Inajeetjemina

4 juli 2013

Best PC Help forum,

Heel hartelijk bedankt voor jullie hulp.

Het werkt weer prima!

4 juli 2013

Onderstaand de logfile van AdwCleaner:

# AdwCleaner v2.304 - Verslag gemaakt op 04/07/2013 om 20:04:39

# Geactualiseerd op 03/07/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Gebruiker - HUISKAMER

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Gebruiker\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijderd : C:\END

File Verwijderd : C:\user.js

Map Verwijderd : C:\Program Files (x86)\1ClickDownload

Map Verwijderd : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Map Verwijderd : C:\Program Files (x86)\Conduit

Map Verwijderd : C:\Program Files (x86)\fbphotozoom

Map Verwijderd : C:\Program Files (x86)\Gophoto.it

Map Verwijderd : C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Map Verwijderd : C:\Program Files (x86)\Yontoo Layers Runtime

Map Verwijderd : C:\ProgramData\Babylon

Map Verwijderd : C:\ProgramData\InstallMate

Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast

Map Verwijderd : C:\ProgramData\Premium

Map Verwijderd : C:\ProgramData\Tarma Installer

Map Verwijderd : C:\Users\Gebruiker\AppData\Local\Conduit

Map Verwijderd : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl

Map Verwijderd : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Map Verwijderd : C:\Users\Gebruiker\AppData\Local\Ilivid Player

Map Verwijderd : C:\Users\Gebruiker\AppData\Local\PackageAware

Map Verwijderd : C:\Users\Gebruiker\AppData\LocalLow\BabylonToolbar

Map Verwijderd : C:\Users\Gebruiker\AppData\LocalLow\Conduit

Map Verwijderd : C:\Users\Gebruiker\AppData\LocalLow\PriceGong

Map Verwijderd : C:\Users\Gebruiker\AppData\LocalLow\wxDfast

Map Verwijderd : C:\Users\Gebruiker\AppData\Roaming\Babylon

Map Verwijderd : C:\Users\Gebruiker\AppData\Roaming\Claro LTD

Map Verwijderd : C:\Users\Gebruiker\AppData\Roaming\dvdvideosoftiehelpers

Map Verwijderd : C:\Users\Gebruiker\AppData\Roaming\OpenCandy

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\1ClickDownload

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Crossrider

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijderd : HKCU\Software\AppDataLow\SProtector

Sleutel Verwijderd : HKCU\Software\AutocompleteProBHO

Sleutel Verwijderd : HKCU\Software\Claro LTD

Sleutel Verwijderd : HKCU\Software\Conduit

Sleutel Verwijderd : HKCU\Software\DataMngr_Toolbar

Sleutel Verwijderd : HKCU\Software\ilivid

Sleutel Verwijderd : HKCU\Software\IM

Sleutel Verwijderd : HKCU\Software\ImInstaller

Sleutel Verwijderd : HKCU\Software\InstallCore

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{49F6515D-DA14-582A-B951-F5BC6691090A}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49F6515D-DA14-582A-B951-F5BC6691090A}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijderd : HKCU\Software\OCS

Sleutel Verwijderd : HKCU\Software\Softonic

Sleutel Verwijderd : HKCU\Software\e6d9dfe069eb43

Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Sleutel Verwijderd : HKLM\Software\Babylon

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\1ClicktorrentFile

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\1ClicktorrentFile1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\oneclick

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\oneclickmg

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3241951

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Sleutel Verwijderd : HKLM\Software\Conduit

Sleutel Verwijderd : HKLM\Software\DataMngr

Sleutel Verwijderd : HKLM\Software\IB Updater

Sleutel Verwijderd : HKLM\Software\Iminent

Sleutel Verwijderd : HKLM\Software\ImInstaller

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Sleutel Verwijderd : HKLM\Software\SP Global

Sleutel Verwijderd : HKLM\Software\SProtector

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{49F6515D-DA14-582A-B951-F5BC6691090A}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\e6d9dfe069eb43

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49F6515D-DA14-582A-B951-F5BC6691090A}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}

Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro

Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[s1].txt - [12476 octets] - [04/07/2013 20:04:39]

########## EOF - C:\AdwCleaner[s1].txt - [12537 octets] ##########

4 juli 2013

Hoi, onderstaand mijn ComboFix log:

ComboFix 13-07-03.01 - Gebruiker 03-07-2013 18:42:32.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.2431 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N106RNH\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\AutocompletePro

c:\program files (x86)\AutocompletePro\AutocompletePro.dll

c:\program files (x86)\AutocompletePro\FireFoxExtension.exe

c:\program files (x86)\AutocompletePro\InstTracker.exe

c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest

c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul

c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js

c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul

c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js

c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js

c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf

c:\program files (x86)\AutocompletePro\unins000.dat

c:\program files (x86)\AutocompletePro\unins000.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload

c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload\Uninstall.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload\wxDownload.lnk

c:\programdata\wxDownload

c:\programdata\wxDownload\509bee139c8af.ocx

c:\programdata\wxDownload\509bee139c8e7.html

c:\programdata\wxDownload\509bee139c920.js

c:\programdata\wxDownload\cahhkoggdbfcdlemeebgpmcipcmkmiee.crx

c:\programdata\wxDownload\data\509bee139c920.js

c:\programdata\wxDownload\data\jsondb.js

c:\programdata\wxDownload\settings.ini

c:\programdata\wxDownload\uninstall.exe

c:\windows\PFRO.log

c:\windows\SysWow64\muzapp.exe

D:\install.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-03 to 2013-07-03 ))))))))))))))))))))))))))))))

.

2013-07-01 17:57 . 2013-07-01 17:57 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes

2013-07-01 17:57 . 2013-07-01 17:57 -------- d-----w- c:\programdata\Malwarebytes

2013-07-01 17:57 . 2013-07-01 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-07-01 17:57 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-01 17:56 . 2013-07-01 17:56 -------- d-----w- c:\users\Gebruiker\AppData\Local\Programs

2013-07-01 17:43 . 2013-07-01 17:43 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-06-18 17:41 . 2013-06-18 17:41 -------- d-----w- c:\program files (x86)\Trend Micro

2013-06-13 18:53 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2013-06-13 18:28 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-13 18:54 . 2011-12-16 21:22 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-06-13 18:52 . 2012-05-01 17:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-13 18:52 . 2011-12-15 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 11:13 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-04 17:40 . 2013-05-04 17:40 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-04 17:40 . 2013-05-04 17:40 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-04 17:40 . 2013-05-04 17:40 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-04 17:40 . 2013-05-04 17:40 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-04 17:40 . 2013-05-04 17:40 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-04 17:40 . 2013-05-04 17:40 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-04 17:40 . 2013-05-04 17:40 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-04 17:40 . 2013-05-04 17:40 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-04 17:40 . 2013-05-04 17:40 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-04 17:40 . 2013-05-04 17:40 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-04 17:40 . 2013-05-04 17:40 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-04 17:40 . 2013-05-04 17:40 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-04 17:40 . 2013-05-04 17:40 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-04 17:40 . 2013-05-04 17:40 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-04 17:40 . 2013-05-04 17:40 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-04 17:40 . 2013-05-04 17:40 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-04 17:40 . 2013-05-04 17:40 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-04 17:40 . 2013-05-04 17:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-04 17:40 . 2013-05-04 17:40 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-04 17:40 . 2013-05-04 17:40 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-04 17:40 . 2013-05-04 17:40 441856 ----a-w- c:\windows\system32\html.iec

2013-05-04 17:40 . 2013-05-04 17:40 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-04 17:40 . 2013-05-04 17:40 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-04 17:40 . 2013-05-04 17:40 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-04 17:40 . 2013-05-04 17:40 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-04 17:40 . 2013-05-04 17:40 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-04 17:40 . 2013-05-04 17:40 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-04 17:40 . 2013-05-04 17:40 235008 ----a-w- c:\windows\system32\url.dll

2013-05-04 17:40 . 2013-05-04 17:40 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-04 17:40 . 2013-05-04 17:40 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-04 17:40 . 2013-05-04 17:40 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-04 17:40 . 2013-05-04 17:40 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-04 17:40 . 2013-05-04 17:40 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-04 17:40 . 2013-05-04 17:40 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-04 17:40 . 2013-05-04 17:40 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-04 17:40 . 2013-05-04 17:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-04 17:40 . 2013-05-04 17:40 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-04 17:40 . 2013-05-04 17:40 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-04 17:40 . 2013-05-04 17:40 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-04 17:40 . 2013-05-04 17:40 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-04 17:40 . 2013-05-04 17:40 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-04 17:40 . 2013-05-04 17:40 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-04 17:40 . 2013-05-04 17:40 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-04 17:40 . 2013-05-04 17:40 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-04 17:40 . 2013-05-04 17:40 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-04 17:40 . 2013-05-04 17:40 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-04 17:40 . 2013-05-04 17:40 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-04 17:40 . 2013-05-04 17:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-04 17:40 . 2013-05-04 17:40 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-13 05:49 . 2013-05-14 17:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 17:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 17:25 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 17:25 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 17:25 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 17:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-25 14:55 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-14 17:25 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-14 17:25 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-14 17:25 3153920 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]

.

