microsoft office outlook 2007

[lud]

Hey Kape,

Het heeft wel wat voeten in de aarde gehad. Veel plezier met nazien van dit logje, want de logjes worden alsmaar langer.

Grtz

LUD

ComboFix 12-07-31.03 - ikke 01/08/2012 21:27:13.3.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3838.2036 [GMT 2:00]

Gestart vanuit: c:\users\ikke\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\ikke\Desktop\CFScript.txt.txt

AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ikke\AppData\Local\Temp\{0A7ABC49-AE2A-4EC2-A0C9-55D438C3AC22}\fpb.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-01 to 2012-08-01 ))))))))))))))))))))))))))))))

.

.

2012-08-01 19:41 . 2012-08-01 19:41 -------- d-----w- c:\users\Stonne\AppData\Local\temp

2012-08-01 19:41 . 2012-08-01 19:41 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-08-01 19:41 . 2012-08-01 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-01 18:36 . 2012-08-01 18:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872E2EDE-0A4C-4B42-9EAC-F8083A34F325}\offreg.dll

2012-07-31 21:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872E2EDE-0A4C-4B42-9EAC-F8083A34F325}\mpengine.dll

2012-07-30 16:56 . 2012-07-16 12:25 18856 ----a-w- c:\windows\system32\roboot64.exe

2012-07-29 12:30 . 2012-07-29 12:30 388096 ----a-r- c:\users\ikke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-29 12:30 . 2012-07-29 12:30 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\users\ikke\AppData\Roaming\Malwarebytes

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\programdata\Malwarebytes

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-29 11:38 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 17:58 . 2012-07-28 17:58 -------- d-----w- c:\users\ikke\AppData\Local\IsolatedStorage

2012-07-27 20:37 . 2012-07-27 20:37 -------- d-----w- c:\users\ikke\AppData\Roaming\Media Player Classic

2012-07-27 20:37 . 2012-07-27 20:37 -------- d-----w- c:\users\ikke\AppData\Roaming\BabylonToolbar

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\BabylonToolbar

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\Essentials Codec Pack

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\Yontoo

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\programdata\Tarma Installer

2012-07-27 20:29 . 2012-07-27 20:29 -------- d-----w- c:\users\ikke\AppData\Roaming\Nullsoft

2012-07-27 20:18 . 2012-07-27 20:18 -------- d-----w- c:\programdata\VistaCodecs

2012-07-27 17:32 . 2012-07-27 17:31 268784 ----a-w- c:\windows\system32\javaws.exe

2012-07-27 17:32 . 2012-07-27 17:31 189424 ----a-w- c:\windows\system32\javaw.exe

2012-07-27 17:32 . 2012-07-27 17:31 188912 ----a-w- c:\windows\system32\java.exe

2012-07-27 17:31 . 2012-07-27 17:31 -------- d-----w- c:\program files\Java

2012-07-26 12:44 . 2012-07-27 17:31 955888 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-26 12:44 . 2012-07-27 17:31 839152 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-25 12:19 . 2012-07-25 12:19 -------- d-----w- c:\users\ikke\AppData\Local\Deployment

2012-07-15 15:57 . 2012-07-16 22:09 -------- d-----w- c:\program files (x86)\Fried Cookie

2012-07-15 14:04 . 2012-07-15 14:06 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-11 22:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 19:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-09 12:15 . 2012-04-22 11:51 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 17:46 . 2011-03-22 16:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-07-27 17:46 . 2011-07-06 08:00 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-07-13 11:16 . 2012-04-04 17:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-13 11:16 . 2011-05-15 11:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 22:40 . 2010-11-08 22:48 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-30 12:35 . 2011-05-18 21:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-06-30 12:35 . 2011-07-08 07:34 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-06-02 22:19 . 2012-06-22 08:39 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 08:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 08:40 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 08:40 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 08:39 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 08:40 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 08:39 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 08:39 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-22 08:39 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-11-08 18:09 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 20:27 . 2012-04-14 18:27 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06 . 2012-06-14 09:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 11:00 . 2012-06-28 16:39 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-05-04 10:03 . 2012-06-14 09:55 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 09:55 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-04 09:59 . 2012-06-28 16:39 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-30_17.52.39 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-30 10:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-31 22:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-31 22:19 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-30 10:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-30 10:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-31 22:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-08 18:15 . 2012-08-01 18:37 65810 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-01 18:37 46310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-07-30 15:34 46310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-08 17:53 . 2012-08-01 18:37 19552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3824495805-1637897825-2228832835-1000_UserData.bin

- 2011-02-18 23:30 . 2012-07-30 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-18 23:30 . 2012-08-01 07:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-18 23:30 . 2012-08-01 07:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-18 23:30 . 2012-08-01 07:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-12 12:52 . 2012-07-27 17:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-12 12:52 . 2012-07-31 21:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-30 15:32 . 2012-07-30 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-01 18:34 . 2012-08-01 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-01 18:34 . 2012-08-01 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-30 15:32 . 2012-07-30 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-07-30 15:30 463960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-01 18:32 463960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 09:16 . 2012-07-31 21:01 7570770 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-07-31 21:01 2682926 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-07-31 21:01 2398640 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-07-31 21:01 2082350 c:\windows\system32\perfc009.dat

+ 2012-02-09 18:09 . 2012-08-01 08:34 20469654 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-4096.dat

- 2012-02-09 18:09 . 2012-07-30 15:30 20469654 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-22 611712]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\program files (x86)\ARO 2012\aro.exe" [2012-01-06 2552688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-04-28 44672]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-16 1038088]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:54]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

FF - ProfilePath - c:\users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - %profile%\extensions\belgiumeid@eid.belgium.be

FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync

FF - user.js: extensions.BabylonToolbar_i.id - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar_i.hardId - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15382

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extentions.y2layers.installId - b8398f69-7f47-4c7e-a999-0da58369cae5

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar.instlDay - 15548

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.122:36

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tl=gkn37560&tt=3012_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{88AC3CB6-596B-4217-964C-B6757EF9602D} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,

55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3

"{E634228A-03CF-4BC8-B0AB-668257F1FD8C}"=hex:51,66,7a,6c,4c,1d,38,12,e4,21,27,

e2,fd,4d,a6,0e,cf,bd,25,c2,52,af,b9,98

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,

17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06

"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,

37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a

"{88AC3CB6-596B-4217-964C-B6757EF9602D}"=hex:51,66,7a,6c,4c,1d,38,12,d8,3f,bf,

8c,59,17,79,07,e9,5a,f5,35,7b,a7,24,39

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,

03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,

5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,

e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,

f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a0,51,ee,04,58,08,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-01 21:46:56

ComboFix-quarantined-files.txt 2012-08-01 19:46

ComboFix2.txt 2012-08-01 18:29

ComboFix3.txt 2012-07-30 18:03

.

Pre-Run: 345.518.055.424 bytes beschikbaar

Post-Run: 345.445.969.920 bytes beschikbaar

.

- - End Of File - - B0B03E8CBCDC2BFA4B2BE137B3394282

[kape]

Lange logjes of niet ... dat bekijken we wel Maar we moeten vaststellen dat dit niet gewerkt heeft. Je hebt het scriptje een foute naam gegeven : c:\users\ikke\Desktop\CFScript.txt.txt en dan zet dit Combofix niet opnieuw in werking. De juiste naam van het scriptje moet CFScript.txt zijn.Dit sleep je dan in de snelkoppeling van Combofix en dan zou het de aangegeven opdrachten wél moeten uitvoeren.

[lud]

Hey,

Een nieuwe poging CFScript.txt.

Grtz

Lud

ComboFix 12-07-31.03 - ikke 02/08/2012 13:50:54.4.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3838.1998 [GMT 2:00]

Gestart vanuit: c:\users\ikke\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\ikke\Desktop\CFScript.txt

AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ikke\AppData\Local\Temp\{0EDCE126-E052-4AD2-A5D9-4C39FF8957DB}\fpb.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))

.

.

2012-08-02 12:04 . 2012-08-02 12:04 -------- d-----w- c:\users\Stonne\AppData\Local\temp

2012-08-02 12:04 . 2012-08-02 12:04 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-08-02 12:04 . 2012-08-02 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-02 11:31 . 2012-08-02 11:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872E2EDE-0A4C-4B42-9EAC-F8083A34F325}\offreg.dll

2012-07-31 21:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872E2EDE-0A4C-4B42-9EAC-F8083A34F325}\mpengine.dll

2012-07-30 16:56 . 2012-07-16 12:25 18856 ----a-w- c:\windows\system32\roboot64.exe

2012-07-29 12:30 . 2012-07-29 12:30 388096 ----a-r- c:\users\ikke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-29 12:30 . 2012-07-29 12:30 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\users\ikke\AppData\Roaming\Malwarebytes

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\programdata\Malwarebytes

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-29 11:38 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 17:58 . 2012-07-28 17:58 -------- d-----w- c:\users\ikke\AppData\Local\IsolatedStorage

2012-07-27 20:37 . 2012-07-27 20:37 -------- d-----w- c:\users\ikke\AppData\Roaming\Media Player Classic

2012-07-27 20:37 . 2012-07-27 20:37 -------- d-----w- c:\users\ikke\AppData\Roaming\BabylonToolbar

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\BabylonToolbar

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\Essentials Codec Pack

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\Yontoo

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\programdata\Tarma Installer

2012-07-27 20:29 . 2012-07-27 20:29 -------- d-----w- c:\users\ikke\AppData\Roaming\Nullsoft

2012-07-27 20:18 . 2012-07-27 20:18 -------- d-----w- c:\programdata\VistaCodecs

2012-07-27 17:32 . 2012-07-27 17:31 268784 ----a-w- c:\windows\system32\javaws.exe

2012-07-27 17:32 . 2012-07-27 17:31 189424 ----a-w- c:\windows\system32\javaw.exe

2012-07-27 17:32 . 2012-07-27 17:31 188912 ----a-w- c:\windows\system32\java.exe

2012-07-27 17:31 . 2012-07-27 17:31 -------- d-----w- c:\program files\Java

2012-07-26 12:44 . 2012-07-27 17:31 955888 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-26 12:44 . 2012-07-27 17:31 839152 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-25 12:19 . 2012-07-25 12:19 -------- d-----w- c:\users\ikke\AppData\Local\Deployment

2012-07-15 15:57 . 2012-07-16 22:09 -------- d-----w- c:\program files (x86)\Fried Cookie

2012-07-15 14:04 . 2012-07-15 14:06 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-11 22:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 19:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-09 12:15 . 2012-04-22 11:51 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 17:46 . 2011-03-22 16:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-07-27 17:46 . 2011-07-06 08:00 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-07-13 11:16 . 2012-04-04 17:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-13 11:16 . 2011-05-15 11:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 22:40 . 2010-11-08 22:48 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-30 12:35 . 2011-05-18 21:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-06-30 12:35 . 2011-07-08 07:34 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-06-02 22:19 . 2012-06-22 08:39 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 08:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 08:40 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 08:40 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 08:39 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 08:40 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 08:39 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 08:39 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-22 08:39 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-11-08 18:09 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 20:27 . 2012-04-14 18:27 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-30_17.52.39 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-30 10:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-31 22:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-31 22:19 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-30 10:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-30 10:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-31 22:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-08 18:15 . 2012-08-02 11:32 65882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-02 11:32 46310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-07-30 15:34 46310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-08 17:53 . 2012-08-02 11:32 19552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3824495805-1637897825-2228832835-1000_UserData.bin

- 2011-02-18 23:30 . 2012-07-30 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-18 23:30 . 2012-08-02 11:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-18 23:30 . 2012-08-02 11:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-18 23:30 . 2012-08-02 11:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-12 12:52 . 2012-07-27 17:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-12 12:52 . 2012-07-31 21:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-30 15:32 . 2012-07-30 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-02 11:30 . 2012-08-02 11:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-02 11:30 . 2012-08-02 11:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-30 15:32 . 2012-07-30 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-07-30 15:30 463960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-01 21:39 463960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 09:16 . 2012-07-31 21:01 7570770 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-07-31 21:01 2682926 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-07-31 21:01 2398640 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-07-31 21:01 2082350 c:\windows\system32\perfc009.dat

+ 2012-02-09 18:09 . 2012-08-01 21:39 20469654 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-4096.dat

- 2012-02-09 18:09 . 2012-07-30 15:30 20469654 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-22 611712]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\program files (x86)\ARO 2012\aro.exe" [2012-01-06 2552688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-04-28 44672]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-16 1038088]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:54]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

FF - ProfilePath - c:\users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - %profile%\extensions\belgiumeid@eid.belgium.be

FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync

FF - user.js: extensions.BabylonToolbar_i.id - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar_i.hardId - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15382

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extentions.y2layers.installId - b8398f69-7f47-4c7e-a999-0da58369cae5

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar.instlDay - 15548

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.122:36

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tl=gkn37560&tt=3012_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{88AC3CB6-596B-4217-964C-B6757EF9602D} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,

55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3

"{E634228A-03CF-4BC8-B0AB-668257F1FD8C}"=hex:51,66,7a,6c,4c,1d,38,12,e4,21,27,

e2,fd,4d,a6,0e,cf,bd,25,c2,52,af,b9,98

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,

17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06

"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,

37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a

"{88AC3CB6-596B-4217-964C-B6757EF9602D}"=hex:51,66,7a,6c,4c,1d,38,12,d8,3f,bf,

8c,59,17,79,07,e9,5a,f5,35,7b,a7,24,39

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,

03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,

5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,

e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,

f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a0,51,ee,04,58,08,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-02 14:10:50

ComboFix-quarantined-files.txt 2012-08-02 12:10

ComboFix2.txt 2012-08-01 19:46

ComboFix3.txt 2012-08-01 18:29

ComboFix4.txt 2012-07-30 18:03

.

Pre-Run: 346.219.655.168 bytes beschikbaar

Post-Run: 346.134.937.600 bytes beschikbaar

.

- - End Of File - - 78328B534CF5A51A579DB34EEA861B84

[kape]

Dit lijkt - om onduidelijk redenen - niet gelukt te zijn. Wil je hetzelfde nog eens herhalen in "veilige modus".

[lud]

Hey Kape,

Wanneer ik in veilige modus CFSript.txt in het progje combofix sleep, start dat normaal op, maar wanneer het progje in het blauwe scherm komt, krijg ik een melding dat de titel van CFScript.txt niet de juiste titel is, en met alleen maar de mogelijkheid om ok te klikken. Het progje verdwijnt dan en er gebeurt niets meer.

Grtz

lud

4 augustus 2012 aangepast door lud

[kape]

Combofix zit nu in Downloads. Kan je de snelkoppeling eens verplaatsen naar je bureaublad en daar ook het scriptje op zetten. En dan het scriptje daar in de snelkoppeling slepen.

[lud]

Hey K.

Gedaan zoals gevraagd, en hierna het resultaat.

ComboFix 12-08-05.02 - ikke 05/08/2012 13:06:25.5.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3838.2134 [GMT 2:00]

Gestart vanuit: c:\users\ikke\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\ikke\Desktop\CFScript.txt

AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ikke\AppData\Local\Temp\{F435FFDC-B8E8-46FA-9EAF-175E697862BD}\fpb.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-05 to 2012-08-05 ))))))))))))))))))))))))))))))

.

.

2012-08-05 11:21 . 2012-08-05 11:21 -------- d-----w- c:\users\Stonne\AppData\Local\temp

2012-08-05 11:21 . 2012-08-05 11:21 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-08-05 11:21 . 2012-08-05 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-05 10:52 . 2012-08-05 10:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1355C838-2A92-40FA-A009-C2AC89ACAE0B}\offreg.dll

2012-08-04 18:57 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1355C838-2A92-40FA-A009-C2AC89ACAE0B}\mpengine.dll

2012-07-30 16:56 . 2012-07-16 12:25 18856 ----a-w- c:\windows\system32\roboot64.exe

2012-07-29 12:30 . 2012-07-29 12:30 388096 ----a-r- c:\users\ikke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-29 12:30 . 2012-07-29 12:30 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\users\ikke\AppData\Roaming\Malwarebytes

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\programdata\Malwarebytes

2012-07-29 11:38 . 2012-07-29 11:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-29 11:38 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 17:58 . 2012-07-28 17:58 -------- d-----w- c:\users\ikke\AppData\Local\IsolatedStorage

2012-07-27 20:37 . 2012-07-27 20:37 -------- d-----w- c:\users\ikke\AppData\Roaming\Media Player Classic

2012-07-27 20:37 . 2012-07-27 20:37 -------- d-----w- c:\users\ikke\AppData\Roaming\BabylonToolbar

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\BabylonToolbar

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\Essentials Codec Pack

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\program files (x86)\Yontoo

2012-07-27 20:36 . 2012-07-27 20:36 -------- d-----w- c:\programdata\Tarma Installer

2012-07-27 20:29 . 2012-07-27 20:29 -------- d-----w- c:\users\ikke\AppData\Roaming\Nullsoft

2012-07-27 20:18 . 2012-07-27 20:18 -------- d-----w- c:\programdata\VistaCodecs

2012-07-27 17:32 . 2012-07-27 17:31 268784 ----a-w- c:\windows\system32\javaws.exe

2012-07-27 17:32 . 2012-07-27 17:31 189424 ----a-w- c:\windows\system32\javaw.exe

2012-07-27 17:32 . 2012-07-27 17:31 188912 ----a-w- c:\windows\system32\java.exe

2012-07-27 17:31 . 2012-07-27 17:31 -------- d-----w- c:\program files\Java

2012-07-26 12:44 . 2012-07-27 17:31 955888 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-26 12:44 . 2012-07-27 17:31 839152 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-25 12:19 . 2012-07-25 12:19 -------- d-----w- c:\users\ikke\AppData\Local\Deployment

2012-07-15 15:57 . 2012-07-16 22:09 -------- d-----w- c:\program files (x86)\Fried Cookie

2012-07-15 14:04 . 2012-07-15 14:06 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-11 22:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 19:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-09 12:15 . 2012-04-22 11:51 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 17:46 . 2011-03-22 16:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-07-27 17:46 . 2011-07-06 08:00 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-07-13 11:16 . 2012-04-04 17:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-13 11:16 . 2011-05-15 11:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 22:40 . 2010-11-08 22:48 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-30 12:35 . 2011-05-18 21:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-06-30 12:35 . 2011-07-08 07:34 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-06-02 22:19 . 2012-06-22 08:39 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 08:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 08:40 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 08:40 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 08:39 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 08:40 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 08:39 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 08:39 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-22 08:39 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-11-08 18:09 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-30_17.52.39 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-30 10:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-04 20:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-30 10:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-04 20:47 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-30 10:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-04 20:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-08 18:15 . 2012-08-05 10:52 66050 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-07-30 15:34 46310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-05 10:52 46310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-08 17:53 . 2012-08-05 10:52 19552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3824495805-1637897825-2228832835-1000_UserData.bin

+ 2010-11-22 18:51 . 2012-08-02 21:45 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2010-11-22 18:51 . 2011-04-23 20:54 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2011-02-18 23:30 . 2012-08-05 09:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-18 23:30 . 2012-08-05 09:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-18 23:30 . 2012-07-30 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-18 23:30 . 2012-08-05 09:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-12 12:52 . 2012-07-27 17:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-12 12:52 . 2012-07-31 21:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-30 15:32 . 2012-07-30 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-05 10:49 . 2012-08-05 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-30 15:32 . 2012-07-30 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-05 10:49 . 2012-08-05 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-11-08 18:49 . 2012-08-02 18:45 301816 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 05:01 . 2012-07-30 15:30 463960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-05 10:47 463960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 09:16 . 2012-07-31 21:01 7570770 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2012-07-31 21:01 2682926 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-07-31 21:01 2398640 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-07-31 21:01 2082350 c:\windows\system32\perfc009.dat

+ 2012-02-12 17:55 . 2012-08-02 23:03 1867883 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-8192.dat

- 2012-02-12 17:55 . 2012-07-25 12:24 1867883 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-8192.dat

+ 2012-03-22 18:49 . 2012-08-04 22:28 1113216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-02-09 18:09 . 2012-08-05 10:47 20469654 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-4096.dat

- 2012-02-09 18:09 . 2012-07-30 15:30 20469654 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3824495805-1637897825-2228832835-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-22 611712]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\program files (x86)\ARO 2012\aro.exe" [2012-01-06 2552688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-04-28 44672]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-16 1038088]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1255736]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:54]

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.be/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

