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-12 12:40 . 2012-07-12 12:40 -------- d-----w- c:\program files\Trend Micro 2012-07-11 07:39 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 06:31 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 06:31 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 06:31 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 06:31 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 06:31 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-09 07:33 . 2012-07-09 07:34 -------- d-----w- c:\users\Wilco\AppData\Roaming\Spamihilator 2012-07-09 07:32 . 2012-07-09 07:32 768848 ----a-w- c:\windows\system32\msvcr100.dll 2012-07-09 07:32 . 2012-07-09 07:32 421200 ----a-w- c:\windows\system32\msvcp100.dll 2012-07-09 07:31 . 2012-07-09 07:35 -------- d-----w- c:\program files\Spamihilator . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-31 16:39 . 2012-07-31 16:39 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKslf3835fdd.sys 2012-07-31 16:25 . 2012-07-31 16:25 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\offreg.dll 2012-07-31 16:19 . 2012-07-31 16:19 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKsl5f2d4110.sys 2012-07-24 08:59 . 2012-04-11 15:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-24 08:59 . 2011-06-07 11:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-29 08:44 . 2012-07-31 09:17 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\mpengine.dll 2012-06-29 08:44 . 2012-07-31 08:50 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 07:35 . 2012-06-13 07:35 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-13 07:35 . 2010-04-18 17:20 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-02 22:19 . 2012-06-26 14:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-26 14:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-26 14:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-26 14:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-26 14:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-26 14:19 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-26 14:19 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-26 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-26 14:19 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-29 07:38 . 2012-05-23 16:49 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-23 16:50 . 2012-05-30 07:30 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-05-23 16:49 . 2012-05-23 16:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-05-23 16:49 . 2012-05-23 16:49 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-05-23 16:49 . 2012-05-23 16:49 172032 ----a-w- c:\windows\system32\muzapp.exe 2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-05-23 16:49 . 2012-05-30 07:30 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-05-21 02:09 . 2012-05-30 07:34 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-05-21 02:09 . 2012-05-30 07:34 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2008-09-30 16:51 . 2008-09-30 16:51 9774080 ----a-w- c:\program files\openofficeorg30.msi 2008-09-18 16:08 . 2008-09-18 16:08 424728 ----a-w- c:\program files\setup.exe 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe 2012-07-19 06:25 . 2011-03-23 07:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-06-29 12:31 . 2010-06-29 12:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2010-10-13 21:28 . 2011-01-10 17:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-19 06:47 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-19 2086496] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "Yadis"="c:\program files\codessentials\yadis\yadis.exe" [2011-01-14 1758208] "Rohos"="c:\program files\Rohos\agent.exe" [2011-05-17 801080] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SkyDrive"="c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2011-06-17 342872] "iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-11-08 606904] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-19 1147488] "MyPoi Monitor"="c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-03-26 2114808] . c:\users\Wilco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-7-17 1014624] MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ iPrint.lnk - c:\program files\iPrint\iPrint.exe [2012-2-17 2893824] Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-2-23 6479712] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-11-9 290872] Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2011-6-23 1683456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Wilco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeClip.lnk] backup=c:\windows\pss\FreeClip.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie] 2008-09-18 06:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-06-29 12:31 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-06-30 15:06 133104 ----atw- c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe] 2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing] 2008-05-20 15:50 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbBoost] 2010-08-21 17:01 3788800 ----a-w- c:\program files\UsbBoost\TurboHddUsb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-01-09 08:51 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] R2 gupdate1c9861ddb57cde0;Google Update Service (gupdate1c9861ddb57cde0);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 MpKsl5f2d4110;MpKsl5f2d4110;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKsl5f2d4110.sys [x] S1 MpKslf3835fdd;MpKslf3835fdd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKslf3835fdd.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [x] S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 RHDISK;RHDISK;c:\program files\Rohos\RHDISK.SYS [x] S2 Rohos Disk;Rohos Disk service;c:\program files\Rohos\agent.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSLF3835FDD *Deregistered* - MPFP . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:59] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:38] . 