Ga naar inhoud

Politie Ukash virus.... wil iemand mij helpen met het lezen van Hijack This log

Malden
 Delen

Aanbevolen berichten

Malden Groentje

Malden

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Unhide.exe heb ik gedraait en op het eind gaf hij aan dat alles zichtbaar zou moeten zijn.

Hiervoor heb ik nog de combofix gedraait d.m.v de kladbloktekst er in te zetten en te laten draaien

Combofix tekst

ComboFix 12-08-14.05 - joost 15-08-2012 17:48:14.3.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3002.1823 [GMT 2:00]

Gestart vanuit: c:\users\joost\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\joost\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-15 to 2012-08-15 ))))))))))))))))))))))))))))))

.

.

2012-08-15 16:00 . 2012-08-15 16:01 -------- d-----w- c:\users\joost\AppData\Local\temp

2012-08-15 16:00 . 2012-08-15 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-15 12:47 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-08-14 15:46 . 2012-08-14 15:46 -------- d-----w- c:\users\joost\AppData\Roaming\Malwarebytes

2012-08-14 15:45 . 2012-08-14 15:45 -------- d-----w- c:\programdata\Malwarebytes

2012-08-14 15:45 . 2012-08-14 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-14 15:45 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-14 10:30 . 2012-08-14 10:30 388096 ----a-r- c:\users\joost\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-14 06:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C1BCC19-0A1F-4162-B37C-07650A3BF9A0}\mpengine.dll

2012-08-11 07:52 . 2012-08-11 07:52 -------- d-----w- c:\windows\system32\aliedit

2012-08-11 07:51 . 2012-08-11 07:53 -------- d-----w- c:\program files\Trademanager

2012-08-11 07:39 . 2012-08-11 07:39 -------- d-----w- c:\users\joost\AppData\Local\Alibaba

2012-08-07 07:14 . 2012-08-07 07:14 -------- d-----w- c:\users\joost\AppData\Local\nptrademanager

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 07:19 . 2012-07-01 09:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-03 07:19 . 2011-05-13 05:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-13 21:29 . 2012-06-13 21:29 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 21:29 . 2012-06-13 21:29 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 21:29 . 2012-06-13 21:29 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 16:47 . 2012-07-11 06:18 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-07-11 06:18 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26 . 2012-07-11 06:18 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:19 . 2012-06-25 07:47 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-25 07:47 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-25 07:46 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-25 07:46 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-25 07:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-25 07:46 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-25 07:46 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-25 07:46 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-25 07:46 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 00:04 . 2012-07-11 06:18 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-07-11 06:18 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 10:25 . 2010-08-06 10:07 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-30 11:50 . 2011-06-13 11:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-15_08.21.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-15 06:35 . 2012-05-11 13:59 61440 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.exe

+ 2012-08-15 06:35 . 2012-06-28 12:54 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23385_none_a8f1d5818da0ad00\iesetup.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23385_none_a8f1d5818da0ad00\iernonce.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.19298_none_a86069a87488752c\iesetup.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.19298_none_a86069a87488752c\iernonce.dll

+ 2012-08-15 06:35 . 2012-06-28 12:56 67072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.23385_none_2b4a09c4728c2886\mshtmled.dll

+ 2012-08-15 06:35 . 2012-06-28 11:32 67072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.19298_none_2ab89deb5973f0b2\mshtmled.dll

+ 2012-08-15 06:35 . 2012-06-28 09:08 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23385_none_df6f0f6709e96757\msfeedssync.exe

+ 2012-08-15 06:35 . 2012-06-28 12:56 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23385_none_df6f0f6709e96757\msfeedsbs.dll

+ 2012-08-15 06:35 . 2012-06-28 08:18 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.19298_none_dedda38df0d12f83\msfeedssync.exe

+ 2012-08-15 06:35 . 2012-06-28 11:32 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.19298_none_dedda38df0d12f83\msfeedsbs.dll

+ 2012-08-15 06:35 . 2012-06-28 12:55 43520 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.23385_none_ad0278477f1a1c5f\licmgr10.dll

+ 2012-08-15 06:35 . 2012-06-28 11:32 43520 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.19298_none_ac710c6e6601e48b\licmgr10.dll

+ 2012-08-15 06:35 . 2012-06-28 13:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\WininetPlugin.dll

