Aquaman

Beste Jion, hierbij het gevraagde logje: [ATTACH]36347[/ATTACH] mvg Aquaman zoek-results.txt

Beste Jion, sorry voor het misverstand. Hier dan het juiste bestand. Hopelijk kan je ons snel goed nieuws geven. zoek-results.log

Beste Jion, bedankt voor het snelle reageren. Het logbestand van de ADWCleaner kan je in mijn eerste post al vinden. Het RSIT-logbestand vind je hier: [ATTACH]36322[/ATTACH] Hopelijk kan je mij (en in feite mijn partner) snel helpen. log.txt

Hallo, mijn partner heeft op haar pc malware binnengekregen. Ze krijgt diverse onderlijnde woorden die dan linken naar allerlei reclame, en haar pc is ook heel traag geworden. Ik heb al ADWCleaner op haar pc laten lopen en dit is het resultaat: [ATTACH]36321[/ATTACH] Graag hulp bij het verwijderenvan deze malware. Dankjewl. AdwCleaner[R0].txt

Beste kape, hieronder het log van de laatste bewerking. mvg Aquaman ComboFix 13-07-24.03 - Luce 25/07/2013 10:08:38.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2038.933 [GMT 2:00] Gestart vanuit: c:\users\Luce\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Luce\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\LyricsSpeaker c:\program files\LyricsSpeaker\120.crx c:\program files\LyricsSpeaker\120.dat c:\program files\LyricsSpeaker\120.xpi c:\program files\LyricsSpeaker\chrome.manifest c:\program files\LyricsSpeaker\sqlite3.dll c:\program files\LyricsSpeaker\Uninstall.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-25 to 2013-07-25 )))))))))))))))))))))))))))))) . . 2013-07-25 08:19 . 2013-07-25 08:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-25 08:19 . 2013-07-25 08:19 -------- d-----w- c:\users\Bart & Leen\AppData\Local\temp 2013-07-25 08:19 . 2013-07-25 08:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-25 07:02 . 2013-07-25 07:02 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{849688D2-5F20-46EC-8DEB-95EA3A15CBB2}\offreg.dll 2013-07-24 05:18 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{849688D2-5F20-46EC-8DEB-95EA3A15CBB2}\mpengine.dll 2013-07-23 21:01 . 2013-05-08 05:07 1571160 ------w- c:\windows\TotalUninstaller.exe 2013-07-23 21:01 . 2013-07-23 21:01 -------- d-----w- c:\program files\Samsung 2013-07-23 08:40 . 2013-07-23 08:40 388096 ----a-r- c:\users\Luce\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-23 08:40 . 2013-07-23 08:40 -------- d-----w- c:\program files\Trend Micro 2013-07-22 20:58 . 2013-07-22 20:58 -------- d-----w- c:\users\Bart & Leen\AppData\Local\Microsoft Help 2013-07-13 21:34 . 2013-07-13 21:37 -------- d-----w- c:\windows\system32\MRT 2013-07-12 04:51 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-12 04:51 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-12 04:51 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-12 04:51 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-12 04:51 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-12 04:51 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-12 04:51 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-12 04:51 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-12 04:51 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-12 04:51 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-12 04:51 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-11 09:14 . 2013-07-11 09:20 -------- d-----w- c:\users\Bart & Leen\AppData\Roaming\vlc 2013-07-03 21:08 . 2013-07-03 21:12 -------- d-----r- c:\users\Luce\Copy 2013-07-03 21:07 . 2013-07-04 18:04 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2013-07-03 21:05 . 2013-07-23 09:37 -------- d-----w- c:\users\Luce\AppData\Roaming\Copy 2013-06-25 17:11 . 2013-06-26 16:36 -------- d-----w- c:\program files\Mozilla Thunderbird 2013-06-25 16:22 . 2013-06-25 16:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-22 16:26 . 2012-04-03 16:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 16:26 . 2011-05-19 17:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 19:22 . 2013-03-16 13:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 19:22 . 2012-05-28 10:45 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 19:22 . 2010-05-03 19:10 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-25 16:22 . 2012-05-22 19:06 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-25 16:22 . 2012-01-31 11:21 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-21 11:32 . 2013-06-21 11:32 212600 ----a-w- c:\windows\system32\SBuySupplies.exe 2013-06-21 11:32 . 2013-04-25 08:30 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst6cpc.dll 2013-05-13 04:45 . 2013-06-13 16:47 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 16:47 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-13 16:47 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-13 16:47 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 16:47 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 18:37 . 2010-04-17 17:38 249856 ------w- c:\windows\Setup1.exe 2013-05-10 18:37 . 2010-04-17 17:38 73216 ----a-w- c:\windows\ST6UNST.EXE 2013-05-10 03:20 . 2013-06-13 16:46 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-09 08:59 . 2013-03-16 13:27 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2012-05-28 10:45 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2010-05-03 19:10 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2010-05-03 19:10 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2010-05-03 19:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2010-06-29 15:24 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2010-05-03 19:10 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-09 07:12 . 2012-06-19 19:08 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-08 05:38 . 2013-06-13 16:46 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-13 16:46 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-13 16:46 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 00:48 . 2013-05-11 13:33 17408 ----a-w- c:\windows\Launcher.exe 2013-05-02 00:06 . 2009-11-28 15:37 238872 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError] @="{83BEA36E-7680-4598-A4DF-994426F6E78D}" [HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced] @="{845B7388-6F85-4F32-9FD5-F02DC7882B89}" [HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing] @="{F6378A7A-F753-449B-AE1B-997A96132E61}" [HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1] @="{3A511828-777D-46F8-82F4-5B530C1B3D9E}" [HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2] @="{C8C88204-5B14-40EC-BA72-8AEBC762047E}" [HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3] @="{ACFF45C3-3EEB-4351-86C2-6696BA264239}" [HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4] @="{29AF997F-488B-46F0-AE78-7146F1B89CC3}" [HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5] @="{03F9AD29-1C78-4B66-8890-B177B5430C53}" [HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Copy"="c:\users\Luce\AppData\Roaming\Copy\CopyAgent.exe" [2013-07-17 13267600] . c:\users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-1-10 1078624] Stickies.lnk - c:\program files\Stickies\stickies.exe [2013-3-27 1134592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Luce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] path=c:\users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2008-04-23 01:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2011-05-23 11:36 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-07-12 08:14 138096 ----atw- c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-02-27 11:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite] 2009-10-01 06:36 3144736 ----a-w- c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Suite] 2009-10-01 06:36 3144736 ----a-w- c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe . R1 MpKsl148f2eef;MpKsl148f2eef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85DBA74C-6511-4122-AA75-2EEDAF3A76DC}\MpKsl148f2eef.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-12-15 37632] R3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [2012-08-11 24880] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2013-02-22 134144] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 MyScrapNook_12Service;My Scrap NookService;c:\progra~1\MYSCRA~2\bar\1.bin\12barsvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 66776] S1 NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899);c:\windows\system32\Drivers\NEOFLTR_700_16899.SYS [2010-10-23 84336] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-08-10 5120] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:26] . 2013-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3323627426-1777380327-1123927095-1001Core.job - c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 08:14] . 2013-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3323627426-1777380327-1123927095-1001UA.job - c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 08:14] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Nieuwe notitie - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html IE: Toevoegen aan Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html Trusted Zone: fortis.com\PC Helpforum - Gratis hulp bij computer problemen TCP: DhcpNameServer = 195.130.131.1 195.130.130.129 FF - ProfilePath - c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?pli=1&gsessionid=6vVdNTGRbIVUtlBQx_9RsQ|iGoogle FF - ExtSQL: 2013-06-01 09:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-07-08 22:46; lspeaker@lyricsspeaker.net; c:\program files\LyricsSpeaker\120.xpi . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-Belkin Storage Manager - c:\program files\Belkin Storage Manager\StorageManager.exe MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe MSConfigStartUp-snpstd - c:\windows\vsnpstd.exe AddRemove-lspeaker@lyricsspeaker.net - c:\program files\LyricsSpeaker\uninstall.exe AddRemove-{B1CCE550-E1E2-11DB-6784-000B892018BE} - c:\program files\IQNotes\Uninst_iQ-Notes .exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-07-25 10:21:17 ComboFix-quarantined-files.txt 2013-07-25 08:21 ComboFix2.txt 2013-07-24 06:19 . Pre-Run: 80.624.447.488 bytes beschikbaar Post-Run: 89.264.340.992 bytes beschikbaar . - - End Of File - - 90641E85F5B2D37197EAA126AC187226 A36C5E4F47E84449FF07ED3517B43A31

Beste Kape, hier dan het logbestand. Gisteren heb ik problemen gehad om te printen, ik heb de printer moeten herinstalleren. Komt dit door de handelingen die uitgevoerd werden of is dit toeval? ComboFix 13-07-23.01 - Luce 24/07/2013 8:08.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.2038.534 [GMT 2:00] Gestart vanuit: c:\users\Luce\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bart & Leen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86956BC0-87EA-4350-9E52-0A6E8E0BDE84}.xps c:\users\Bart & Leen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4658C55-73EA-4440-8D4D-95A2F4A0465C}.xps c:\windows\IsUn0413.exe c:\windows\system32\X86 c:\windows\tmp c:\windows\tmp\dd_vcredistMSI5DC8.txt c:\windows\tmp\dd_vcredistUI5DC8.txt c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile K:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-24 to 2013-07-24 )))))))))))))))))))))))))))))) . . 2013-07-24 06:17 . 2013-07-24 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-24 06:17 . 2013-07-24 06:17 -------- d-----w- c:\users\Bart & Leen\AppData\Local\temp 2013-07-24 06:17 . 2013-07-24 06:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-24 05:43 . 2013-07-24 05:43 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{849688D2-5F20-46EC-8DEB-95EA3A15CBB2}\offreg.dll 2013-07-24 05:18 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{849688D2-5F20-46EC-8DEB-95EA3A15CBB2}\mpengine.dll 2013-07-23 21:01 . 2013-05-08 05:07 1571160 ------w- c:\windows\TotalUninstaller.exe 2013-07-23 21:01 . 2013-07-23 21:01 -------- d-----w- c:\program files\Samsung 2013-07-23 08:40 . 2013-07-23 08:40 388096 ----a-r- c:\users\Luce\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-23 08:40 . 2013-07-23 08:40 -------- d-----w- c:\program files\Trend Micro 2013-07-22 20:58 . 2013-07-22 20:58 -------- d-----w- c:\users\Bart & Leen\AppData\Local\Microsoft Help 2013-07-13 21:34 . 2013-07-13 21:37 -------- d-----w- c:\windows\system32\MRT 2013-07-12 04:51 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-12 04:51 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-12 04:51 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-12 04:51 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-12 04:51 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-12 04:51 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-12 04:51 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-12 04:51 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-12 04:51 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-12 04:51 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-12 04:51 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-11 09:14 . 2013-07-11 09:20 -------- d-----w- c:\users\Bart & Leen\AppData\Roaming\vlc 2013-07-10 16:34 . 2013-07-16 14:35 -------- d-----w- c:\program files\LyricsSpeaker 2013-07-03 21:08 . 2013-07-03 21:12 -------- d-----r- c:\users\Luce\Copy 2013-07-03 21:07 . 2013-07-04 18:04 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2013-07-03 21:05 . 2013-07-23 09:37 -------- d-----w- c:\users\Luce\AppData\Roaming\Copy 2013-06-25 17:11 . 2013-06-26 16:36 -------- d-----w- c:\program files\Mozilla Thunderbird 2013-06-25 16:22 . 2013-06-25 16:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-22 16:26 . 2012-04-03 16:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 16:26 . 2011-05-19 17:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 19:22 . 2013-03-16 13:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 19:22 . 2012-05-28 10:45 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 19:22 . 2010-05-03 19:10 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-25 16:22 . 2012-05-22 19:06 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-25 16:22 . 2012-01-31 11:21 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-21 11:32 . 2013-06-21 11:32 212600 ----a-w- c:\windows\system32\SBuySupplies.exe 2013-06-21 11:32 . 2013-04-25 08:30 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst6cpc.dll 2013-05-13 04:45 . 2013-06-13 16:47 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 16:47 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-13 16:47 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-13 16:47 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 16:47 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 18:37 . 2010-04-17 17:38 249856 ------w- c:\windows\Setup1.exe 2013-05-10 18:37 . 2010-04-17 17:38 73216 ----a-w- c:\windows\ST6UNST.EXE 2013-05-10 03:20 . 2013-06-13 16:46 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-09 08:59 . 2013-03-16 13:27 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2012-05-28 10:45 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2010-05-03 19:10 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2010-05-03 19:10 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2010-05-03 19:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2010-06-29 15:24 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2010-05-03 19:10 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-09 07:12 . 2012-06-19 19:08 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-08 05:38 . 2013-06-13 16:46 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-13 16:46 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-13 16:46 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 00:48 . 2013-05-11 13:33 17408 ----a-w- c:\windows\Launcher.exe 2013-05-02 00:06 . 2009-11-28 15:37 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 04:55 . 2013-06-13 16:46 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-13 16:47 1505280 ----a-w- c:\windows\system32\d3d11.dll . <pre> c:\program files\IQNotes\Uninst_iQ-Notes .exe </pre> . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError] @="{83BEA36E-7680-4598-A4DF-994426F6E78D}" [HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced] @="{845B7388-6F85-4F32-9FD5-F02DC7882B89}" [HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing] @="{F6378A7A-F753-449B-AE1B-997A96132E61}" [HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1] @="{3A511828-777D-46F8-82F4-5B530C1B3D9E}" [HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2] @="{C8C88204-5B14-40EC-BA72-8AEBC762047E}" [HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3] @="{ACFF45C3-3EEB-4351-86C2-6696BA264239}" [HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4] @="{29AF997F-488B-46F0-AE78-7146F1B89CC3}" [HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5] @="{03F9AD29-1C78-4B66-8890-B177B5430C53}" [HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}] 2013-07-04 18:04 3086336 ----a-w- c:\users\Luce\AppData\Roaming\Copy\overlay\CopyShExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-24 17:59 130736 ----a-w- c:\users\Luce\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Copy"="c:\users\Luce\AppData\Roaming\Copy\CopyAgent.exe" [2013-07-17 13267600] . c:\users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-1-10 1078624] Stickies.lnk - c:\program files\Stickies\stickies.exe [2013-3-27 1134592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Luce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] path=c:\users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2008-04-23 01:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2011-05-23 11:36 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belkin Storage Manager] c:\program files\Belkin Storage Manager\StorageManager.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-07-12 08:14 138096 ----atw- c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-02-27 11:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite] 2009-10-01 06:36 3144736 ----a-w- c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT] c:\program files\AVG Secure Search\ROC_ROC_NT.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12] c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] c:\windows\vsnpstd.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Suite] 2009-10-01 06:36 3144736 ----a-w- c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe . R1 MpKsl148f2eef;MpKsl148f2eef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85DBA74C-6511-4122-AA75-2EEDAF3A76DC}\MpKsl148f2eef.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-12-15 37632] R3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [2012-08-11 24880] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 83168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2013-02-22 134144] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 MyScrapNook_12Service;My Scrap NookService;c:\progra~1\MYSCRA~2\bar\1.bin\12barsvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 66776] S1 NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899);c:\windows\system32\Drivers\NEOFLTR_700_16899.SYS [2010-10-23 84336] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-08-10 5120] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] . . Inhoud van de 'Gedeelde Taken' map . 2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:26] . 2013-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3323627426-1777380327-1123927095-1001Core.job - c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 08:14] . 2013-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3323627426-1777380327-1123927095-1001UA.job - c:\users\Luce\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 08:14] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Nieuwe notitie - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html IE: Toevoegen aan Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html Trusted Zone: fortis.com\PC Helpforum - Gratis hulp bij computer problemen TCP: DhcpNameServer = 195.130.131.1 195.130.130.129 FF - ProfilePath - c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?pli=1&gsessionid=6vVdNTGRbIVUtlBQx_9RsQ|iGoogle FF - ExtSQL: 2013-06-01 09:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-07-08 22:46; lspeaker@lyricsspeaker.net; c:\program files\LyricsSpeaker\120.xpi . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) c:\users\Bart & Leen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr AddRemove-AND Route 2000 Benelux - c:\windows\IsUn0413.exe AddRemove-SP_09b71135 - c:\program files\ContinueToSave\uninstall.exe AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-07-24 08:19:55 ComboFix-quarantined-files.txt 2013-07-24 06:19 . Pre-Run: 86.782.849.024 bytes beschikbaar Post-Run: 86.514.913.280 bytes beschikbaar . - - End Of File - - 281C7AB4E24F69169C480BDBFA6763CC A36C5E4F47E84449FF07ED3517B43A31

Ja, op dat vlak is er, jammer genoeg, nog geen verbetering.

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:52:15 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Luce - LUCE-PC # Boot Mode : Normal # Running from : C:\Users\Luce\Downloads\adwcleaner(1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml File Deleted : C:\Program Files\mozilla firefox\searchplugins\Web Search.xml File Deleted : C:\user.js File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sztsgv0g.default\searchplugins\Web Search.xml File Deleted : C:\Users\Bart & Leen\AppData\Roaming\Mozilla\Firefox\Profiles\96kg30ij.default\searchplugins\Web Search.xml File Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\searchplugins\Web Search.xml Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\continuetosave Folder Deleted : C:\Program Files\DealPly Folder Deleted : C:\Program Files\FreeRIP Folder Deleted : C:\Program Files\FunWebProducts Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Folder Deleted : C:\Program Files\MyScrapNook_12 Folder Deleted : C:\Program Files\MyWebSearch Folder Deleted : C:\Program Files\SimilarSites Folder Deleted : C:\Program Files\SingAlong Folder Deleted : C:\Program Files\TornTV.com Folder Deleted : C:\Program Files\WebSearch Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\coNtinuuetosave Folder Deleted : C:\ProgramData\FreeRIP Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coNtinuuetosave Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe Saave Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Searchh-NewwTab Folder Deleted : C:\ProgramData\safe Saave Folder Deleted : C:\ProgramData\Searchh-NewwTab Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sztsgv0g.default\extensions\12ffxtbr@MyScrapNook_12.com Folder Deleted : C:\Users\Bart & Leen\AppData\LocalLow\Bandoo Folder Deleted : C:\Users\Bart & Leen\AppData\LocalLow\MyScrapNook_12 Folder Deleted : C:\Users\Bart & Leen\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Bart & Leen\AppData\Roaming\Bandoo Folder Deleted : C:\Users\Bart & Leen\AppData\Roaming\Mozilla\Firefox\Profiles\96kg30ij.default\extensions\12ffxtbr@MyScrapNook_12.com Folder Deleted : C:\Users\Luce\AppData\Local\Babylon Folder Deleted : C:\Users\Luce\AppData\Local\Conduit Folder Deleted : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbhjckenkljnlhmgajgemiofdjaimac Folder Deleted : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Extensions\keenikhmdmiojiplippboobhdhcjlpph Folder Deleted : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfioajkdjpmjppobphackojlflgalfbe Folder Deleted : C:\Users\Luce\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Luce\AppData\Local\iMesh Folder Deleted : C:\Users\Luce\AppData\Local\MyScrapNook_12 Folder Deleted : C:\Users\Luce\AppData\Local\PackageAware Folder Deleted : C:\Users\Luce\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Luce\AppData\LocalLow\Bandoo Folder Deleted : C:\Users\Luce\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Luce\AppData\LocalLow\coNtinuuetosave Folder Deleted : C:\Users\Luce\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Luce\AppData\LocalLow\MyScrapNook_12 Folder Deleted : C:\Users\Luce\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Luce\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Luce\AppData\LocalLow\safe Saave Folder Deleted : C:\Users\Luce\AppData\LocalLow\Searchh-NewwTab Folder Deleted : C:\Users\Luce\AppData\LocalLow\searchquband Folder Deleted : C:\Users\Luce\AppData\LocalLow\SimplyTech Folder Deleted : C:\Users\Luce\AppData\Roaming\Babylon Folder Deleted : C:\Users\Luce\AppData\Roaming\Bandoo Folder Deleted : C:\Users\Luce\AppData\Roaming\ExpressFiles Folder Deleted : C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\extensions\12ffxtbr@MyScrapNook_12.com Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\fjv0aa@hbxzfyf.org Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\oyiiagw5hxrz@htbie.co.uk Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\extensions\rude5@eyiaini.com Folder Deleted : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\jetpack Folder Deleted : C:\Users\Luce\AppData\Roaming\NCdownloader Folder Deleted : C:\Users\Luce\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Luce\AppData\Roaming\SimilarSites ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\contin~1\sprote~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\ExpressFiles Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77769D93-C606-2855-121F-988EF6B93401} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B8007C11-6C11-6EAF-15D8-309768F2942C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBC82358-891D-AF9A-B1CC-1E5FDD31DE9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77769D93-C606-2855-121F-988EF6B93401} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8007C11-6C11-6EAF-15D8-309768F2942C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBC82358-891D-AF9A-B1CC-1E5FDD31DE9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F} Key Deleted : HKCU\Software\MyWebSearch Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Bandoo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214754E-4E7D-4589-829D-E2523E6A3085} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77769D93-C606-2855-121F-988EF6B93401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8007C11-6C11-6EAF-15D8-309768F2942C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBC82358-891D-AF9A-B1CC-1E5FDD31DE9F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE6F06FB-0FC0-4499-828F-EE48088F504F} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849859 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\ExpressFiles Key Deleted : HKLM\Software\FocusInteractive Key Deleted : HKLM\Software\Fun Web Products Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} Key Deleted : HKLM\Software\MyWebSearch Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=44393&st=bs&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q=%s --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=44393&st=bs&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q=%s --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=588773379&lg=EN&cc=BE --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts=1368279163388&tguid=44393-3786-1368279163388-FA3C67FF12B1D19CCD43F32DDA905E96&q= --> hxxp://www.google.com -\\ Mozilla Firefox v22.0 (nl) File : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\prefs.js C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\i56pb4nz.default\user.js ... Deleted ! Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts[...] Deleted : user_pref("browser.search.defaultenginename", "Web Search"); Deleted : user_pref("browser.search.defaultengine", "Web Search"); Deleted : user_pref("browser.search.selectedEngine", "Web Search"); Deleted : user_pref("browser.search.order.1", "Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786[...] Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...] File : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\prefs.js C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\ukec3ixn.default\user.js ... Deleted ! Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...] Deleted : user_pref("browser.search.defaultengine", "Web Search"); Deleted : user_pref("browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=5[...] Deleted : user_pref("browser.search.order.1", "WebSearch"); Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Deleted : user_pref("extensions.519716e27a9c8.scode", "if(window.top==window.self){new function(){if(!document[...] Deleted : user_pref("extensions.5197170f8c5f3.scode", "if (window.self.location.protocol.indexOf('hxxp') > -1 [...] Deleted : user_pref("extensions.51bdbb6e3fa15.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...] Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 22); Deleted : user_pref("extensions.BabylonToolbar.cntry", "BE"); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "533B4F3A551BAC473688AFC1AC38DBD7"); Deleted : user_pref("extensions.BabylonToolbar.lastActv", "22"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 22); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.30.021:00:44"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 60509069); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...] Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=588773379&lg=EN[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); File : C:\Users\Bart & Leen\AppData\Roaming\Mozilla\Firefox\Profiles\96kg30ij.default\prefs.js Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.2.0.3"); Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...] Deleted : user_pref("browser.search.defaultengine", "Web Search"); Deleted : user_pref("browser.search.defaultenginename", "Web Search"); Deleted : user_pref("browser.search.order.1", "Web Search"); Deleted : user_pref("browser.search.selectedEngine", "Web Search"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 16); Deleted : user_pref("extensions.BabylonToolbar.cntry", "BE"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "6BD884D4615D094FF87CA8E7BA4E78F8"); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=100512[...] Deleted : user_pref("extensions.BabylonToolbar.lastActv", "5"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 16); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "18.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 96913476); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sztsgv0g.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "Web Search"); Deleted : user_pref("browser.search.defaultengine", "Web Search"); Deleted : user_pref("browser.search.selectedEngine", "Web Search"); Deleted : user_pref("browser.search.order.1", "Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=44393&st=home&tid=3786[...] Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=44393&st=newtab&tid=3786&ver[...] Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=44393&st=chrome&tid=3786&ver=2.9&ts[...] -\\ Google Chrome v [unable to get version] File : C:\Users\Luce\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.407] : homepage = "hxxp://websearch.pu-results.info/?pid=708&r=2013/05/18&hid=588773379&lg=EN&cc=BE", File : C:\Users\Bart & Leen\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.1] : homepage ={"plugins":{"plugins_list":[{"name":"Chrome PDF Viewer", "version":"", "path":"C:\\Program Files\\Go[...] ************************* AdwCleaner[R1].txt - [36660 octets] - [22/07/2013 19:38:19] AdwCleaner[R2].txt - [35169 octets] - [23/07/2013 11:50:55] AdwCleaner[s1].txt - [30849 octets] - [23/07/2013 11:52:15] ########## EOF - C:\AdwCleaner[s1].txt - [30910 octets] ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:58:59, on 23/07/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Stickies\stickies.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user') O4 - Startup: Dropbox.lnk = Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html O8 - Extra context menu item: Toevoegen aan Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files\SimilarWeb\SimilarWeb.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.employee-access.fortis.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 12372 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:53:10, on 23/07/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Luce\Local Settings\Apps\F.lux\flux.exe C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Users\Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Certified-Toolbar Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Certified-Toolbar Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Certified-Toolbar Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Certified-Toolbar Search R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Certified-Toolbar Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file) R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll O3 - Toolbar: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [F.lux] "C:\Users\Luce\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\Luce\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user') O4 - Startup: Dropbox.lnk = Luce\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html O8 - Extra context menu item: Toevoegen aan Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files\SimilarWeb\SimilarWeb.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.employee-access.fortis.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 16085 bytes

Mijn partner heeft op haar pc last van dit fenomeen: MonsterMarketPlace Hoe help ik haar daarvan af? Graag snel een oplossing, dankjewel