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\WXDOWN~1\sprotector.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130620.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [x]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130628.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130628.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1309010.00E\SYMNETS.SYS [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

Inhoud van de 'Gedeelde Taken' map

.

2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:52]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.startpagina.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

BHO-{49F6515D-DA14-582A-B951-F5BC6691090A} - c:\programdata\wxDownload\509bee139c8af.ocx

Wow6432Node-HKCU-Run-Smart Driver Updater - c:\program files (x86)\Smart Driver Updater\SDULauncher.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-RunServicesOnce-capscanuninstall - c:\windows\command.com

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{296AA17D-C89E-4242-A5A4-44BFE76914A2} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe

AddRemove-{088DF54D-6FFC-8C91-02D5-A461DCC2E652} - c:\programdata\wxDownload\uninstall.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-07-03 19:07:31

ComboFix-quarantined-files.txt 2013-07-03 17:07

.

Pre-Run: 43.615.383.552 bytes beschikbaar

Post-Run: 43.781.255.168 bytes beschikbaar

.

- - End Of File - - 29F43D8D6A46D7DE370F74084BC3DA74

A36C5E4F47E84449FF07ED3517B43A31

3 juli 2013

Hoi, daar was ik weer.

Ik heb ComboFix uitgevoerd en ik kan nu weer PDF-jes openen vanaf een internet site.

Ontzettend hartelijk dank voor jullie inmenging.

1 juli 2013

Hoi,

Onderstaand de goede log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:02:21, on 1-7-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16611)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl | Jouw startpagina voor weer, verkeer en meer

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll

O2 - BHO: wxDownload - {49F6515D-DA14-582A-B951-F5BC6691090A} - C:\ProgramData\wxDownload\509bee139c8af.ocx

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\Windows\command.com" /c del "C:\Users\GEBRUI~1\AppData\Local\Temp\uninstal.exe"

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [smart Driver Updater] C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe

O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18N332HG05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~2\wxdown~1\sprote~1.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8954 bytes

1 juli 2013

Hoi daar ben ik dan (eindelijk). Ik durfde niet zo goed

Onderstaand mijn log-jes:

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.07.01.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Gebruiker :: HUISKAMER [administrator]

Bescherming: Ingeschakeld

1-7-2013 19:58:35

mbam-log-2013-07-01 (19-58-35).txt

Scan type: Snelle scan

Uitgeschakelde scan opties: P2P

Objecten gescand: 255849

Verstreken tijd: 4 minuut/minuten, 10 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 1

C:\ProgramData\WxDFast\bhoclass.dll (PUP.wxDfast) -> Zal worden verwijderd tijdens het herstarten.

Registersleutels gedetecteerd: 7

HKCR\CLSID\{2A6A062E-E1DB-697F-DC87-8714EB6E48F2} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A6A062E-E1DB-697F-DC87-8714EB6E48F2} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A6A062E-E1DB-697F-DC87-8714EB6E48F2} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A6A062E-E1DB-697F-DC87-8714EB6E48F2} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 2

C:\ProgramData\WxDFast (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\data (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 12

C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\WxDFast.exe (Trojan.Dropper) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\background.html (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\albmplgckgfoakmnodjgmegclmdebkje.crx (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\bhoclass.dll (PUP.wxDfast) -> Zal worden verwijderd tijdens het herstarten.

C:\ProgramData\WxDFast\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\profile.ini (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\settings.ini (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\uninstall.exe (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\WxDFast.exe (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\data\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\WxDFast\data\jsondb.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:48:53, on 18-6-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16611)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl | Jouw startpagina voor weer, verkeer en meer

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll

O2 - BHO: wxDfast - {2A6A062E-E1DB-697F-DC87-8714EB6E48F2} - C:\ProgramData\wxDfast\bhoclass.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: wxDownload - {49F6515D-DA14-582A-B951-F5BC6691090A} - C:\ProgramData\wxDownload\509bee139c8af.ocx

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll