Malden

Ik heb even gewacht met reageren, maar de pc draait zo als ik hem afgelopen 2 jaar niet meer heb meegemaakt. Echt een stuk sneller en geen pop ups en politie virus meerxD Voel me bijna schuldig voor de gratis hulp die ik hier heb gekregen, ik weet niet wie je bent maar super bedankt Kape voor de hulp! alles was echt duidelijk zelfs voor een leek Groeten joost

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 20:40:32 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : joost - PC_VAN_JOOST # Boot Mode : Normal # Running from : C:\Users\joost\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\joost\AppData\Local\Conduit Folder Deleted : C:\Users\joost\AppData\Local\ToggleDU Folder Deleted : C:\Users\joost\AppData\LocalLow\Conduit Folder Deleted : C:\Users\joost\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\joost\AppData\LocalLow\DVDVideoSoftTB Folder Deleted : C:\Users\joost\AppData\LocalLow\PHPNukeDU Folder Deleted : C:\Users\joost\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\joost\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\joost\AppData\LocalLow\ToggleDU Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\ConduitCommon Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\CT2269050 Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\CT3196716 Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\DVDVideoSoftTB Folder Deleted : C:\Program Files\PHPNukeDU Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Program Files\ToggleDU File Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\searchplugins\Conduit.xml File Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\searchplugins\SweetIm.xml ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DealPly Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SweetIm Key Deleted : HKCU\Software\ToggleDU Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\conduitEngine Key Deleted : HKLM\SOFTWARE\DealPly Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDU Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleDU Toolbar Key Deleted : HKLM\SOFTWARE\PHPNukeDU Key Deleted : HKLM\SOFTWARE\SweetIM Key Deleted : HKLM\SOFTWARE\ToggleDU ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A4A90D8-48E6-4541-9CEF-4AC86E6D9F66} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96A5D3C-3944-4A70-B315-841844EA6D98} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7565AE-61C7-42C7-94F8-0ECB018BA612} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C01DA411-B911-41B8-B8F7-870E8B82B37E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F81A6703-7FC8-43AB-86C2-AAD936E115E4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEC3BFC9-7254-4257-B8D1-C738AE1AFA79} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7C31186-AF84-46C2-B16B-BC055B82C21F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7C31186-AF84-46C2-B16B-BC055B82C21F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CEC3BFC9-7254-4257-B8D1-C738AE1AFA79} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{46735DEE-F862-49D1-876D-6382794DC625}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19298 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (nl) Profile name : default File : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\prefs.js Deleted : user_pref("CT2269050..clientLogIsEnabled", false); Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Mon Aug 13 2012 17:53:13 GMT+0200"); Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_1000515", true); Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true); Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", false); Deleted : user_pref("CT2269050.CT2269050", "CT2269050"); Deleted : user_pref("CT2269050.CommunitiesChangesLastCheckTime", "0"); Deleted : user_pref("CT2269050.CurrentServerDate", "15-8-2012"); Deleted : user_pref("CT2269050.DSInstall", true); Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue Aug 14 2012 12:40:53 GMT+0200"); Deleted : user_pref("CT2269050.DownloadReferralCookieData", ""); Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Wed Aug 15 2012 12:28:57 GMT+0200"); Deleted : user_pref("CT2269050.FirstServerDate", "11-8-2012"); Deleted : user_pref("CT2269050.FirstTime", true); Deleted : user_pref("CT2269050.FirstTimeFF3", true); Deleted : user_pref("CT2269050.FirstTimeHiddenVer", true); Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true); Deleted : user_pref("CT2269050.GroupingInvalidateCache", false); Deleted : user_pref("CT2269050.GroupingLastCheckTime", "0"); Deleted : user_pref("CT2269050.GroupingLastServerUpdateTime", "0"); Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2269050.HPChangedManually", true); Deleted : user_pref("CT2269050.HPInstall", true); Deleted : user_pref("CT2269050.HasUserGlobalKeys", true); Deleted : user_pref("CT2269050.HomePageProtectorEnabled", false); Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=[...] Deleted : user_pref("CT2269050.Initialize", true); Deleted : user_pref("CT2269050.InitializeCommonPrefs", true); Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2269050.InstallationType", "Unknown"); Deleted : user_pref("CT2269050.InstalledDate", "Sat Aug 11 2012 12:35:18 GMT+0200"); Deleted : user_pref("CT2269050.InvalidateCache", false); Deleted : user_pref("CT2269050.IsAlertDBUpdated", true); Deleted : user_pref("CT2269050.IsGrouping", false); Deleted : user_pref("CT2269050.IsInitSetupIni", true); Deleted : user_pref("CT2269050.IsMulticommunity", false); Deleted : user_pref("CT2269050.IsOpenThankYouPage", true); Deleted : user_pref("CT2269050.IsOpenUninstallPage", true); Deleted : user_pref("CT2269050.IsProtectorsInit", true); Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 15 2012 17:53:03 GMT+0200"); Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Aug 15 2012 17:21:48 GMT+0200"); Deleted : user_pref("CT2269050.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2269050.Locale", "en"); Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.14.1.0"); Deleted : user_pref("CT2269050.RadioIsPodcast", false); Deleted : user_pref("CT2269050.RadioLastCheckTime", "Wed Aug 15 2012 12:30:08 GMT+0200"); Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "0"); Deleted : user_pref("CT2269050.RadioMediaID", "12473383"); Deleted : user_pref("CT2269050.RadioMediaType", "Media Player"); Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Deleted : user_pref("CT2269050.