FF - ProfilePath - c:\users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - %profile%\extensions\belgiumeid@eid.belgium.be

FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync

FF - user.js: extensions.BabylonToolbar_i.id - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar_i.hardId - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15382

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extentions.y2layers.installId - b8398f69-7f47-4c7e-a999-0da58369cae5

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 6cd147200000000000000022200495b4

FF - user.js: extensions.BabylonToolbar.instlDay - 15548

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.122:36

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tl=gkn37560&tt=3012_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{88AC3CB6-596B-4217-964C-B6757EF9602D} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,

55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3

"{E634228A-03CF-4BC8-B0AB-668257F1FD8C}"=hex:51,66,7a,6c,4c,1d,38,12,e4,21,27,

e2,fd,4d,a6,0e,cf,bd,25,c2,52,af,b9,98

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,

17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06

"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,

37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a

"{88AC3CB6-596B-4217-964C-B6757EF9602D}"=hex:51,66,7a,6c,4c,1d,38,12,d8,3f,bf,

8c,59,17,79,07,e9,5a,f5,35,7b,a7,24,39

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,

03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,

5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,

e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,

f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a0,51,ee,04,58,08,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-05 13:27:53

ComboFix-quarantined-files.txt 2012-08-05 11:27

ComboFix2.txt 2012-08-02 12:10

ComboFix3.txt 2012-08-01 19:46

ComboFix4.txt 2012-08-01 18:29

ComboFix5.txt 2012-08-02 22:03

.

Pre-Run: 346.610.544.640 bytes beschikbaar

Post-Run: 346.332.999.680 bytes beschikbaar

.

- - End Of File - - C8A8DE0AD441DD9A90EB948B578E5C36

GRTZ

LUD

[kape]

Download AdwCleaner by Xplode naar je Bureaublad.

• Sluit alle openstaande vensters
  
• Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  
• Klik vervolgens op Delete
  
• Klik bij AdwCleaner – Information op OK
  
• Klik bij AdwCleaner – Restart Required op OK
  

Alle icoontjes verdwijnen van het Bureaublad, Dit is normaal

Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier in een volgende bericht.

[lud]

Goe middag Kape,

Logfile van ADWCleaner(S1).txt

Grtz

Lud

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 12:00:50

# Updated 01/08/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : ikke - IKKE-PC

# Running from : C:\Users\ikke\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\ikke\AppData\Local\APN

Folder Deleted : C:\Users\ikke\AppData\Local\Babylon

Folder Deleted : C:\Users\ikke\AppData\Local\Conduit

Folder Deleted : C:\Users\ikke\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\ikke\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\ikke\AppData\LocalLow\Freecorder

Folder Deleted : C:\Users\ikke\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\ikke\AppData\Roaming\Babylon

Folder Deleted : C:\Users\ikke\AppData\Roaming\BabylonToolbar

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\Conduit

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\ConduitCommon

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\ConduitEngine

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\CT1060933

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\SweetIMToolbarData

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\WinampToolbarData

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\extensions\plugin@yontoo.com

Folder Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\extensions\staged

Folder Deleted : C:\Users\ikke\Documents\Freecorder

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder

Folder Deleted : C:\Program Files\Babylon

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\BabylonToolbar

Folder Deleted : C:\Program Files (x86)\Freecorder

Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\adapter@babylontc.com

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Program Files (x86)\Common Files\spigot

File Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\searchplugins\aol-web-search.xml

File Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\searchplugins\Conduit.xml

File Deleted : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\searchplugins\SweetIm.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

[*] Key Deleted : HKCU\Software\SMTTB2009

[*] Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar

[*] Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\AutocompleteProBHO

Key Deleted : HKCU\Software\Babylon

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Freecorder

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Somoto Toolbar

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\BabyDict

Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Freecorder

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\SweetIM

[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25751EA4-85B2-4FC5-B4AB-6F040B25F09B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB49C5E9-2717-4205-8E98-A29C8AAD2610}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.bigseekpro.com/howfytdl/{605961C2-9A04-480B-95E7-32AB02DE6172}?s_src=newtab --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.13 (nl)

Profile name : default

File : C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\prefs.js

C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\qddxjtsa.default\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);

Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Wed May 16 2012 17:43:40 GMT+0200");

Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);

Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);

Deleted : user_pref("CT1060933.CTID", "CT1060933");

Deleted : user_pref("CT1060933.CurrentServerDate", "26-5-2012");

Deleted : user_pref("CT1060933.DSInstall", false);

Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Wed May 23 2012 15:52:27 GMT+0200");

Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");

Deleted : user_pref("CT1060933.FirstServerDate", "5-2-2012");

Deleted : user_pref("CT1060933.FirstTime", true);

Deleted : user_pref("CT1060933.FirstTimeFF3", true);

Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);

Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT1060933.HPInstall", false);

Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);

Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);

Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://www.bigseekpro.com/howfytdl/{605961C2-9A04-480B-[...]

Deleted : user_pref("CT1060933.Initialize", true);

Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);

Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");

Deleted : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");

Deleted : user_pref("CT1060933.InstalledDate", "Sun Feb 05 2012 17:13:51 GMT+0100");

Deleted : user_pref("CT1060933.InvalidateCache", false);

Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);

Deleted : user_pref("CT1060933.IsGrouping", false);

Deleted : user_pref("CT1060933.IsInitSetupIni", true);

Deleted : user_pref("CT1060933.IsMulticommunity", false);

Deleted : user_pref("CT1060933.IsOpenThankYouPage", false);

Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);

Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Sat May 26 2012 11:48:39 GMT+0200");

Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Sat May 26 2012 11:48:40 GMT+0200");

Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Wed May 23 2012 15:52:28 GMT+0200");

Deleted : user_pref("CT1060933.LatestVersion", "3.13.0.6");

Deleted : user_pref("CT1060933.Locale", "en-us");

Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT1060933.MCDetectTooltipShow", false);

Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");

Deleted : user_pref("CT1060933.RadioIsPodcast", false);

Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sat May 26 2012 11:48:41 GMT+0200");

Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");

Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");

Deleted : user_pref("CT1060933.RadioMediaID", "21504191");

Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");

Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");

Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT1060933.RadioStationName", "KFOG");

Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");

Deleted : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");

Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Search");

Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]

Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);

Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sat May 26 2012 11:48:41 GMT+0200");

Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT1060933.SearchProtectorEnabled", false);

Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT1060933.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat May 26 2012 11:48:39 GMT+0200");

Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sat May 26 2012 11:48:37 GMT+0200");

Deleted : user_pref("CT1060933.SettingsLastUpdate", "1337169810");

Deleted : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");

Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Fri May 11 2012 15:06:04 GMT+0200");

Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");

Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT1060933.UserID", "UN89787748699397952");

Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);

Deleted : user_pref("CT1060933.alertChannelId", "15651");

Deleted : user_pref("CT1060933.approveUntrustedApps", false);

Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");

Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");

Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E2046656220303520323031322031373A31343A31302[...]

Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");

Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "5475652041707220303320323031322032303A[...]

Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "62656C6769756D");

Deleted : user_pref("CT1060933.backendstorage.url_history0001", "68747470733A2F2F7777772E652D6C6F74746F2E62652[...]

Deleted : user_pref("CT1060933.components.129078058382649592", false);

Deleted : user_pref("CT1060933.components.129272674122038321", false);

Deleted : user_pref("CT1060933.components.129681785283868963", false);

Deleted : user_pref("CT1060933.components.129686665230467549", false);

Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Wed May 23 2012 15:52:28 GMT+0200");

Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT1060933.initDone", true);

Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);

Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);

Deleted : user_pref("CT1060933.myStuffEnabled", true);

Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]

Deleted : user_pref("CT1060933.revertSettingsEnabled", true);

Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT1060933.testingCtid", "");

Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sat May 26 2012 11:48:39 GMT+0200");

Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Wed May 16 2012 17:43:30 GMT+0200");

Deleted : user_pref("CT1060933.usagesFlag", 2);

Deleted : user_pref("CT2139138..clientLogIsEnabled", false);

Deleted : user_pref("CT2139138..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2139138..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2139138.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2139138.CTID", "CT2139138");

Deleted : user_pref("CT2139138.CurrentServerDate", "14-2-2012");

Deleted : user_pref("CT2139138.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2139138.DownloadReferralCookieData", "");

Deleted : user_pref("CT2139138.EMailNotifierPollDate", "Tue Feb 14 2012 18:16:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedLastCount8230079780051918178", 158);

Deleted : user_pref("CT2139138.FeedPollDate2429156812186649977", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813040823546", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813130095866", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813224203613", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813230837251", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813454291735", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813729834876", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156813860870021", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156814264681793", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156814863075366", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedPollDate2429156815257761081", "Tue Feb 14 2012 18:11:17 GMT+0100");

Deleted : user_pref("CT2139138.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2139138.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2139138.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2139138.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2139138.FirstServerDate", "14-2-2012");

Deleted : user_pref("CT2139138.FirstTime", true);

Deleted : user_pref("CT2139138.FirstTimeFF3", true);

Deleted : user_pref("CT2139138.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2139138.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2139138.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2139138.HasUserGlobalKeys", true);

Deleted : user_pref("CT2139138.Initialize", true);

Deleted : user_pref("CT2139138.InitializeCommonPrefs", true);

Deleted : user_pref("CT2139138.InstallationAndCookieDataSentCount", 1);

Deleted : user_pref("CT2139138.InstallationId", "np_0126");

Deleted : user_pref("CT2139138.InstallationType", "ExternalIntegration");

Deleted : user_pref("CT2139138.InstalledDate", "Tue Feb 14 2012 18:11:05 GMT+0100");

Deleted : user_pref("CT2139138.InvalidateCache", false);

Deleted : user_pref("CT2139138.IsGrouping", false);

Deleted : user_pref("CT2139138.IsMulticommunity", false);

Deleted : user_pref("CT2139138.IsOpenThankYouPage", false);

Deleted : user_pref("CT2139138.IsOpenUninstallPage", true);

Deleted : user_pref("CT2139138.LanguagePackLastCheckTime", "Tue Feb 14 2012 18:11:09 GMT+0100");

Deleted : user_pref("CT2139138.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2139138.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2139138.LastLogin_3.2.5.2", "Tue Feb 14 2012 18:11:06 GMT+0100");

Deleted : user_pref("CT2139138.LatestVersion", "3.9.0.3");

Deleted : user_pref("CT2139138.Locale", "en-us");

Deleted : user_pref("CT2139138.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2139138.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2139138.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2139138.RadioIsPodcast", false);