+ 2012-08-15 06:35 . 2012-06-28 12:55 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\jsproxy.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\WininetPlugin.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\jsproxy.dll

+ 2008-01-21 01:58 . 2012-08-15 11:02 73712 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-08-26 22:27 . 2012-08-15 08:02 19486 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017314912-3688995786-4245544152-1000_UserData.bin

+ 2009-08-26 22:27 . 2012-08-15 15:22 19486 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017314912-3688995786-4245544152-1000_UserData.bin

+ 2012-08-15 06:35 . 2012-06-28 11:32 67072 c:\windows\System32\mshtmled.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 67072 c:\windows\System32\mshtmled.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 13312 c:\windows\System32\msfeedssync.exe

+ 2012-08-15 06:35 . 2012-06-28 08:18 13312 c:\windows\System32\msfeedssync.exe

+ 2012-08-15 06:35 . 2012-06-28 11:32 55296 c:\windows\System32\msfeedsbs.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 55296 c:\windows\System32\msfeedsbs.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 64512 c:\windows\System32\migration\WininetPlugin.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 64512 c:\windows\System32\migration\WininetPlugin.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 43520 c:\windows\System32\licmgr10.dll

+ 2012-08-15 06:35 . 2012-06-28 11:32 43520 c:\windows\System32\licmgr10.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 25600 c:\windows\System32\jsproxy.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 25600 c:\windows\System32\jsproxy.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 71680 c:\windows\System32\iesetup.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 71680 c:\windows\System32\iesetup.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 55808 c:\windows\System32\iernonce.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 55808 c:\windows\System32\iernonce.dll

- 2009-06-18 01:35 . 2012-08-15 07:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-18 01:35 . 2012-08-15 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-18 01:35 . 2012-08-15 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-06-18 01:35 . 2012-08-15 07:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-05-11 11:23 . 2012-05-11 11:23 49936 c:\windows\Installer\{95120000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe

+ 2012-08-15 12:51 . 2012-08-15 12:51 49936 c:\windows\Installer\{95120000-00AF-0413-0000-0000000FF1CE}\ppvwicon.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2012-05-11 11:32 . 2012-05-11 11:32 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2012-08-15 12:49 . 2012-08-15 12:49 35600 c:\windows\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2012-08-15 15:17 . 2012-08-15 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-15 07:57 . 2012-08-15 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-15 15:17 . 2012-08-15 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-15 07:57 . 2012-08-15 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-15 06:35 . 2012-05-11 14:48 873984 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.0.6002.22857_none_de7664838a609746\printui.dll

+ 2012-08-15 06:35 . 2012-05-11 14:48 216064 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.dll

+ 2012-08-15 06:35 . 2012-05-11 14:47 624128 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.22857_none_325c7214a9142e65\localspl.dll

+ 2012-08-15 06:35 . 2012-05-11 15:57 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.18631_none_31e2717f8febc188\localspl.dll

+ 2012-08-15 06:35 . 2012-06-29 15:02 467968 c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.22887_none_8f54bf68180e478f\netapi32.dll

+ 2012-08-15 06:35 . 2012-06-29 16:01 467968 c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.18659_none_8eed910efed68979\netapi32.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23385_none_47c38cfcdd466cdb\ieui.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19298_none_47322123c42e3507\ieui.dll

+ 2012-08-15 06:35 . 2012-06-28 13:01 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.23385_none_d34bf1a38cf1c422\url.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.19298_none_d2ba85ca73d98c4e\url.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.23385_none_feb33a2de923e9c5\iesysprep.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.19298_none_fe21ce54d00bb1f1\iesysprep.dll

+ 2012-08-15 06:35 . 2012-06-28 09:10 174080 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23385_none_a8f1d5818da0ad00\ie4uinit.exe

+ 2012-08-15 06:35 . 2012-06-28 08:19 174080 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.19298_none_a86069a87488752c\ie4uinit.exe

+ 2012-08-15 06:35 . 2012-06-28 13:00 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23385_none_2ac4cab6bbab93d5\sqmapi.dll

+ 2012-08-15 06:35 . 2012-06-28 11:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.19298_none_2a335edda2935c01\sqmapi.dll

+ 2012-08-15 06:35 . 2012-06-28 12:58 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23385_none_1a478889434a7943\occache.dll