2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:38] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-862677247-1756649656-1137367909-1000Core.job - c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 15:06] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-862677247-1756649656-1137367909-1000UA.job - c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 15:06] . 2012-06-14 c:\windows\Tasks\NeroLiveEpgUpdate-WILCO_Wilco.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 12:58] . . ------- Bijkomende Scan ------- . uStart Page = https://isearch.avg.com/?cid={CE363A22-D38C-4457-9E92-DFC17C8AD85A}&mid=d764d610c77447d0805dd15256e44867-b90dcfaa81cb16f4920114b5c86d3a9c40865e4a〈=nl&ds=od011&pr=sa&d=2012-07-19 08:47&v=12.1.0.20&sap=hp mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0109&m=aspire_m3641 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Invulformulieren - file://c:\program files\LastPass\context.html?cmd=fillforms Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll FF - ProfilePath - c:\users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - SeniorWeb.nl | SeniorWeb, de computerhulp voor u FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.08);user_pref(general.useragent.extra.zencast, );user_pref(extensions.BabylonToolbar_i.babTrack, affID=111805 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Softonic.com.NL_FF Toolbar - c:\program files\Softonic.com.NL_FF\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5604) c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\atieclxx.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Ralink\Common\RaRegistry.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\windows\system32\WUDFHost.exe c:\windows\RtHDVCpl.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Translate Client\translateclient_cpu_donate.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2012-07-31 18:46:05 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-31 16:46 ComboFix2.txt 2012-07-31 09:13 ComboFix3.txt 2012-07-31 08:49 . Pre-Run: 210.439.909.376 bytes beschikbaar Post-Run: 210.367.131.648 bytes beschikbaar . - - End Of File - - 6B72C85ABDF13F58975D56CFFC5EAD5D

ComboFix 12-07-30.03 - Wilco 31-07-2012 10:55:27.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1636 [GMT 2:00] Gestart vanuit: c:\users\Wilco\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wilco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))) . . 2012-07-31 09:05 . 2012-07-31 09:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-31 06:51 . 2012-07-31 06:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-31 06:51 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-31 06:46 . 2012-07-31 06:46 -------- d-----w- c:\users\Wilco\AppData\Roaming\Sammsoft 2012-07-30 09:55 . 2008-10-01 18:01 1995776 ----a-w- c:\windows\system32\vcl120.bpl 2012-07-30 09:55 . 2008-10-01 18:01 1095168 ----a-w- c:\windows\system32\rtl120.bpl 2012-07-30 09:55 . 2012-07-30 09:55 -------- d-----w- c:\program files\MyPoi Manager 2012-07-30 09:55 . 2012-07-30 09:55 -------- d-----w- c:\program files\Common Files\MyPoiWorld Shared 2012-07-30 09:55 . 2012-07-31 05:40 -------- d-----w- c:\programdata\MyPoiWorld 2012-07-19 12:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-07-19 06:48 . 2012-07-19 06:48 -------- d-----w- c:\users\Wilco\AppData\Local\AVG Secure Search 2012-07-19 06:48 . 2012-07-19 06:48 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-19 06:47 . 2012-07-19 06:47 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-07-19 06:47 . 2012-07-19 06:47 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-07-19 06:47 . 2012-07-19 06:47 -------- d-----w- c:\program files\AVG Secure Search 2012-07-19 06:46 . 2012-07-19 06:46 -------- d--h--w- c:\programdata\Common Files 2012-07-13 07:11 . 2012-07-13 07:11 -------- d-----w- c:\users\Wilco\AppData\Roaming\Malwarebytes 2012-07-13 07:11 . 2012-07-13 07:11 -------- d-----w- c:\programdata\Malwarebytes 2012-07-12 12:40 . 2012-07-12 12:40 388096 ----a-r- c:\users\Wilco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-12 12:40 . 2012-07-12 12:40 -------- d-----w- c:\program files\Trend Micro 2012-07-11 07:39 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 06:31 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 06:31 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 06:31 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 06:31 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 06:31 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-09 07:33 . 2012-07-09 07:34 -------- d-----w- c:\users\Wilco\AppData\Roaming\Spamihilator 2012-07-09 07:32 . 2012-07-09 07:32 768848 ----a-w- c:\windows\system32\msvcr100.dll 2012-07-09 07:32 . 2012-07-09 07:32 421200 ----a-w- c:\windows\system32\msvcp100.dll 2012-07-09 07:31 . 2012-07-09 07:35 -------- d-----w- c:\program files\Spamihilator . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-24 08:59 . 2012-04-11 15:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-24 08:59 . 2011-06-07 11:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-29 08:44 . 2012-07-31 08:53 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10D0365E-025E-4D1B-AAFC-81EE5A089839}\mpengine.dll 2012-06-29 08:44 . 2012-07-31 08:50 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 07:35 . 2012-06-13 07:35 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-13 07:35 . 2010-04-18 17:20 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-02 22:19 . 2012-06-26 14:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-26 14:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-26 14:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-26 14:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-26 14:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-26 14:19 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-26 14:19 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-26 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-26 14:19 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-29 07:38 . 2012-05-23 16:49 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-23 16:50 . 2012-05-30 07:30 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-05-23 16:49 . 2012-05-23 16:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-05-23 16:49 . 2012-05-23 16:49 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-05-23 16:49 . 2012-05-23 16:49 172032 ----a-w- c:\windows\system32\muzapp.exe 2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-05-23 16:49 . 2012-05-30 07:30 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-05-21 02:09 . 2012-05-30 07:34 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-05-21 02:09 . 2012-05-30 07:34 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2008-09-30 16:51 . 2008-09-30 16:51 9774080 ----a-w- c:\program files\openofficeorg30.msi 2008-09-18 16:08 . 2008-09-18 16:08 424728 ----a-w- c:\program files\setup.exe 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe 2012-07-19 06:25 . 2011-03-23 07:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-06-29 12:31 . 2010-06-29 12:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2010-10-13 21:28 . 2011-01-10 17:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-19 06:47 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-19 2086496] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{48FB8510-61E8-4DFF-88FD-5FB277118ED9}"= "c:\program files\Softonic.com.NL_FF\prxtbSoft.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{48fb8510-61e8-4dff-88fd-5fb277118ed9}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "Yadis"="c:\program files\codessentials\yadis\yadis.exe" [2011-01-14 1758208] "Rohos"="c:\program files\Rohos\agent.exe" [2011-05-17 801080] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SkyDrive"="c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2011-06-17 342872] "iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-11-08 606904] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-19 1147488] "MyPoi Monitor"="c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-03-26 2114808] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Wilco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-7-17 1014624] MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ iPrint.lnk - c:\program files\iPrint\iPrint.exe [2012-2-17 2893824] Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-2-23 6479712] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-11-9 290872] Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2011-6-23 1683456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Wilco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeClip.lnk] backup=c:\windows\pss\FreeClip.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie] 2008-09-18 06:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-06-29 12:31 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-06-30 15:06 133104 ----atw- c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe] 2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing] 2008-05-20 15:50 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbBoost] 2010-08-21 17:01 3788800 ----a-w- c:\program files\UsbBoost\TurboHddUsb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-01-09 08:51 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] R2 gupdate1c9861ddb57cde0;Google Update Service (gupdate1c9861ddb57cde0);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [x] S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 RHDISK;RHDISK;c:\program files\Rohos\RHDISK.SYS [x] S2 Rohos Disk;Rohos Disk service;c:\program files\Rohos\agent.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - MPFP . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:59] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:38] . 2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:38] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-862677247-1756649656-1137367909-1000Core.job - c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 15:06] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-862677247-1756649656-1137367909-1000UA.job - c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 15:06] . 2012-06-14 c:\windows\Tasks\NeroLiveEpgUpdate-WILCO_Wilco.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 12:58] . . ------- Bijkomende Scan ------- . uStart Page = https://isearch.avg.com/?cid={CE363A22-D38C-4457-9E92-DFC17C8AD85A}&mid=d764d610c77447d0805dd15256e44867-b90dcfaa81cb16f4920114b5c86d3a9c40865e4a〈=nl&ds=od011&pr=sa&d=2012-07-19 08:47&v=12.1.0.20&sap=hp mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0109&m=aspire_m3641 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass IE: LastPass Invulformulieren - file://c:\program files\LastPass\context.html?cmd=fillforms Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll FF - ProfilePath - c:\users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2860347&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - SeniorWeb.nl | SeniorWeb, de computerhulp voor u FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.08);user_pref(general.useragent.extra.zencast, );user_pref(extensions.BabylonToolbar_i.babTrack, affID=111805 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000145c87a54d FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000145c87a54d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15447 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:27 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3796) c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\atieclxx.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Ralink\Common\RaRegistry.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\windows\RtHDVCpl.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\windows\system32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Translate Client\translateclient_cpu_donate.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2012-07-31 11:13:47 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-31 09:13 ComboFix2.txt 2012-07-31 08:49 . Pre-Run: 210.437.591.040 bytes beschikbaar Post-Run: 210.336.403.456 bytes beschikbaar . - - End Of File - - CAE7BF8FE766D4ED7CA7DCD48C7B89A1