Deleted : user_pref("CT2139138.RadioLastCheckTime", "Tue Feb 14 2012 18:11:19 GMT+0100");

Deleted : user_pref("CT2139138.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2139138.RadioLastUpdateServer", "128929877726170000");

Deleted : user_pref("CT2139138.RadioMediaID", "9837767");

Deleted : user_pref("CT2139138.RadioMediaType", "Media Player");

Deleted : user_pref("CT2139138.RadioMenuSelectedID", "EBRadioMenu_CT21391389837767");

Deleted : user_pref("CT2139138.RadioStationName", "KABC%20");

Deleted : user_pref("CT2139138.RadioStationURL", "hxxp://citadelcc-kabc-am.wm.llnwd.net/citadelcc_KABC_AM");

Deleted : user_pref("CT2139138.SavedHomepage", "hxxp://search.babylon.com/?AF=109156&babsrc=HP_ss&mntrId=6cd14[...]

Deleted : user_pref("CT2139138.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2139138.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT213[...]

Deleted : user_pref("CT2139138.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2139138.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2139138.SearchInNewTabLastCheckTime", "Tue Feb 14 2012 18:11:07 GMT+0100");

Deleted : user_pref("CT2139138.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2139138.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2139138.ServiceMapLastCheckTime", "Tue Feb 14 2012 18:11:00 GMT+0100");

Deleted : user_pref("CT2139138.SettingsLastCheckTime", "Tue Feb 14 2012 18:11:02 GMT+0100");

Deleted : user_pref("CT2139138.SettingsLastUpdate", "1328619749");

Deleted : user_pref("CT2139138.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2139138.ThirdPartyComponentsLastCheck", "Tue Feb 14 2012 18:11:00 GMT+0100");

Deleted : user_pref("CT2139138.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT2139138.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Deleted : user_pref("CT2139138.UserID", "UN76620982723666048");

Deleted : user_pref("CT2139138.WeatherNetwork", "");

Deleted : user_pref("CT2139138.WeatherPollDate", "Tue Feb 14 2012 18:11:07 GMT+0100");

Deleted : user_pref("CT2139138.WeatherUnit", "C");

Deleted : user_pref("CT2139138.alertChannelId", "538808");

Deleted : user_pref("CT2139138.backendstorage.ct2139138ads1", "25374225323261647325323225334125354225374225323[...]

Deleted : user_pref("CT2139138.backendstorage.ct2139138current_term", "");

Deleted : user_pref("CT2139138.backendstorage.ct2139138sdate", "3134");

Deleted : user_pref("CT2139138.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Deleted : user_pref("CT2139138.myStuffEnabled", true);

Deleted : user_pref("CT2139138.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2139138.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2139138.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2139138.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2139138.testingCtid", "");

Deleted : user_pref("CT2139138.toolbarAppMetaDataLastCheckTime", "Tue Feb 14 2012 18:11:06 GMT+0100");

Deleted : user_pref("CT2139138.toolbarContextMenuLastCheckTime", "Tue Feb 14 2012 18:11:09 GMT+0100");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2139138/CT2139138[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/BE", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/538808/534677/BE", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BE", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2139138", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"13a760730d9291[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2139138");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{3796e649-4334-4cbf-89d3-a927554ad438}");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "pc_gear_en_generic");

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ikke\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2139138");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{3796e649-4334-4cbf-89d3-a927554ad438}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "pc_gear_en_generic");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?AF=100888&bab[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933,CT2139138,ConduitEngine");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933,CT2139138");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 04 2012 00:32:10 GMT+0200");

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 04 2012 00:32:10 GMT+0200");

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "83323891-bfed-4df9-90c5-d116329fad77");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 14 2012 18:11:11 GMT+0100");

Deleted : user_pref("CommunityToolbar.globalUserId", "6b6823d1-f116-45a3-af0a-dd2eab1aa0fe");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2139138");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat May 19 2012 16:39:2[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat May 26 2012 11:48:49 GMT+020[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat May 26 2012 11:48:39 GMT+0200");

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "a334e8ac-ba00-49bf-9706-e92732b9b484");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");

Deleted : user_pref("ConduitEngine.FirstServerDate", "02/14/2012 20");

Deleted : user_pref("ConduitEngine.FirstTime", true);

Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);

Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Deleted : user_pref("ConduitEngine.Initialize", true);

Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Feb 14 2012 18:11:11 GMT+0100");

Deleted : user_pref("ConduitEngine.IsMulticommunity", false);

Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);

Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri May 04 2012 00:32:12 GMT+0200");

Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri May 04 2012 00:32:12 GMT+0200");

Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);

Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 04 2012 00:32:12 GMT+0200");

Deleted : user_pref("ConduitEngine.UserID", "UN99458103370378484");

Deleted : user_pref("ConduitEngine.engineLocale", "nl");

Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri May 04 2012 00:32:12 GMT+0200");

Deleted : user_pref("ConduitEngine.initDone", true);

Deleted : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 31);

Deleted : user_pref("aol_toolbar.surf.date", "5");

Deleted : user_pref("aol_toolbar.surf.lastDate", "26");

Deleted : user_pref("aol_toolbar.surf.lastMonth", "4");

Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");

Deleted : user_pref("aol_toolbar.surf.month", "70");

Deleted : user_pref("aol_toolbar.surf.prevMonth", "78");

Deleted : user_pref("aol_toolbar.surf.total", "557");

Deleted : user_pref("aol_toolbar.surf.week", "29");

Deleted : user_pref("aol_toolbar.surf.year", "362");

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tl=gkn37560&tt=3012_1&babsr[...]

Deleted : user_pref("browser.search.defaultthis.engineName", "PC Gear EN Generic Customized Web Search");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109156");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);

Deleted : user_pref("extensions.BabylonToolbar.id", "6cd147200000000000000022200495b4");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15548");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=109156&babsrc=adbar[...]

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:31:26");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?AF=109156&babsrc=NT_ss&[...]

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 76585840);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:31:26");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tl=gkn37560&tt=3012_1");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "6cd147200000000000000022200495b4");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "6cd147200000000000000022200495b4");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15382");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.122:36:55");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=bf2&f=5");

Deleted : user_pref("extensions.facemoods.aflt", "bf2");

Deleted : user_pref("extensions.facemoods.dfltSrch", true);

Deleted : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");

Deleted : user_pref("extensions.facemoods.dnsErr", true);

Deleted : user_pref("extensions.facemoods.firstRun", true);

Deleted : user_pref("extensions.facemoods.hmpg", true);

Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=bf2");

Deleted : user_pref("extensions.facemoods.id", "6cd147200000000000000022200495b4");

Deleted : user_pref("extensions.facemoods.instlDay", "15257");

Deleted : user_pref("extensions.facemoods.mntz", "");

Deleted : user_pref("extensions.facemoods.newTab", true);

Deleted : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=bf2&f=2");

Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com");

Deleted : user_pref("extensions.facemoods.searchProviderAdded", true);

Deleted : user_pref("extensions.facemoods.sid", "0ecb0338f946477fa3b44fd7e7fcb9f8");

Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=bf2&f=3");

Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11");

Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/howfytdl/{605961C2-9A04-480B-[...]

Deleted : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/howfytdl/{605961C2-9A04-480B-95E7-32AB02DE61[...]

Deleted : user_pref("somoto.old_dnscatch", "hxxp://search.babylon.com/?AF=100888&babsrc=adbartrp&mntrId=6cd147[...]

Deleted : user_pref("somoto.old_homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");

Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.mode.debug", "false");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Yahoo");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&e[...]

Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");

Deleted : user_pref("sweetim.toolbar.simapp_id", "{1C38B130-F344-11E0-9F47-0022200495B4}");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");

Deleted : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]

Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);

Deleted : user_pref("winamp_toolbar.guid", "{1FD00DC8-842A-D1C2-BAA4-4176D7DC0371}");

Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.19.1");

Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "26");

Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "4");

Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2012");

Deleted : user_pref("winamp_toolbar.metrics.originalDate", "18");

Deleted : user_pref("winamp_toolbar.metrics.originalHours", "13");

Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "34");

Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "11");

Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "36");

Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2011");

Deleted : user_pref("winamp_toolbar.remote.publish.xml", "1338025713010");

Deleted : user_pref("winamp_toolbar.search.cid", "26-05-2012");

Deleted : user_pref("winamp_toolbar.search.focusnewtab", false);

Deleted : user_pref("winamp_toolbar.search.instd", "20110501122040017");

Deleted : user_pref("winamp_toolbar.search.newtab", false);

Deleted : user_pref("winamp_toolbar.search.oid", "18-11-2011");

Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);

Deleted : user_pref("winamp_toolbar.search.savehistory", true);

Deleted : user_pref("winamp_toolbar.search.searchtype", "web");

Deleted : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");

Deleted : user_pref("winamp_toolbar.skin.custom", true);

Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);

Deleted : user_pref("winamp_toolbar.winamp.artist", "");

Deleted : user_pref("winamp_toolbar.winamp.button.focus", true);

Deleted : user_pref("winamp_toolbar.winamp.button.forward", true);

Deleted : user_pref("winamp_toolbar.winamp.button.open", true);

Deleted : user_pref("winamp_toolbar.winamp.button.pause", true);

Deleted : user_pref("winamp_toolbar.winamp.button.play", true);

Deleted : user_pref("winamp_toolbar.winamp.button.rewind", true);

Deleted : user_pref("winamp_toolbar.winamp.button.stop", false);

Deleted : user_pref("winamp_toolbar.winamp.button.volume", true);

Deleted : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");

Deleted : user_pref("winamp_toolbar.winamp.ticker.show", true);

Deleted : user_pref("winamp_toolbar.winamp.title", "");

Deleted : user_pref("winamp_toolbar.winamp.volume", "");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\ikke\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]

Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]

Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

Deleted : "homepage": "hxxp://search.babylon.com/?affID=113480&tl=gkn37560&tt=3012_1&babsrc=HP_ss&mntrId=6c[...]

Deleted : "urls_to_restore_on_startup": ["hxxp://search.babylon.com/?affID=113480&tl=gkn37560&tt=3012_1&[...]

*************************

AdwCleaner[s1].txt - [59276 octets] - [06/08/2012 12:00:50]

########## EOF - C:\AdwCleaner[s1].txt - [59405 octets] ##########

[kape]

En hoe staat het nu met de gemelde problemen ?