+ 2012-08-15 06:35 . 2012-06-28 11:35 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.19298_none_19b61cb02a32416f\occache.dll

+ 2012-08-15 06:35 . 2012-06-28 12:55 522240 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.23385_none_9d8d6f3afccca061\jsdbgui.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 521728 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.19298_none_9cfc0361e3b4688d\jsdbgui.dll

+ 2012-08-15 06:35 . 2012-06-28 13:04 638048 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23385_none_128320664925e45b\iexplore.exe

+ 2012-08-15 06:35 . 2012-06-28 09:10 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23385_none_128320664925e45b\ieUnatt.exe

+ 2012-08-15 06:35 . 2012-06-28 11:40 638048 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19298_none_11f1b48d300dac87\iexplore.exe

+ 2012-08-15 06:35 . 2012-06-28 08:19 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19298_none_11f1b48d300dac87\ieUnatt.exe

+ 2012-08-15 06:35 . 2012-06-28 12:54 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.23385_none_2aae5052c9606665\IEShims.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.19298_none_2a1ce479b0482e91\IEShims.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.23385_none_735004bc79b7fff7\ieproxy.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.19298_none_72be98e3609fc823\ieproxy.dll

+ 2012-08-15 06:35 . 2012-06-28 12:56 630272 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.23385_none_4307aaa9699dc830\msfeeds.dll

+ 2012-08-15 06:35 . 2012-06-28 11:32 629760 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.19298_none_42763ed05085905c\msfeeds.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.23385_none_1ec62d2d6efdc1b9\iedvtool.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.19298_none_1e34c15455e589e5\iedvtool.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.23385_none_1fe4a50c21353dda\iepeers.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.19298_none_1f533933081d0606\iepeers.dll

+ 2012-08-15 06:35 . 2012-06-28 12:54 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.23385_none_57718cd686a4963f\iedkcs32.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.19298_none_56e020fd6d8c5e6b\iedkcs32.dll

+ 2012-08-15 06:35 . 2012-06-28 13:01 920064 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\wininet.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 916992 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\wininet.dll

+ 2012-08-15 06:35 . 2012-06-28 12:56 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.23385_none_c3e6c701ab9a0e54\mstime.dll

+ 2012-08-15 06:35 . 2012-06-28 11:33 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.19298_none_c3555b289281d680\mstime.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 916992 c:\windows\System32\wininet.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 916992 c:\windows\System32\wininet.dll

+ 2009-08-26 23:10 . 2012-08-15 12:40 889994 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 13:02 . 2012-08-15 15:22 117528 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2012-08-15 06:35 . 2012-06-28 11:37 105984 c:\windows\System32\url.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 105984 c:\windows\System32\url.dll

+ 2012-08-15 06:35 . 2012-06-28 11:35 206848 c:\windows\System32\occache.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 206848 c:\windows\System32\occache.dll

+ 2012-08-15 06:35 . 2012-06-29 16:01 467968 c:\windows\System32\netapi32.dll

+ 2012-08-15 06:35 . 2012-06-28 11:33 611840 c:\windows\System32\mstime.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 611840 c:\windows\System32\mstime.dll

+ 2012-08-15 06:35 . 2012-06-28 11:32 629760 c:\windows\System32\msfeeds.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 629760 c:\windows\System32\msfeeds.dll

- 2010-08-06 10:17 . 2009-04-23 12:14 623616 c:\windows\System32\localspl.dll

+ 2012-08-15 06:35 . 2012-05-11 15:57 623616 c:\windows\System32\localspl.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 133632 c:\windows\System32\ieUnatt.exe

+ 2012-08-15 06:35 . 2012-06-28 08:19 133632 c:\windows\System32\ieUnatt.exe

+ 2012-08-15 06:35 . 2012-06-28 11:31 164352 c:\windows\System32\ieui.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 164352 c:\windows\System32\ieui.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 109056 c:\windows\System32\iesysprep.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 109056 c:\windows\System32\iesysprep.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 184320 c:\windows\System32\iepeers.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 184320 c:\windows\System32\iepeers.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 387584 c:\windows\System32\iedkcs32.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 387584 c:\windows\System32\iedkcs32.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 174080 c:\windows\System32\ie4uinit.exe

+ 2012-08-15 06:35 . 2012-06-28 08:19 174080 c:\windows\System32\ie4uinit.exe

- 2006-11-02 12:44 . 2012-07-11 15:09 394880 c:\windows\System32\FNTCACHE.DAT

+ 2006-11-02 12:44 . 2012-08-15 15:17 394880 c:\windows\System32\FNTCACHE.DAT

- 2010-08-19 07:10 . 2012-08-15 07:58 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-08-19 07:10 . 2012-08-15 15:18 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-06-18 01:35 . 2012-08-15 15:18 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-18 01:35 . 2012-08-15 07:58 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-10-23 12:29 . 2012-08-15 12:51 393240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-10-23 12:29 . 2012-08-15 07:56 393240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-18 13:46 . 2012-07-18 13:46 593408 c:\windows\Installer\5eb59d.msp

+ 2009-08-26 22:30 . 2012-08-15 12:50 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

- 2009-08-26 22:30 . 2012-07-11 11:08 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-06-23 08:54 . 2011-06-23 08:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSCONV97.DLL

+ 2012-08-15 12:47 . 2012-07-04 13:34 2055680 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22889_none_bb161ea3b10365cb\win32k.sys

+ 2012-08-15 12:47 . 2012-07-04 14:02 2047488 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18661_none_ba9a1d7a97dcc640\win32k.sys

+ 2012-08-15 06:35 . 2012-06-28 12:54 2001408 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23385_none_2ac4cab6bbab93d5\iertutil.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 2000384 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.19298_none_2a335edda2935c01\iertutil.dll

+ 2012-08-15 06:35 . 2012-06-28 12:56 6010368 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23385_none_f66432f95150deae\mshtml.dll

+ 2012-08-15 06:35 . 2012-06-28 11:32 6008320 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19298_none_f5d2c7203838a6da\mshtml.dll

+ 2012-08-15 06:35 . 2012-06-28 13:01 1214464 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.23385_none_9804383905f14ee5\urlmon.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 1212416 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.19298_none_9772cc5fecd91711\urlmon.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 1212416 c:\windows\System32\urlmon.dll

+ 2012-08-15 06:35 . 2012-06-28 11:37 1212416 c:\windows\System32\urlmon.dll

+ 2006-11-02 10:22 . 2012-08-15 15:15 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2006-11-02 10:22 . 2012-08-15 07:56 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2012-08-15 06:35 . 2012-06-28 11:32 6008320 c:\windows\System32\mshtml.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 2000384 c:\windows\System32\iertutil.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 2000384 c:\windows\System32\iertutil.dll

+ 2012-06-26 16:03 . 2012-06-26 16:03 3875840 c:\windows\Installer\5eb5dd.msp

+ 2012-07-18 13:53 . 2012-07-18 13:53 5009920 c:\windows\Installer\5eb551.msp

- 2009-08-26 22:30 . 2012-07-11 11:08 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-08-26 22:30 . 2012-08-15 12:50 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-07-09 17:58 . 2012-07-11 11:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-07-09 17:58 . 2012-08-15 12:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-08-15 06:35 . 2012-06-28 12:54 11112960 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23385_none_47c38cfcdd466cdb\ieframe.dll

+ 2012-08-15 06:35 . 2012-06-28 11:31 11111424 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.19298_none_47322123c42e3507\ieframe.dll

+ 2006-11-02 10:24 . 2012-08-15 12:48 59884088 c:\windows\System32\mrt.exe

+ 2012-08-15 06:35 . 2012-06-28 11:31 11111424 c:\windows\System32\ieframe.dll

- 2012-06-13 21:30 . 2012-06-13 21:30 11111424 c:\windows\System32\ieframe.dll

+ 2012-07-25 14:59 . 2012-07-25 14:59 11032064 c:\windows\Installer\5eb5c4.msp

+ 2012-07-18 13:53 . 2012-07-18 13:53 10937344 c:\windows\Installer\5eb55a.msp

+ 2010-08-11 17:14 . 2012-08-15 12:47 225996031 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]

"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]

2012-04-17 13:05 651264 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]

2008-12-08 10:25 432432 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\joost\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 07:19]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 10:14]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 10:14]

.

2009-11-28 c:\windows\Tasks\HPCeeScheduleForjoost.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-02 10:34]

.

2012-08-15 c:\windows\Tasks\User_Feed_Synchronization-{49AEB752-B0B0-4B77-A499-E2576A7B59C7}.job

- c:\windows\system32\msfeedssync.exe [2012-08-15 08:18]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\joost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-08-15 18:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2012-08-15 18:15:01

ComboFix-quarantined-files.txt 2012-08-15 16:14

ComboFix2.txt 2012-08-15 08:27

.

Pre-Run: 72.042.926.080 bytes beschikbaar

Post-Run: 71.712.514.048 bytes beschikbaar

.

- - End Of File - - DB5DEF0D6EBC71042F205345EBF8091B

aangepast door Malden
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download AdwCleaner by Xplode naar je Bureaublad.

  • Sluit alle openstaande vensters
  • Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Klik vervolgens op Delete
  • Klik bij AdwCleaner – Information op OK
  • Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad, Dit is normaal

Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier in een volgende bericht.

Link naar reactie
Delen op andere sites
Malden Groentje

Malden

Geplaatst:
  • Auteur
Geplaatst:

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 20:40:32

# Updated 14/08/2012 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : joost - PC_VAN_JOOST

# Boot Mode : Normal

# Running from : C:\Users\joost\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\joost\AppData\Local\Conduit

Folder Deleted : C:\Users\joost\AppData\Local\ToggleDU

Folder Deleted : C:\Users\joost\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\joost\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\joost\AppData\LocalLow\DVDVideoSoftTB

Folder Deleted : C:\Users\joost\AppData\LocalLow\PHPNukeDU

Folder Deleted : C:\Users\joost\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\joost\AppData\LocalLow\SweetIM

Folder Deleted : C:\Users\joost\AppData\LocalLow\ToggleDU

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\ConduitCommon

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\CT2269050

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\CT3196716

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}

Folder Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

Folder Deleted : C:\ProgramData\SweetIM

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\ConduitEngine

Folder Deleted : C:\Program Files\DVDVideoSoftTB

Folder Deleted : C:\Program Files\PHPNukeDU

Folder Deleted : C:\Program Files\SweetIM

Folder Deleted : C:\Program Files\ToggleDU

File Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\searchplugins\Conduit.xml

File Deleted : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKCU\Software\ToggleDU

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook

Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\conduitEngine

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDU Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleDU Toolbar

Key Deleted : HKLM\SOFTWARE\PHPNukeDU

Key Deleted : HKLM\SOFTWARE\SweetIM

Key Deleted : HKLM\SOFTWARE\ToggleDU

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A4A90D8-48E6-4541-9CEF-4AC86E6D9F66}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96A5D3C-3944-4A70-B315-841844EA6D98}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7565AE-61C7-42C7-94F8-0ECB018BA612}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C01DA411-B911-41B8-B8F7-870E8B82B37E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F81A6703-7FC8-43AB-86C2-AAD936E115E4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEC3BFC9-7254-4257-B8D1-C738AE1AFA79}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7C31186-AF84-46C2-B16B-BC055B82C21F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7C31186-AF84-46C2-B16B-BC055B82C21F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CEC3BFC9-7254-4257-B8D1-C738AE1AFA79}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{46735DEE-F862-49D1-876D-6382794DC625}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19298

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (nl)

Profile name : default

File : C:\Users\joost\AppData\Roaming\Mozilla\Firefox\Profiles\3eqxt9b2.default\prefs.js

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);

Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Mon Aug 13 2012 17:53:13 GMT+0200");

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_1000515", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", false);

Deleted : user_pref("CT2269050.CT2269050", "CT2269050");

Deleted : user_pref("CT2269050.CommunitiesChangesLastCheckTime", "0");

Deleted : user_pref("CT2269050.CurrentServerDate", "15-8-2012");

Deleted : user_pref("CT2269050.DSInstall", true);

Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue Aug 14 2012 12:40:53 GMT+0200");

Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");

Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Wed Aug 15 2012 12:28:57 GMT+0200");

Deleted : user_pref("CT2269050.FirstServerDate", "11-8-2012");

Deleted : user_pref("CT2269050.FirstTime", true);

Deleted : user_pref("CT2269050.FirstTimeFF3", true);

Deleted : user_pref("CT2269050.FirstTimeHiddenVer", true);

Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2269050.GroupingInvalidateCache", false);

Deleted : user_pref("CT2269050.GroupingLastCheckTime", "0");

Deleted : user_pref("CT2269050.GroupingLastServerUpdateTime", "0");

Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2269050.HPChangedManually", true);

Deleted : user_pref("CT2269050.HPInstall", true);

Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);

Deleted : user_pref("CT2269050.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=[...]

Deleted : user_pref("CT2269050.Initialize", true);

Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);

Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2269050.InstallationType", "Unknown");

Deleted : user_pref("CT2269050.InstalledDate", "Sat Aug 11 2012 12:35:18 GMT+0200");

Deleted : user_pref("CT2269050.InvalidateCache", false);

Deleted : user_pref("CT2269050.IsAlertDBUpdated", true);

Deleted : user_pref("CT2269050.IsGrouping", false);

Deleted : user_pref("CT2269050.IsInitSetupIni", true);

Deleted : user_pref("CT2269050.IsMulticommunity", false);

Deleted : user_pref("CT2269050.IsOpenThankYouPage", true);

Deleted : user_pref("CT2269050.IsOpenUninstallPage", true);

Deleted : user_pref("CT2269050.IsProtectorsInit", true);

Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 15 2012 17:53:03 GMT+0200");

Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Aug 15 2012 17:21:48 GMT+0200");

Deleted : user_pref("CT2269050.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT2269050.Locale", "en");

Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.14.1.0");

Deleted : user_pref("CT2269050.RadioIsPodcast", false);

Deleted : user_pref("CT2269050.RadioLastCheckTime", "Wed Aug 15 2012 12:30:08 GMT+0200");

Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "0");

Deleted : user_pref("CT2269050.RadioMediaID", "12473383");

Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");

Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");

Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");

Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");

Deleted : user_pref("CT2269050.SavedHomepage", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CT2269050.SearchBoxWidth", 100);

Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");

Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "WiseConvert Customized Web Search");

Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]

Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 15 2012 17:52:56 GMT+0200");

Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2269050.SearchProtectorEnabled", false);

Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Aug 15 2012 17:53:03 GMT+0200");

Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 15 2012 20:07:49 GMT+0200");

Deleted : user_pref("CT2269050.SettingsLastUpdate", "1345033695");

Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");

Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Aug 11 2012 12:35:09 GMT+0200");

Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");

Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2269050.UserID", "UN90360481344129556");

Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2269050.WeatherNetwork", "");

Deleted : user_pref("CT2269050.WeatherPollDate", "Wed Aug 15 2012 12:00:33 GMT+0200");

Deleted : user_pref("CT2269050.WeatherUnit", "C");

Deleted : user_pref("CT2269050.alertChannelId", "666138");

Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D6D7373746E7770");

Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737379797A747D76242F4B4947[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#cf", "247E61393F236B25757674722A212C6E414F444D[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3C3E3E706C6E6C6E7A46767179207C787721257E4E51262A55[...]

Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "393F352F3E");

Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]

Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3D3E3C403D6E44727A714474744B787676794F5024");

Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6D7373746E7678777872");

Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5468752041756720313620323031322031323A[...]

Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6E65746865726C616E6473");

Deleted : user_pref("CT2269050.components.1000034", false);

Deleted : user_pref("CT2269050.components.1000082", false);

Deleted : user_pref("CT2269050.components.1000234", false);

Deleted : user_pref("CT2269050.components.1000515", false);

Deleted : user_pref("CT2269050.components.129023235807856892", false);

Deleted : user_pref("CT2269050.components.129121052374999726", false);

Deleted : user_pref("CT2269050.components.129351672002618989", false);

Deleted : user_pref("CT2269050.components.129351776130744254", false);

Deleted : user_pref("CT2269050.components.129391330693125668", false);

Deleted : user_pref("CT2269050.components.129466585399606892", false);

Deleted : user_pref("CT2269050.components.129681780741097243", false);

Deleted : user_pref("CT2269050.components.129863783591067571", false);

Deleted : user_pref("CT2269050.components.129881140170815901", false);

Deleted : user_pref("CT2269050.components.129881141106886992", false);

Deleted : user_pref("CT2269050.components.3562342111233572", false);

Deleted : user_pref("CT2269050.components.4930556174285671", false);

Deleted : user_pref("CT2269050.components.7527685960312859", false);

Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sat Aug 11 2012 12:35:17 GMT+0200");

Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2269050.initDone", true);

Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);

Deleted : user_pref("CT2269050.myStuffEnabled", true);

Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2269050.navigateToUrlOnSearch", false);

Deleted : user_pref("CT2269050.revertSettingsEnabled", true);

Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2269050.testingCtid", "");

Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Aug 15 2012 17:31:36 GMT+0200");

Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sat Aug 11 2012 12:35:18 GMT+0200");

Deleted : user_pref("CT2269050.usagesFlag", 2);

Deleted : user_pref("CT3196716..clientLogIsEnabled", false);

Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3196716.AppTrackingLastCheckTime", "Tue Aug 14 2012 17:26:05 GMT+0200");

Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);

Deleted : user_pref("CT3196716.CT3196716", "CT3196716");

Deleted : user_pref("CT3196716.CurrentServerDate", "15-8-2012");

Deleted : user_pref("CT3196716.DSChangedManually", true);

Deleted : user_pref("CT3196716.DSInstall", true);

Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Tue Aug 14 2012 12:31:43 GMT+0200");

Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");

Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Wed Aug 15 2012 12:22:58 GMT+0200");

Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Mon Aug 13 2012 13:32:24 GMT+020[...]

Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Mon Aug 13 2012 13:32:24 GMT+020[...]

Deleted : user_pref("CT3196716.FirstServerDate", "11-8-2012");

Deleted : user_pref("CT3196716.FirstTime", true);

Deleted : user_pref("CT3196716.FirstTimeFF3", true);

Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);

Deleted : user_pref("CT3196716.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3196716.HPInstall", true);

Deleted : user_pref("CT3196716.HPProtectChoice", true);

Deleted : user_pref("CT3196716.HPProtectCount", 1);

Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);

Deleted : user_pref("CT3196716.HomePageProtectorEnabled", true);

Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=[...]

Deleted : user_pref("CT3196716.Initialize", true);

Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);

Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3196716.InstallationType", "Unknown");

Deleted : user_pref("CT3196716.InstalledDate", "Sat Aug 11 2012 12:36:13 GMT+0200");

Deleted : user_pref("CT3196716.InvalidateCache", false);

Deleted : user_pref("CT3196716.IsAlertDBUpdated", true);

Deleted : user_pref("CT3196716.IsGrouping", false);

Deleted : user_pref("CT3196716.IsInitSetupIni", true);

Deleted : user_pref("CT3196716.IsMulticommunity", false);

Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);

Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);

Deleted : user_pref("CT3196716.IsProtectorsInit", true);

Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Wed Aug 15 2012 17:31:37 GMT+0200");

Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3196716.LastLogin_3.14.1.0", "Wed Aug 15 2012 17:21:48 GMT+0200");

Deleted : user_pref("CT3196716.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT3196716.Locale", "en");

Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3196716.MCDetectTooltipShow", false);

Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.14.1.0");

Deleted : user_pref("CT3196716.RadioIsPodcast", false);

Deleted : user_pref("CT3196716.RadioLastCheckTime", "Tue Aug 14 2012 17:53:36 GMT+0200");

Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");

Deleted : user_pref("CT3196716.RadioMediaID", "9962");

Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");

Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");

Deleted : user_pref("CT3196716.RadioShrinked", "shrinked");

Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", true);

Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");

Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT3196716.SHRINK_TOOLBAR", 0);

Deleted : user_pref("CT3196716.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");

Deleted : user_pref("CT3196716.SearchBoxWidth", 100);

Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");

Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "WiseConvert Customized Web Search");

Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]

Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Wed Aug 15 2012 17:31:36 GMT+0200");

Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3196716.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT3196716.SearchProtectorEnabled", false);

Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Wed Aug 15 2012 17:53:03 GMT+0200");

Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Wed Aug 15 2012 20:07:49 GMT+0200");

Deleted : user_pref("CT3196716.SettingsLastUpdate", "1345033693");

Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");

Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Sat Aug 11 2012 12:35:16 GMT+0200");

Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", true);

Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");

Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3196716.UserID", "UN72660992083095793");

Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3196716.WeatherNetwork", "");

Deleted : user_pref("CT3196716.WeatherPollDate", "Wed Aug 15 2012 12:00:32 GMT+0200");

Deleted : user_pref("CT3196716.WeatherUnit", "C");

Deleted : user_pref("CT3196716.alertChannelId", "1613210");

Deleted : user_pref("CT3196716.approveUntrustedApps", false);

Deleted : user_pref("CT3196716.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el8:", "6E6D6D6D7373746E776F");

Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737379797A747D75242F4B4947[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#cf", "247E61393F236B25757674722A212C6E414F444D[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT3196716.backendstorage./9b-0?3g>d", "3D6A3E6F404071727A4347744520474C79792521207E7C2A54[...]

Deleted : user_pref("CT3196716.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT3196716.backendstorage./9b-0?3gfa7ef", "393F352F3E");

Deleted : user_pref("CT3196716.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref("CT3196716.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT3196716.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]

Deleted : user_pref("CT3196716.backendstorage./9b5ba==9cjag", "6F696C406A6D43767A737545464A7A48777D7E7B23");

Deleted : user_pref("CT3196716.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6D7373746E7678747473");

Deleted : user_pref("CT3196716.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT3196716.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT3196716.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT3196716.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT3196716.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544");

Deleted : user_pref("CT3196716.backendstorage.facebook_mode", "32");

Deleted : user_pref("CT3196716.backendstorage.facebook_user_locale", "656E");

Deleted : user_pref("CT3196716.backendstorage.fired_events", "");

Deleted : user_pref("CT3196716.backendstorage.key_date", "3135");

Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "5468752041756720313620323031322031323A[...]

Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "6E65746865726C616E6473");

Deleted : user_pref("CT3196716.components.1000034", false);

Deleted : user_pref("CT3196716.components.1000082", false);

Deleted : user_pref("CT3196716.components.1000234", false);

Deleted : user_pref("CT3196716.components.129755756828511878", false);

Deleted : user_pref("CT3196716.components.129755756829761921", false);

Deleted : user_pref("CT3196716.components.129755756831793241", false);

Deleted : user_pref("CT3196716.components.129757581393447276", false);

Deleted : user_pref("CT3196716.components.129774122767598898", false);

Deleted : user_pref("CT3196716.components.129823208536028032", false);

Deleted : user_pref("CT3196716.components.129847328042486445", false);

Deleted : user_pref("CT3196716.components.129876925696479818", false);

Deleted : user_pref("CT3196716.components.3562342111233572", false);

Deleted : user_pref("CT3196716.components.4930556174285671", false);

Deleted : user_pref("CT3196716.components.7527685960312859", false);

Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Sat Aug 11 2012 12:35:21 GMT+0200");

Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3196716.initDone", true);

Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);

Deleted : user_pref("CT3196716.myStuffEnabled", true);

Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3196716.revertSettingsEnabled", true);

Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3196716.testingCtid", "");

Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Wed Aug 15 2012 17:53:05 GMT+0200");

Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Sat Aug 11 2012 12:35:21 GMT+0200");

Deleted : user_pref("CT3196716.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search,WiseConvert Cu[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/NL", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/NL", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c74[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\joost\\AppData\\Roaming\\Mozilla\\F[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT3196716");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT3196716");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050,CT3196716");

Deleted : user_pref("CommunityToolbar.globalUserId", "ec2da59f-d0a2-417f-be7d-a5e56560545d");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3196716");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Aug 11 2012 12:35:2[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 15 2012 12:30:05 GMT+020[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 15 2012 20:07:50 GMT+0200");

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "c655b378-c552-4689-abab-f38077813f0e");

Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Deleted : user_pref("CommunityToolbar.permanenceEngine", false);

Deleted : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=[...]

*************************

AdwCleaner[s1].txt - [301 octets] - [15/08/2012 20:39:32]

AdwCleaner[s2].txt - [44695 octets] - [15/08/2012 20:40:32]

########## EOF - C:\AdwCleaner[s2].txt - [44824 octets] ##########

Link naar reactie
Delen op andere sites
Malden Groentje

Malden

Geplaatst:
  • Auteur
Geplaatst:
Hoe staat het nu met de PC ? Nog merkbare problemen ?

Ik heb even gewacht met reageren, maar de pc draait zo als ik hem afgelopen 2 jaar niet meer heb meegemaakt.

Echt een stuk sneller en geen pop ups en politie virus meerxD

Voel me bijna schuldig voor de gratis hulp die ik hier heb gekregen, ik weet niet wie je bent maar super bedankt Kape voor de hulp! alles was echt duidelijk zelfs voor een leek

Groeten joost

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Vergeet de gebruikte tools en de resten van de besmetting niet op te ruimen :

Verwijder AdwCleaner manueel.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Vista : via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.