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT2269050.SearchBoxWidth", 100); Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search"); Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "WiseConvert Customized Web Search"); Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true); Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 15 2012 17:52:56 GMT+0200"); Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2269050.SearchProtectorEnabled", false); Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Aug 15 2012 17:53:03 GMT+0200"); Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 15 2012 20:07:49 GMT+0200"); Deleted : user_pref("CT2269050.SettingsLastUpdate", "1345033695"); Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"); Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 11 2012 12:35:09 GMT+0200"); Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2269050.UserID", "UN90360481344129556"); Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2); Deleted : user_pref("CT2269050.WeatherNetwork", ""); Deleted : user_pref("CT2269050.WeatherPollDate", "Wed Aug 15 2012 12:00:33 GMT+0200"); Deleted : user_pref("CT2269050.WeatherUnit", "C"); Deleted : user_pref("CT2269050.alertChannelId", "666138"); Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D6D7373746E7770"); Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737379797A747D76242F4B4947[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#cf", "247E61393F236B25757674722A212C6E414F444D[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3C3E3E706C6E6C6E7A46767179207C787721257E4E51262A55[...] Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", ""); Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "393F352F3E"); Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...] Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...] Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3D3E3C403D6E44727A714474744B787676794F5024"); Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6D7373746E7678777872"); Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A"); Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E"); Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443"); Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D"); Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5468752041756720313620323031322031323A[...] Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6E65746865726C616E6473"); Deleted : user_pref("CT2269050.components.1000034", false); Deleted : user_pref("CT2269050.components.1000082", false); Deleted : user_pref("CT2269050.components.1000234", false); Deleted : user_pref("CT2269050.components.1000515", false); Deleted : user_pref("CT2269050.components.129023235807856892", false); Deleted : user_pref("CT2269050.components.129121052374999726", false); Deleted : user_pref("CT2269050.components.129351672002618989", false); Deleted : user_pref("CT2269050.components.129351776130744254", false); Deleted : user_pref("CT2269050.components.129391330693125668", false); Deleted : user_pref("CT2269050.components.129466585399606892", false); Deleted : user_pref("CT2269050.components.129681780741097243", false); Deleted : user_pref("CT2269050.components.129863783591067571", false); Deleted : user_pref("CT2269050.components.129881140170815901", false); Deleted : user_pref("CT2269050.components.129881141106886992", false); Deleted : user_pref("CT2269050.components.3562342111233572", false); Deleted : user_pref("CT2269050.components.4930556174285671", false); Deleted : user_pref("CT2269050.components.7527685960312859", false); Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sat Aug 11 2012 12:35:17 GMT+0200"); Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2269050.initDone", true); Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true); Deleted : user_pref("CT2269050.isFirstRadioInstallation", false); Deleted : user_pref("CT2269050.myStuffEnabled", true); Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2269050.navigateToUrlOnSearch", false); Deleted : user_pref("CT2269050.revertSettingsEnabled", true); Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2269050.testingCtid", ""); Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Aug 15 2012 17:31:36 GMT+0200"); Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sat Aug 11 2012 12:35:18 GMT+0200"); Deleted : user_pref("CT2269050.usagesFlag", 2); Deleted : user_pref("CT3196716..clientLogIsEnabled", false); Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3196716.AppTrackingLastCheckTime", "Tue Aug 14 2012 17:26:05 GMT+0200"); Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true); Deleted : user_pref("CT3196716.CT3196716", "CT3196716"); Deleted : user_pref("CT3196716.CurrentServerDate", "15-8-2012"); Deleted : user_pref("CT3196716.DSChangedManually", true); Deleted : user_pref("CT3196716.DSInstall", true); Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Tue Aug 14 2012 12:31:43 GMT+0200"); Deleted : user_pref("CT3196716.DownloadReferralCookieData", ""); Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Wed Aug 15 2012 12:22:58 GMT+0200"); Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Mon Aug 13 2012 13:32:24 GMT+020[...] Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Mon Aug 13 2012 13:32:24 GMT+020[...] Deleted : user_pref("CT3196716.FirstServerDate", "11-8-2012"); Deleted : user_pref("CT3196716.FirstTime", true); Deleted : user_pref("CT3196716.FirstTimeFF3", true); Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true); Deleted : user_pref("CT3196716.FixPageNotFoundErrors", true); Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3196716.HPInstall", true); Deleted : user_pref("CT3196716.HPProtectChoice", true); Deleted : user_pref("CT3196716.HPProtectCount", 1); Deleted : user_pref("CT3196716.HasUserGlobalKeys", true); Deleted : user_pref("CT3196716.HomePageProtectorEnabled", true); Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=[...] Deleted : user_pref("CT3196716.Initialize", true); Deleted : user_pref("CT3196716.InitializeCommonPrefs", true); Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3196716.InstallationType", "Unknown"); Deleted : user_pref("CT3196716.InstalledDate", "Sat Aug 11 2012 12:36:13 GMT+0200"); Deleted : user_pref("CT3196716.InvalidateCache", false); Deleted : user_pref("CT3196716.IsAlertDBUpdated", true); Deleted : user_pref("CT3196716.IsGrouping", false); Deleted : user_pref("CT3196716.IsInitSetupIni", true); Deleted : user_pref("CT3196716.IsMulticommunity", false); Deleted : user_pref("CT3196716.IsOpenThankYouPage", true); Deleted : user_pref("CT3196716.IsOpenUninstallPage", true); Deleted : user_pref("CT3196716.IsProtectorsInit", true); Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Wed Aug 15 2012 17:31:37 GMT+0200"); Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3196716.LastLogin_3.14.1.0", "Wed Aug 15 2012 17:21:48 GMT+0200"); Deleted : user_pref("CT3196716.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT3196716.Locale", "en"); Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3196716.MCDetectTooltipShow", false); Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.14.1.0"); Deleted : user_pref("CT3196716.RadioIsPodcast", false); Deleted : user_pref("CT3196716.RadioLastCheckTime", "Tue Aug 14 2012 17:53:36 GMT+0200"); Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3"); Deleted : user_pref("CT3196716.RadioMediaID", "9962"); Deleted : user_pref("CT3196716.RadioMediaType", "Media Player"); Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962"); Deleted : user_pref("CT3196716.RadioShrinked", "shrinked"); Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", true); Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock"); Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT3196716.SHRINK_TOOLBAR", 0); Deleted : user_pref("CT3196716.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"); Deleted : user_pref("CT3196716.SearchBoxWidth", 100); Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search"); Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "WiseConvert Customized Web Search"); Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...] Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true); Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Wed Aug 15 2012 17:31:36 GMT+0200"); Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3196716.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT3196716.SearchProtectorEnabled", false); Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Wed Aug 15 2012 17:53:03 GMT+0200"); Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Wed Aug 15 2012 20:07:49 GMT+0200"); Deleted : user_pref("CT3196716.SettingsLastUpdate", "1345033693"); Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13"); Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Sat Aug 11 2012 12:35:16 GMT+0200"); Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", true); Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716"); Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3196716.UserID", "UN72660992083095793"); Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2); Deleted : user_pref("CT3196716.WeatherNetwork", ""); Deleted : user_pref("CT3196716.WeatherPollDate", "Wed Aug 15 2012 12:00:32 GMT+0200"); Deleted : user_pref("CT3196716.WeatherUnit", "C"); Deleted : user_pref("CT3196716.alertChannelId", "1613210"); Deleted : user_pref("CT3196716.approveUntrustedApps", false); Deleted : user_pref("CT3196716.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el8:", "6E6D6D6D7373746E776F"); Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737379797A747D75242F4B4947[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#cf", "247E61393F236B25757674722A212C6E414F444D[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Deleted : user_pref("CT3196716.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Deleted : user_pref("CT3196716.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Deleted : user_pref("CT3196716.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Deleted : user_pref("CT3196716.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Deleted : user_pref("CT3196716.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Deleted : user_pref("CT3196716.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Deleted : user_pref("CT3196716.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Deleted : user_pref("CT3196716.backendstorage./9b-0?3g>d", "3D6A3E6F404071727A4347744520474C79792521207E7C2A54[...] Deleted : user_pref("CT3196716.backendstorage./9b-0?3g@6:5;", ""); Deleted : user_pref("CT3196716.backendstorage./9b-0?3gfa7ef", "393F352F3E"); Deleted : user_pref("CT3196716.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...] Deleted : user_pref("CT3196716.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Deleted : user_pref("CT3196716.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...] Deleted : user_pref("CT3196716.backendstorage./9b5ba==9cjag", "6F696C406A6D43767A737545464A7A48777D7E7B23"); Deleted : user_pref("CT3196716.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6D7373746E7678747473"); Deleted : user_pref("CT3196716.backendstorage./9b9643g3/9e", "6A"); Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<", "393F352F3E"); Deleted : user_pref("CT3196716.backendstorage./9b=+03eh8h8j?:", "4443"); Deleted : user_pref("CT3196716.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Deleted : user_pref("CT3196716.backendstorage./9b?b0d:8aj62<h", "6D"); Deleted : user_pref("CT3196716.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544"); Deleted : user_pref("CT3196716.backendstorage.facebook_mode", "32"); Deleted : user_pref("CT3196716.backendstorage.facebook_user_locale", "656E"); Deleted : user_pref("CT3196716.backendstorage.fired_events", ""); Deleted : user_pref("CT3196716.backendstorage.key_date", "3135"); Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "5468752041756720313620323031322031323A[...] Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "6E65746865726C616E6473"); Deleted : user_pref("CT3196716.components.1000034", false); Deleted : user_pref("CT3196716.components.1000082", false); Deleted : user_pref("CT3196716.components.1000234", false); Deleted : user_pref("CT3196716.components.129755756828511878", false); Deleted : user_pref("CT3196716.components.129755756829761921", false); Deleted : user_pref("CT3196716.components.129755756831793241", false); Deleted : user_pref("CT3196716.components.129757581393447276", false); Deleted : user_pref("CT3196716.components.129774122767598898", false); Deleted : user_pref("CT3196716.components.129823208536028032", false); Deleted : user_pref("CT3196716.components.129847328042486445", false); Deleted : user_pref("CT3196716.components.129876925696479818", false); Deleted : user_pref("CT3196716.components.3562342111233572", false); Deleted : user_pref("CT3196716.components.4930556174285671", false); Deleted : user_pref("CT3196716.components.7527685960312859", false); Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Sat Aug 11 2012 12:35:21 GMT+0200"); Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3196716.initDone", true); Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true); Deleted : user_pref("CT3196716.isFirstRadioInstallation", false); Deleted : user_pref("CT3196716.myStuffEnabled", true); Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false); Deleted : user_pref("CT3196716.revertSettingsEnabled", true); Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3196716.testingCtid", ""); Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Wed Aug 15 2012 17:53:05 GMT+0200"); Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Sat Aug 11 2012 12:35:21 GMT+0200"); Deleted : user_pref("CT3196716.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search,WiseConvert Cu[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/NL", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/NL", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c74[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\joost\\AppData\\Roaming\\Mozilla\\F[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...] Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT3196716"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT3196716"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050,CT3196716"); Deleted : user_pref("CommunityToolbar.globalUserId", "ec2da59f-d0a2-417f-be7d-a5e56560545d"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3196716"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Aug 11 2012 12:35:2[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 15 2012 12:30:05 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 15 2012 20:07:50 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "c655b378-c552-4689-abab-f38077813f0e"); Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Deleted : user_pref("CommunityToolbar.permanenceEngine", false); Deleted : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=[...] ************************* AdwCleaner[s1].txt - [301 octets] - [15/08/2012 20:39:32] AdwCleaner[s2].txt - [44695 octets] - [15/08/2012 20:40:32] ########## EOF - C:\AdwCleaner[s2].txt - [44824 octets] ##########

Unhide.exe heb ik gedraait en op het eind gaf hij aan dat alles zichtbaar zou moeten zijn. Hiervoor heb ik nog de combofix gedraait d.m.v de kladbloktekst er in te zetten en te laten draaien Combofix tekst ComboFix 12-08-14.05 - joost 15-08-2012 17:48:14.3.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3002.1823 [GMT 2:00] Gestart vanuit: c:\users\joost\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\joost\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))) . . 2012-08-15 16:00 . 2012-08-15 16:01 -------- d-----w- c:\users\joost\AppData\Local\temp 2012-08-15 16:00 . 2012-08-15 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-15 12:47 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-14 15:46 . 2012-08-14 15:46 -------- d-----w- c:\users\joost\AppData\Roaming\Malwarebytes 2012-08-14 15:45 . 2012-08-14 15:45 -------- d-----w- c:\programdata\Malwarebytes 2012-08-14 15:45 . 2012-08-14 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-14 15:45 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-14 10:30 . 2012-08-14 10:30 388096 ----a-r- c:\users\joost\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-14 06:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C1BCC19-0A1F-4162-B37C-07650A3BF9A0}\mpengine.dll 2012-08-11 07:52 . 2012-08-11 07:52 -------- d-----w- c:\windows\system32\aliedit 2012-08-11 07:51 . 2012-08-11 07:53 -------- d-----w- c:\program files\Trademanager 2012-08-11 07:39 . 2012-08-11 07:39 -------- d-----w- c:\users\joost\AppData\Local\Alibaba 2012-08-07 07:14 . 2012-08-07 07:14 -------- d-----w- c:\users\joost\AppData\Local\nptrademanager . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 07:19 . 2012-07-01 09:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-03 07:19 . 2011-05-13 05:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-13 21:29 . 2012-06-13 21:29 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 21:29 . 2012-06-13 21:29 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 21:29 . 2012-06-13 21:29 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47 . 2012-07-11 06:18 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-11 06:18 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-11 06:18 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-25 07:47 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 07:47 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 07:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 07:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-25 07:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-25 07:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-25 07:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-25 07:46 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-25 07:46 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 00:04 . 2012-07-11 06:18 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-07-11 06:18 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 10:25 . 2010-08-06 10:07 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-30 11:50 . 2011-06-13 11:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-15_08.21.57 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-15 06:35 . 2012-05-11 13:59 61440 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.exe + 2012-08-15 06:35 . 2012-06-28 12:54 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23385_none_a8f1d5818da0ad00\iesetup.dll + 2012-08-15 06:35 . 2012-06-28 12:54 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23385_none_a8f1d5818da0ad00\iernonce.dll + 2012-08-15 06:35 . 2012-06-28 11:31 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.19298_none_a86069a87488752c\iesetup.dll + 2012-08-15 06:35 . 2012-06-28 11:31 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.19298_none_a86069a87488752c\iernonce.dll + 2012-08-15 06:35 . 2012-06-28 12:56 67072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.23385_none_2b4a09c4728c2886\mshtmled.dll + 2012-08-15 06:35 . 2012-06-28 11:32 67072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.19298_none_2ab89deb5973f0b2\mshtmled.dll + 2012-08-15 06:35 . 2012-06-28 09:08 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23385_none_df6f0f6709e96757\msfeedssync.exe + 2012-08-15 06:35 . 2012-06-28 12:56 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23385_none_df6f0f6709e96757\msfeedsbs.dll + 2012-08-15 06:35 . 2012-06-28 08:18 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.19298_none_dedda38df0d12f83\msfeedssync.exe + 2012-08-15 06:35 . 2012-06-28 11:32 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.19298_none_dedda38df0d12f83\msfeedsbs.dll + 2012-08-15 06:35 . 2012-06-28 12:55 43520 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.23385_none_ad0278477f1a1c5f\licmgr10.dll + 2012-08-15 06:35 . 2012-06-28 11:32 43520 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.19298_none_ac710c6e6601e48b\licmgr10.dll + 2012-08-15 06:35 . 2012-06-28 13:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\WininetPlugin.dll + 2012-08-15 06:35 . 2012-06-28 12:55 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\jsproxy.dll + 2012-08-15 06:35 . 2012-06-28 11:37 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\WininetPlugin.dll + 2012-08-15 06:35 . 2012-06-28 11:31 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\jsproxy.dll + 2008-01-21 01:58 . 2012-08-15 11:02 73712 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-08-26 22:27 . 2012-08-15 08:02 19486 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017314912-3688995786-4245544152-1000_UserData.bin + 2009-08-26 22:27 . 2012-08-15 15:22 19486 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017314912-3688995786-4245544152-1000_UserData.bin + 2012-08-15 06:35 . 2012-06-28 11:32 67072 c:\windows\System32\mshtmled.dll - 2012-06-13 21:30 . 2012-06-13 21:30 67072 c:\windows\System32\mshtmled.dll - 2012-06-13 21:30 . 2012-06-13 21:30 13312 c:\windows\System32\msfeedssync.exe + 2012-08-15 06:35 . 2012-06-28 08:18 13312 c:\windows\System32\msfeedssync.exe + 2012-08-15 06:35 . 2012-06-28 11:32 55296 c:\windows\System32\msfeedsbs.dll - 2012-06-13 21:30 . 2012-06-13 21:30 55296 c:\windows\System32\msfeedsbs.dll - 2012-06-13 21:30 . 2012-06-13 21:30 64512 c:\windows\System32\migration\WininetPlugin.dll + 2012-08-15 06:35 . 2012-06-28 11:37 64512 c:\windows\System32\migration\WininetPlugin.dll - 2012-06-13 21:30 . 2012-06-13 21:30 43520 c:\windows\System32\licmgr10.dll + 2012-08-15 06:35 . 2012-06-28 11:32 43520 c:\windows\System32\licmgr10.dll + 2012-08-15 06:35 . 2012-06-28 11:31 25600 c:\windows\System32\jsproxy.dll - 2012-06-13 21:30 . 2012-06-13 21:30 25600 c:\windows\System32\jsproxy.dll - 2012-06-13 21:30 . 2012-06-13 21:30 71680 c:\windows\System32\iesetup.dll + 2012-08-15 06:35 . 2012-06-28 11:31 71680 c:\windows\System32\iesetup.dll - 2012-06-13 21:30 . 2012-06-13 21:30 55808 c:\windows\System32\iernonce.dll + 2012-08-15 06:35 . 2012-06-28 11:31 55808 c:\windows\System32\iernonce.dll - 2009-06-18 01:35 . 2012-08-15 07:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-06-18 01:35 . 2012-08-15 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-06-18 01:35 . 2012-08-15 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-06-18 01:35 . 2012-08-15 07:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-05-11 11:23 . 2012-05-11 11:23 49936 c:\windows\Installer\{95120000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe + 2012-08-15 12:51 . 2012-08-15 12:51 49936 c:\windows\Installer\{95120000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe - 2009-08-26 22:30 . 2012-07-11 11:08 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2009-08-26 22:30 . 2012-08-15 12:50 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2009-08-26 22:30 . 2012-08-15 12:50 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2009-08-26 22:30 . 2012-07-11 11:08 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe + 2009-08-26 22:30 . 2012-08-15 12:50 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2009-08-26 22:30 . 2012-07-11 11:08 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2010-07-09 17:58 . 2012-07-11 11:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-07-09 17:58 . 2012-08-15 12:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2010-07-09 17:58 . 2012-07-11 11:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2010-07-09 17:58 . 2012-08-15 12:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2010-07-09 17:58 . 2012-07-11 11:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2010-07-09 17:58 . 2012-08-15 12:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2012-05-11 11:32 . 2012-05-11 11:32 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe + 2012-08-15 12:49 . 2012-08-15 12:49 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe + 2012-08-15 15:17 . 2012-08-15 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-15 07:57 . 2012-08-15 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-15 15:17 . 2012-08-15 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-15 07:57 . 2012-08-15 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-15 06:35 . 2012-05-11 14:48 873984 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.0.6002.22857_none_de7664838a609746\printui.dll + 2012-08-15 06:35 . 2012-05-11 14:48 216064 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.dll + 2012-08-15 06:35 . 2012-05-11 14:47 624128 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.22857_none_325c7214a9142e65\localspl.dll + 2012-08-15 06:35 . 2012-05-11 15:57 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.18631_none_31e2717f8febc188\localspl.dll + 2012-08-15 06:35 . 2012-06-29 15:02 467968 c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.22887_none_8f54bf68180e478f\netapi32.dll + 2012-08-15 06:35 . 2012-06-29 16:01 467968 c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.18659_none_8eed910efed68979\netapi32.dll + 2012-08-15 06:35 . 2012-06-28 12:54 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23385_none_47c38cfcdd466cdb\ieui.dll + 2012-08-15 06:35 . 2012-06-28 11:31 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19298_none_47322123c42e3507\ieui.dll + 2012-08-15 06:35 . 2012-06-28 13:01 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.23385_none_d34bf1a38cf1c422\url.dll + 2012-08-15 06:35 . 2012-06-28 11:37 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.19298_none_d2ba85ca73d98c4e\url.dll + 2012-08-15 06:35 . 2012-06-28 12:54 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.23385_none_feb33a2de923e9c5\iesysprep.dll + 2012-08-15 06:35 . 2012-06-28 11:31 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.19298_none_fe21ce54d00bb1f1\iesysprep.dll + 2012-08-15 06:35 . 2012-06-28 09:10 174080 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23385_none_a8f1d5818da0ad00\ie4uinit.exe + 2012-08-15 06:35 . 2012-06-28 08:19 174080 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.19298_none_a86069a87488752c\ie4uinit.exe + 2012-08-15 06:35 . 2012-06-28 13:00 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23385_none_2ac4cab6bbab93d5\sqmapi.dll + 2012-08-15 06:35 . 2012-06-28 11:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.19298_none_2a335edda2935c01\sqmapi.dll + 2012-08-15 06:35 . 2012-06-28 12:58 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23385_none_1a478889434a7943\occache.dll + 2012-08-15 06:35 . 2012-06-28 11:35 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.19298_none_19b61cb02a32416f\occache.dll + 2012-08-15 06:35 . 2012-06-28 12:55 522240 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.23385_none_9d8d6f3afccca061\jsdbgui.dll + 2012-08-15 06:35 . 2012-06-28 11:31 521728 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.19298_none_9cfc0361e3b4688d\jsdbgui.dll + 2012-08-15 06:35 . 2012-06-28 13:04 638048 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23385_none_128320664925e45b\iexplore.exe + 2012-08-15 06:35 . 2012-06-28 09:10 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23385_none_128320664925e45b\ieUnatt.exe + 2012-08-15 06:35 . 2012-06-28 11:40 638048 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19298_none_11f1b48d300dac87\iexplore.exe + 2012-08-15 06:35 . 2012-06-28 08:19 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19298_none_11f1b48d300dac87\ieUnatt.exe + 2012-08-15 06:35 . 2012-06-28 12:54 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.23385_none_2aae5052c9606665\IEShims.dll + 2012-08-15 06:35 . 2012-06-28 11:31 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.19298_none_2a1ce479b0482e91\IEShims.dll + 2012-08-15 06:35 . 2012-06-28 12:54 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.23385_none_735004bc79b7fff7\ieproxy.dll + 2012-08-15 06:35 . 2012-06-28 11:31 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.19298_none_72be98e3609fc823\ieproxy.dll + 2012-08-15 06:35 . 2012-06-28 12:56 630272 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.23385_none_4307aaa9699dc830\msfeeds.dll + 2012-08-15 06:35 . 2012-06-28 11:32 629760 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.19298_none_42763ed05085905c\msfeeds.dll + 2012-08-15 06:35 . 2012-06-28 12:54 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.23385_none_1ec62d2d6efdc1b9\iedvtool.dll + 2012-08-15 06:35 . 2012-06-28 11:31 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.19298_none_1e34c15455e589e5\iedvtool.dll + 2012-08-15 06:35 . 2012-06-28 12:54 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.23385_none_1fe4a50c21353dda\iepeers.dll + 2012-08-15 06:35 . 2012-06-28 11:31 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.19298_none_1f533933081d0606\iepeers.dll + 2012-08-15 06:35 . 2012-06-28 12:54 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.23385_none_57718cd686a4963f\iedkcs32.dll + 2012-08-15 06:35 . 2012-06-28 11:31 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.19298_none_56e020fd6d8c5e6b\iedkcs32.dll + 2012-08-15 06:35 . 2012-06-28 13:01 920064 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\wininet.dll + 2012-08-15 06:35 . 2012-06-28 11:37 916992 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\wininet.dll + 2012-08-15 06:35 . 2012-06-28 12:56 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.23385_none_c3e6c701ab9a0e54\mstime.dll + 2012-08-15 06:35 . 2012-06-28 11:33 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.19298_none_c3555b289281d680\mstime.dll + 2012-08-15 06:35 . 2012-06-28 11:37 916992 c:\windows\System32\wininet.dll - 2012-06-13 21:30 . 2012-06-13 21:30 916992 c:\windows\System32\wininet.dll + 2009-08-26 23:10 . 2012-08-15 12:40 889994 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 13:02 . 2012-08-15 15:22 117528 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2012-08-15 06:35 . 2012-06-28 11:37 105984 c:\windows\System32\url.dll - 2012-06-13 21:30 . 2012-06-13 21:30 105984 c:\windows\System32\url.dll + 2012-08-15 06:35 . 2012-06-28 11:35 206848 c:\windows\System32\occache.dll - 2012-06-13 21:30 . 2012-06-13 21:30 206848 c:\windows\System32\occache.dll + 2012-08-15 06:35 . 2012-06-29 16:01 467968 c:\windows\System32\netapi32.dll + 2012-08-15 06:35 . 2012-06-28 11:33 611840 c:\windows\System32\mstime.dll - 2012-06-13 21:30 . 2012-06-13 21:30 611840 c:\windows\System32\mstime.dll + 2012-08-15 06:35 . 2012-06-28 11:32 629760 c:\windows\System32\msfeeds.dll - 2012-06-13 21:30 . 2012-06-13 21:30 629760 c:\windows\System32\msfeeds.dll - 2010-08-06 10:17 . 2009-04-23 12:14 623616 c:\windows\System32\localspl.dll + 2012-08-15 06:35 . 2012-05-11 15:57 623616 c:\windows\System32\localspl.dll - 2012-06-13 21:30 . 2012-06-13 21:30 133632 c:\windows\System32\ieUnatt.exe + 2012-08-15 06:35 . 2012-06-28 08:19 133632 c:\windows\System32\ieUnatt.exe + 2012-08-15 06:35 . 2012-06-28 11:31 164352 c:\windows\System32\ieui.dll - 2012-06-13 21:30 . 2012-06-13 21:30 164352 c:\windows\System32\ieui.dll + 2012-08-15 06:35 . 2012-06-28 11:31 109056 c:\windows\System32\iesysprep.dll - 2012-06-13 21:30 . 2012-06-13 21:30 109056 c:\windows\System32\iesysprep.dll + 2012-08-15 06:35 . 2012-06-28 11:31 184320 c:\windows\System32\iepeers.dll - 2012-06-13 21:30 . 2012-06-13 21:30 184320 c:\windows\System32\iepeers.dll + 2012-08-15 06:35 . 2012-06-28 11:31 387584 c:\windows\System32\iedkcs32.dll - 2012-06-13 21:30 . 2012-06-13 21:30 387584 c:\windows\System32\iedkcs32.dll - 2012-06-13 21:30 . 2012-06-13 21:30 174080 c:\windows\System32\ie4uinit.exe + 2012-08-15 06:35 . 2012-06-28 08:19 174080 c:\windows\System32\ie4uinit.exe - 2006-11-02 12:44 . 2012-07-11 15:09 394880 c:\windows\System32\FNTCACHE.DAT + 2006-11-02 12:44 . 2012-08-15 15:17 394880 c:\windows\System32\FNTCACHE.DAT - 2010-08-19 07:10 . 2012-08-15 07:58 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-08-19 07:10 . 2012-08-15 15:18 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-06-18 01:35 . 2012-08-15 15:18 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-06-18 01:35 . 2012-08-15 07:58 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-10-23 12:29 . 2012-08-15 12:51 393240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-10-23 12:29 . 2012-08-15 07:56 393240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-07-18 13:46 . 2012-07-18 13:46 593408 c:\windows\Installer\5eb59d.msp + 2009-08-26 22:30 . 2012-08-15 12:50 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2009-08-26 22:30 . 2012-07-11 11:08 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2009-08-26 22:30 . 2012-08-15 12:50 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2009-08-26 22:30 . 2012-07-11 11:08 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2009-08-26 22:30 . 2012-08-15 12:50 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2009-08-26 22:30 . 2012-07-11 11:08 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2009-08-26 22:30 . 2012-08-15 12:50 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2009-08-26 22:30 . 2012-07-11 11:08 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2010-07-09 17:58 . 2012-08-15 12:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-07-09 17:58 . 2012-07-11 11:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2010-07-09 17:58 . 2012-07-11 11:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2010-07-09 17:58 . 2012-08-15 12:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-07-09 17:58 . 2012-07-11 11:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-07-09 17:58 . 2012-08-15 12:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2010-07-09 17:58 . 2012-07-11 11:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-07-09 17:58 . 2012-08-15 12:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-07-09 17:58 . 2012-08-15 12:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-07-09 17:58 . 2012-07-11 11:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2010-07-09 17:58 . 2012-08-15 12:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2010-07-09 17:58 . 2012-07-11 11:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2010-07-09 17:58 . 2012-07-11 11:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2010-07-09 17:58 . 2012-08-15 12:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2011-06-23 08:54 . 2011-06-23 08:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSCONV97.DLL + 2012-08-15 12:47 . 2012-07-04 13:34 2055680 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22889_none_bb161ea3b10365cb\win32k.sys + 2012-08-15 12:47 . 2012-07-04 14:02 2047488 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18661_none_ba9a1d7a97dcc640\win32k.sys + 2012-08-15 06:35 . 2012-06-28 12:54 2001408 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23385_none_2ac4cab6bbab93d5\iertutil.dll + 2012-08-15 06:35 . 2012-06-28 11:31 2000384 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.19298_none_2a335edda2935c01\iertutil.dll + 2012-08-15 06:35 . 2012-06-28 12:56 6010368 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23385_none_f66432f95150deae\mshtml.dll + 2012-08-15 06:35 . 2012-06-28 11:32 6008320 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19298_none_f5d2c7203838a6da\mshtml.dll + 2012-08-15 06:35 . 2012-06-28 13:01 1214464 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.23385_none_9804383905f14ee5\urlmon.dll + 2012-08-15 06:35 . 2012-06-28 11:37 1212416 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.19298_none_9772cc5fecd91711\urlmon.dll - 2012-06-13 21:30 . 2012-06-13 21:30 1212416 c:\windows\System32\urlmon.dll + 2012-08-15 06:35 . 2012-06-28 11:37 1212416 c:\windows\System32\urlmon.dll + 2006-11-02 10:22 . 2012-08-15 15:15 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22 . 2012-08-15 07:56 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat + 2012-08-15 06:35 . 2012-06-28 11:32 6008320 c:\windows\System32\mshtml.dll + 2012-08-15 06:35 . 2012-06-28 11:31 2000384 c:\windows\System32\iertutil.dll - 2012-06-13 21:30 . 2012-06-13 21:30 2000384 c:\windows\System32\iertutil.dll + 2012-06-26 16:03 . 2012-06-26 16:03 3875840 c:\windows\Installer\5eb5dd.msp + 2012-07-18 13:53 . 2012-07-18 13:53 5009920 c:\windows\Installer\5eb551.msp - 2009-08-26 22:30 . 2012-07-11 11:08 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2009-08-26 22:30 . 2012-08-15 12:50 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2010-07-09 17:58 . 2012-08-15 12:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-07-09 17:58 . 2012-07-11 11:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-07-09 17:58 . 2012-07-11 11:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2010-07-09 17:58 . 2012-08-15 12:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2012-08-15 06:35 . 2012-06-28 12:54 11112960 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23385_none_47c38cfcdd466cdb\ieframe.dll + 2012-08-15 06:35 . 2012-06-28 11:31 11111424 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19298_none_47322123c42e3507\ieframe.dll + 2006-11-02 10:24 . 2012-08-15 12:48 59884088 c:\windows\System32\mrt.exe + 2012-08-15 06:35 . 2012-06-28 11:31 11111424 c:\windows\System32\ieframe.dll - 2012-06-13 21:30 . 2012-06-13 21:30 11111424 c:\windows\System32\ieframe.dll + 2012-07-25 14:59 . 2012-07-25 14:59 11032064 c:\windows\Installer\5eb5c4.msp + 2012-07-18 13:53 . 2012-07-18 13:53 10937344 c:\windows\Installer\5eb55a.msp + 2010-08-11 17:14 . 2012-08-15 12:47 225996031 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420] "TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] 2012-04-17 13:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant] 2008-12-08 10:25 432432 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\joost\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 07:19] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 10:14] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 10:14] . 2009-11-28 c:\windows\Tasks\HPCeeScheduleForjoost.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-02 10:34] . 2012-08-15 c:\windows\Tasks\User_Feed_Synchronization-{49AEB752-B0B0-4B77-A499-E2576A7B59C7}.job - c:\windows\system32\msfeedssync.exe [2012-08-15 08:18] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-15 18:01 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2012-08-15 18:15:01 ComboFix-quarantined-files.txt 2012-08-15 16:14 ComboFix2.txt 2012-08-15 08:27 . Pre-Run: 72.042.926.080 bytes beschikbaar Post-Run: 71.712.514.048 bytes beschikbaar . - - End Of File - - DB5DEF0D6EBC71042F205345EBF8091B

Ben nu een Emsisoft Emergency Kit aan het uitvoeren. 1 item gevonden en verwijderd, hier volgt de log. Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 15-8-2012 10:41:43 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 15-8-2012 10:43:57 C:\Users\joost\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2a008613-626bb264 -> AppletX.class Ontdekt: JAVA.Small!E2 Gescand 647131 Gevonden 1 Scan geëindigd: 15-8-2012 12:18:44 Scantijd: 1:34:47 C:\Users\joost\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2a008613-626bb264 -> AppletX.class Verwijderd JAVA.Small!E2 Verwijderd 1

combofix log ComboFix 12-08-14.05 - joost 15-08-2012 10:11:16.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3002.1739 [GMT 2:00] Gestart vanuit: c:\users\joost\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\users\joost\Documents\~WRL0497.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))) . . 2012-08-15 08:21 . 2012-08-15 08:21 -------- d-----w- c:\users\joost\AppData\Local\temp 2012-08-15 08:21 . 2012-08-15 08:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 15:46 . 2012-08-14 15:46 -------- d-----w- c:\users\joost\AppData\Roaming\Malwarebytes 2012-08-14 15:45 . 2012-08-14 15:45 -------- d-----w- c:\programdata\Malwarebytes 2012-08-14 15:45 . 2012-08-14 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-14 15:45 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-14 10:30 . 2012-08-14 10:30 388096 ----a-r- c:\users\joost\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-14 06:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C1BCC19-0A1F-4162-B37C-07650A3BF9A0}\mpengine.dll 2012-08-11 07:52 . 2012-08-11 07:52 -------- d-----w- c:\windows\system32\aliedit 2012-08-11 07:51 . 2012-08-11 07:53 -------- d-----w- c:\program files\Trademanager 2012-08-11 07:39 . 2012-08-11 07:39 -------- d-----w- c:\users\joost\AppData\Local\Alibaba 2012-08-07 07:14 . 2012-08-07 07:14 -------- d-----w- c:\users\joost\AppData\Local\nptrademanager . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 07:19 . 2012-07-01 09:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-03 07:19 . 2011-05-13 05:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-13 21:30 . 2012-06-13 21:30 916992 ----a-w- c:\windows\system32\wininet.dll 2012-06-13 21:30 . 2012-06-13 21:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-06-13 21:30 . 2012-06-13 21:30 385024 ----a-w- c:\windows\system32\html.iec 2012-06-13 21:30 . 2012-06-13 21:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-13 21:30 . 2012-06-13 21:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-13 21:30 . 2012-06-13 21:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-13 21:30 . 2012-06-13 21:30 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-06-13 21:30 . 2012-06-13 21:30 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-06-13 21:29 . 2012-06-13 21:29 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 21:29 . 2012-06-13 21:29 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 21:29 . 2012-06-13 21:29 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 13:40 . 2012-07-11 11:09 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47 . 2012-07-11 06:18 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-11 06:18 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-11 06:18 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-25 07:47 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 07:47 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 07:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 07:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-25 07:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-25 07:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-25 07:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-25 07:46 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-25 07:46 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 00:04 . 2012-07-11 06:18 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-07-11 06:18 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 10:25 . 2010-08-06 10:07 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-30 11:50 . 2011-06-13 11:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420] "TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] 2012-04-17 13:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant] 2008-12-08 10:25 432432 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 07:19] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 10:14] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 10:14] . 2009-11-28 c:\windows\Tasks\HPCeeScheduleForjoost.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-02 10:34] . 2012-08-14 c:\windows\Tasks\User_Feed_Synchronization-{49AEB752-B0B0-4B77-A499-E2576A7B59C7}.job - c:\windows\system32\msfeedssync.exe [2012-06-13 21:30] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q= . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-hpqSRMon - (no file) SafeBoot-Wdf01000.sys AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-15 10:21 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2012-08-15 10:27:33 ComboFix-quarantined-files.txt 2012-08-15 08:27 . Pre-Run: 73.018.286.080 bytes beschikbaar Post-Run: 72.925.102.080 bytes beschikbaar . - - End Of File - - DF02512EF368074FAE1CB25B0743DE85

Nou dit is allemaal gelukt! de politie heeft zich ook niet meer laten zien op mijn pc sinds gister:-). Maar ik heb nog een probleem..., tezamen met et politie virus kwamen er ook reclames door die automatisch openen in een nieuw scherm bijv.: http://www.hetmentaledieetplan.c ik dacht dat dit een geheel was en part of the problem was. Maar dit is dus blijkbaar niet zo want het virus is weg maar die reclames worden nog steeds geopend, kun je me hier iets voor aanraden Kape? Sinds dat dit allemaal begonnen is staan er ook veel meer vage icoontjes in mijn Mozilla browser. Hier in iedergeval een Hijackthis log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:34:46, on 15-8-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://*.taobao.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe -- End of file - 12843 bytes

Hijack log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:06:22, on 14-8-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.77\npchrome_frame.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://*.taobao.com O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.77\npchrome_frame.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe -- End of file - 14685 bytes Mbam log Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.08.14.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19272 joost :: PC_VAN_JOOST [administrator] Realtime bescherming: Ingeschakeld 14-8-2012 17:47:45 mbam-log-2012-08-14 (17-47-45).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 201905 Verstreken tijd: 6 minuut/minuten, 23 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Users\joost\0.3240672658911403.exe (Trojan.Ransom) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\joost\0.7353860679240953.exe (Trojan.Ransom) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Dit zou hem moeten zijn toch Kape? alleen nog een ccleaner draaien las ik in een ander topic

Dag Jion, Als het goed is moet deze het dan zijn! Btw mijn browser staat ook vol met rare icoontjes, alleen het brood nodige om browser te starten enzo mag blijven staan. ik zie veel namen van dingen die echt nutteloos denk ik. Edit± ik heb hem nu als admin uitgevoerd Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:51:55, on 14-8-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trademanager\AliIM.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conime.exe C:\Program Files\Trademanager\miser\AliimSafe.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\WerCon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.77\npchrome_frame.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [aliim] C:\Program Files\Trademanager\aliim.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://*.taobao.com O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.77\npchrome_frame.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe -- End of file - 16674 bytes

Hallo, Na dit rare verschijnsel een aantal keer mee gemaakt te hebben, ben ik gaan googlen. heb een Hijackthis gedraaid en gekeken naar andere topics over dit virus, maar zo te zien is het geen standaard lijstje van welke bestanden je moet verwijderen. om eerlijk te zijn ben ik bestwel een leek als ik de dingen hier lees, maar ik zou hulp dus echt waarderen. Logfile of HijackThis v1.99.1 Scan saved at 11:40:16, on 14-8-2012 Platform: Unknown Windows (WinNT 6.00.1906 SP2) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trademanager\AliIM.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conime.exe C:\Program Files\Trademanager\miser\AliimSafe.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\joost\Downloads\hijackthis(1).exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=2&barid={15BCCE9D-24F5-11E1-B285-00238BE6914B} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.77\npchrome_frame.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [aliim] C:\Program Files\Trademanager\aliim.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://*.taobao.com O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.77\npchrome_frame.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)