IABK
Lid-
Items
16 -
Registratiedatum
-
Laatst bezocht
IABK's prestaties
-
Dit is allemaal prima verlopen. Behalve dat ik bij het opnieuw opstarten van de computer dit bericht blijf krijgen: PCSUNotifier.exe Het programma kan niet worden gestart omdat sqlite3.dll ontbreekt op uw computer. U kunt dit probleem mogelijk oplossen door het programma opnieuw te installeren. Ik ken dit programma niet.
-
ComboFix 12-07-27.03 - V.O.F. Boersma 29-07-2012 12:48:20.13.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1824 [GMT 2:00] Gestart vanuit: c:\users\V.O.F. Boersma\Desktop\ComboFix.exe AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))) . . 2012-07-29 10:53 . 2012-07-29 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-29 08:03 . 2012-07-29 08:12 -------- d-----w- c:\program files\PC Speed Up 2012-07-27 16:32 . 2012-07-27 16:55 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Roaming\HPAppData 2012-07-24 20:26 . 2012-07-29 10:53 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Local\temp 2012-07-23 19:06 . 2012-07-23 19:06 388096 ----a-r- c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-23 19:06 . 2012-07-23 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-14 12:23 . 2012-07-27 06:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 12:23 . 2012-07-27 06:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 21:55 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 11:46 . 2012-05-15 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-21 06:46 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 06:46 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 06:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 06:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 06:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 06:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 06:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 06:46 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 06:46 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-01 04:44 . 2012-06-13 21:32 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-07-18 13:05 . 2011-05-08 19:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-10 15:25 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392] "PCSpeedUp"="c:\program files\PC Speed Up\PCSUNotifier.exe" [2012-05-09 188640] "SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-04-16 67960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] . c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-10-5 66864] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x] R2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTENG32\2PART\uxddrv86.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x] S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 06:27] . 2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . 2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . 2012-07-29 c:\windows\Tasks\PC SpeedUp Service Deactivator.job - c:\program files\PC Speed Up\PCSUSD.exe [2012-07-29 12:56] . 2012-07-29 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-07-29 12:27] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Wajam - c:\program files\Wajam\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4892) c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-07-29 12:54:45 ComboFix-quarantined-files.txt 2012-07-29 10:54 ComboFix2.txt 2012-07-27 18:17 ComboFix3.txt 2012-07-27 16:23 ComboFix4.txt 2012-07-27 15:54 ComboFix5.txt 2012-07-29 10:47 . Pre-Run: 65.198.911.488 bytes beschikbaar Post-Run: 65.171.791.872 bytes beschikbaar . - - End Of File - - 2F96E12D080C642ACB1163AFB2DE8078 Hierbij combofix. De lijnen lijken nu weg.
-
# AdwCleaner v1.606 - Logfile created 07/29/2012 at 10:30:34 # Updated 10/05/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : V.O.F. Boersma - VOFBOERSMA-PC # Running from : C:\Users\V.O.F. Boersma\Documents\Documenten van Irma\UPC\AdwCleaner(1).exe # Option [Delete] ***** [services] ***** Stopped & Deleted : WajamUpdater ***** [Files / Folders] ***** Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Local\Babylon Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0 Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Local\OpenCandy Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Local\Wajam Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Roaming\Babylon Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\Conduit Folder Deleted : C:\Users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\ConduitCommon Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Program Files\BabylonToolbar Folder Deleted : C:\Program Files\Wajam File Deleted : C:\Users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\searchplugins\Conduit.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Wajam Key Deleted : HKCU\Software\AppDataLow\Software\I Want This Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Wajam Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (nl) Profile name : default File : C:\Users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\prefs.js C:\Users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\user.js ... Deleted ! Deleted : user_pref("CT2438727..clientLogIsEnabled", false); Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2438727.CTID", "CT2438727"); Deleted : user_pref("CT2438727.CurrentServerDate", "29-7-2012"); Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Sun Jul 29 2012 08:47:25 GMT+0200"); Deleted : user_pref("CT2438727.DownloadReferralCookieData", ""); Deleted : user_pref("CT2438727.FirstServerDate", "18-7-2010"); Deleted : user_pref("CT2438727.FirstTime", true); Deleted : user_pref("CT2438727.FirstTimeFF3", true); Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true); Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true); Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2438727.HasUserGlobalKeys", true); Deleted : user_pref("CT2438727.Initialize", true); Deleted : user_pref("CT2438727.InitializeCommonPrefs", true); Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2438727.InstalledDate", "Sun Jul 18 2010 18:42:39 GMT+0200"); Deleted : user_pref("CT2438727.IsAlertDBUpdated", true); Deleted : user_pref("CT2438727.IsGrouping", false); Deleted : user_pref("CT2438727.IsMulticommunity", false); Deleted : user_pref("CT2438727.IsOpenThankYouPage", true); Deleted : user_pref("CT2438727.IsOpenUninstallPage", true); Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Sun Jul 29 2012 08:47:25 GMT+0200"); Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Wed Dec 15 2010 14:11:06 GMT+0100"); Deleted : user_pref("CT2438727.LastLogin_3.12.0.7", "Tue May 08 2012 21:08:41 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.12.2.3", "Wed May 30 2012 18:54:13 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 29 2012 08:47:25 GMT+0200"); Deleted : user_pref("CT2438727.LastLogin_3.2.5.2", "Sat Dec 25 2010 17:39:23 GMT+0100"); Deleted : user_pref("CT2438727.LastLogin_3.5.0.12", "Thu Jul 07 2011 22:16:29 GMT+0200"); Deleted : user_pref("CT2438727.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2438727.Locale", "en"); Deleted : user_pref("CT2438727.LoginCache", 4); Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true); Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 08:47:23 GMT+0200"); Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Sun Jul 29 2012 08:47:25 GMT+0200"); Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Sun Jul 29 2012 08:47:22 GMT+0200"); Deleted : user_pref("CT2438727.SettingsLastUpdate", "1342352416"); Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Thu Jul 07 2011 14:16:28 GMT+0200"); Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974"); Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727"); Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2438727.UserID", "UN07070232859589654"); Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2); Deleted : user_pref("CT2438727.alertChannelId", "832836"); Deleted : user_pref("CT2438727.clientLogIsEnabled", false); Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Thu Jul 07 2011 22:16:30 GMT+0200"); Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2438727.initDone", true); Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true); Deleted : user_pref("CT2438727.myStuffEnabled", true); Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129[...] Deleted : user_pref("CT2438727.revertSettingsEnabled", true); Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2438727.testingCtid", ""); Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 08:47:25 GMT+0200"); Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Thu Jul 07 2011 14:16:30 GMT+0200"); Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2438727.usagesFlag", 2); Deleted : user_pref("CT2642697..clientLogIsEnabled", false); Deleted : user_pref("CT2642697..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2642697..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2642697.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2642697.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2642697.AppTrackingLastCheckTime", "Sat Aug 13 2011 11:49:18 GMT+0200"); Deleted : user_pref("CT2642697.BrowserCompStateIsOpen_129462009711387782", true); Deleted : user_pref("CT2642697.CTID", "CT2642697"); Deleted : user_pref("CT2642697.CurrentServerDate", "29-7-2012"); Deleted : user_pref("CT2642697.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2642697.DialogsGetterLastCheckTime", "Sun Jul 29 2012 08:47:23 GMT+0200"); Deleted : user_pref("CT2642697.DownloadReferralCookieData", ""); Deleted : user_pref("CT2642697.EMailNotifierPollDate", "Fri Mar 23 2012 14:36:44 GMT+0100"); Deleted : user_pref("CT2642697.ExternalComponentPollDate129295731513887789", "Thu Mar 22 2012 09:31:52 GMT+010[...] Deleted : user_pref("CT2642697.ExternalComponentPollDate129295732164200193", "Thu Mar 22 2012 09:31:52 GMT+010[...] Deleted : user_pref("CT2642697.FirstServerDate", "15-12-2010"); Deleted : user_pref("CT2642697.FirstTime", true); Deleted : user_pref("CT2642697.FirstTimeFF3", true); Deleted : user_pref("CT2642697.FixPageNotFoundErrors", true); Deleted : user_pref("CT2642697.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2642697.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2642697.HasUserGlobalKeys", true); Deleted : user_pref("CT2642697.HomePageProtectorEnabled", false); Deleted : user_pref("CT2642697.Initialize", true); Deleted : user_pref("CT2642697.InitializeCommonPrefs", true); Deleted : user_pref("CT2642697.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2642697.InstalledDate", "Wed Dec 15 2010 16:59:25 GMT+0100"); Deleted : user_pref("CT2642697.InvalidateCache", false); Deleted : user_pref("CT2642697.IsAlertDBUpdated", true); Deleted : user_pref("CT2642697.IsGrouping", false); Deleted : user_pref("CT2642697.IsMulticommunity", false); Deleted : user_pref("CT2642697.IsOpenThankYouPage", true); Deleted : user_pref("CT2642697.IsOpenUninstallPage", true); Deleted : user_pref("CT2642697.LanguagePackLastCheckTime", "Sun Jul 29 2012 08:47:23 GMT+0200"); Deleted : user_pref("CT2642697.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2642697.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2642697.LastLogin_3.10.0.1", "Fri Mar 23 2012 12:11:42 GMT+0100"); Deleted : user_pref("CT2642697.LastLogin_3.12.0.7", "Tue May 08 2012 21:08:40 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.12.2.3", "Wed May 30 2012 18:54:12 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.13.0.6", "Sun Jul 29 2012 08:47:23 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.2.5.2", "Sun May 08 2011 19:12:29 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.3.3.2", "Mon May 23 2011 23:27:07 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.3.5.1", "Fri Jun 24 2011 23:01:32 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.5.0.12", "Mon Aug 15 2011 21:28:20 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.6.0.10", "Wed Sep 28 2011 21:19:00 GMT+0200"); Deleted : user_pref("CT2642697.LastLogin_3.7.0.6", "Tue Nov 08 2011 08:57:28 GMT+0100"); Deleted : user_pref("CT2642697.LastLogin_3.8.0.8", "Wed Nov 09 2011 13:27:10 GMT+0100"); Deleted : user_pref("CT2642697.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2642697.Locale", "en"); Deleted : user_pref("CT2642697.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2642697.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2642697.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2642697.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2642697.RadioIsPodcast", false); Deleted : user_pref("CT2642697.RadioLastCheckTime", "Fri Mar 23 2012 09:32:23 GMT+0100"); Deleted : user_pref("CT2642697.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2642697.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2642697.RadioMediaID", "8723"); Deleted : user_pref("CT2642697.RadioMediaType", "Media Player"); Deleted : user_pref("CT2642697.RadioMenuSelectedID", "EBRadioMenu_CT2642697_RECENT8723"); Deleted : user_pref("CT2642697.RadioShrinkedFromSetup", false); Deleted : user_pref("CT2642697.RadioStationName", "Radio%202"); Deleted : user_pref("CT2642697.RadioStationURL", "hxxp://www.omroep.nl/live/radio2-breed.asx"); Deleted : user_pref("CT2642697.RadioVolume", "46"); Deleted : user_pref("CT2642697.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2642697.SavedHomepage", "hxxp://www.nu.nl/"); Deleted : user_pref("CT2642697.SearchBoxWidth", 253); Deleted : user_pref("CT2642697.SearchEngineBeforeUnload", "Google"); Deleted : user_pref("CT2642697.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2642697.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...] Deleted : user_pref("CT2642697.SearchInNewTabEnabled", true); Deleted : user_pref("CT2642697.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2642697.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 08:47:22 GMT+0200"); Deleted : user_pref("CT2642697.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2642697.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2642697.SearchProtectorEnabled", false); Deleted : user_pref("CT2642697.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2642697.ServiceMapLastCheckTime", "Sun Jul 29 2012 08:47:22 GMT+0200"); Deleted : user_pref("CT2642697.SettingsLastCheckTime", "Sun Jul 29 2012 08:47:22 GMT+0200"); Deleted : user_pref("CT2642697.SettingsLastUpdate", "1340631113"); Deleted : user_pref("CT2642697.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2642697.ThirdPartyComponentsLastCheck", "Thu Mar 22 2012 09:31:51 GMT+0100"); Deleted : user_pref("CT2642697.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT2642697.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2642697"); Deleted : user_pref("CT2642697.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2642697.UserID", "UN39043507035021640"); Deleted : user_pref("CT2642697.ValidationData_Search", 2); Deleted : user_pref("CT2642697.ValidationData_Toolbar", 2); Deleted : user_pref("CT2642697.WeatherNetwork", ""); Deleted : user_pref("CT2642697.WeatherPollDate", "Fri Mar 23 2012 14:11:45 GMT+0100"); Deleted : user_pref("CT2642697.WeatherUnit", "C"); Deleted : user_pref("CT2642697.alertChannelId", "1035384"); Deleted : user_pref("CT2642697.backendstorage.cb_firstuse0100", "31"); Deleted : user_pref("CT2642697.backendstorage.cb_user_id_000", "43423736313334323836333435375F46697265666F78")[...] Deleted : user_pref("CT2642697.backendstorage.cbfirsttime", "4D6F6E204F637420313720323031312031383A33373A32392[...] Deleted : user_pref("CT2642697.backendstorage.smsp_alertcounter", "31"); Deleted : user_pref("CT2642697.backendstorage.smsp_lastalertshowdt", "342D302D313131"); Deleted : user_pref("CT2642697.backendstorage.smsp_lastalertshowts", "31333036363532343733343836"); Deleted : user_pref("CT2642697.backendstorage.smsp_settcounter", "33"); Deleted : user_pref("CT2642697.backendstorage.smspcntryinfo", "3134395F3331"); Deleted : user_pref("CT2642697.backendstorage.smspcntryshort", "4E4C"); Deleted : user_pref("CT2642697.backendstorage.smspcntryts", "31333032323436303435343734"); Deleted : user_pref("CT2642697.backendstorage.smspctid", "435432363432363937"); Deleted : user_pref("CT2642697.backendstorage.smsplng", "656E"); Deleted : user_pref("CT2642697.backendstorage.smspnotalrtts", "31333032383439303736303830"); Deleted : user_pref("CT2642697.backendstorage.smspunuid", "736D737031333031373538373336363738"); Deleted : user_pref("CT2642697.backendstorage.smspunvwdalrt", "5B7B226F6964223A2230303330222C227669657773223A2[...] Deleted : user_pref("CT2642697.backendstorage.smspunvwdalrts", "5B7B226F6964223A2230303330222C227669657773223A[...] Deleted : user_pref("CT2642697.backendstorage.url_history", "687474703A2F2F7777772E6E757A616B656C696A6B2E6E6C2[...] Deleted : user_pref("CT2642697.backendstorage.url_history0001", "687474703A2F2F7777772E6E757A616B656C696A6B2E6[...] Deleted : user_pref("CT2642697.backendstorage.url_history_time", "31333230373838323535333130"); Deleted : user_pref("CT2642697.components.1000034", true); Deleted : user_pref("CT2642697.components.129295729489044176", false); Deleted : user_pref("CT2642697.components.129295731100919549", false); Deleted : user_pref("CT2642697.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2642697.globalFirstTimeInfoLastCheckTime", "Thu Mar 22 2012 09:31:55 GMT+0100"); Deleted : user_pref("CT2642697.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2642697.initDone", true); Deleted : user_pref("CT2642697.isAppTrackingManagerOn", true); Deleted : user_pref("CT2642697.isFirstRadioInstallation", false); Deleted : user_pref("CT2642697.myStuffEnabled", true); Deleted : user_pref("CT2642697.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2642697.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2642697.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2642697.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2642697.oldAppsList", "129193293806815165,129193293807908941,111,129462009711387782,129[...] Deleted : user_pref("CT2642697.revertSettingsEnabled", true); Deleted : user_pref("CT2642697.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2642697.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2642697.testingCtid", ""); Deleted : user_pref("CT2642697.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 08:47:23 GMT+0200"); Deleted : user_pref("CT2642697.toolbarContextMenuLastCheckTime", "Thu Mar 22 2012 09:31:55 GMT+0100"); Deleted : user_pref("CT2642697.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2642697/CT2642697[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1035384/1031095/NL", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/NL", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2642697", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2642697",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63440294476430[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2642697&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2642697/CT2642697[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...] Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{343db173-0e5a-4f2a-b7bb-71a49085d70e}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "online_radio_1.1"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\V.O.F. Boersma\\AppData\\Roaming\\M[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1"); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://oryte.com/mochigadget", "648x167"); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://oryte.com/mochigadget", "640x647"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2642697"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{343db173-0e5a-4f2a-b7bb-71a49085d70e}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "online_radio_1.1"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://nl.yhs.search.yahoo.com/avg/searc[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2642697"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2642697"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 21:47:05 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 15:01:39 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:14:58 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "{a3153547-dd1a-46d5-8c7b-c686918b11f2}"); Deleted : user_pref("CommunityToolbar.globalUserId", "8456e414-76a4-46a8-a621-b5a3c446f1a7"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2642697"); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 22 2012 09:31:5[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Mar 23 2012 09:32:00 GMT+010[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Mar 23 2012 09:31:53 GMT+0100"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "5460226d-780e-4917-8629-4a1ec96d4693"); Deleted : user_pref("CommunityToolbar.undefined", ""); Deleted : user_pref("browser.search.defaultthis.engineName", "Online Radio 1.1 Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&Sea[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110000"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 18); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false); Deleted : user_pref("extensions.BabylonToolbar.hmpg", false); Deleted : user_pref("extensions.BabylonToolbar.id", "c21550820000000000000015af5d4279"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15415"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 18); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:49:25"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 70647322); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:49:25"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c21550820000000000000015af5d4279"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "c21550820000000000000015af5d4279"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15415"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:49:25"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true); Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1331898607); Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...] Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false); Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false); Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false); Deleted : user_pref("extensions.crossriderapp2258.2258.active", true); Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0"); Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...] Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10); Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1331898607"); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1331898607"); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1342301260"); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22"); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22"); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22"); Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2224576%22"); Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!"); Deleted : user_pref("extensions.crossriderapp2258.2258.domain", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false); Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0); Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false); Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...] Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This"); Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function({b.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "(function(a){a.later=function[...] Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){function t(b,d){[...] Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE"); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...] Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...] Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16"); Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15"); Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4); Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true); Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps"); Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false); Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", ""); Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 61); Deleted : user_pref("extensions.crossriderapp2258.apps", "2258"); Deleted : user_pref("extensions.crossriderapp2258.bic", "1361b5d2bc8eab40957eb7d7969accb7"); Deleted : user_pref("extensions.crossriderapp2258.cid", 2258); Deleted : user_pref("extensions.crossriderapp2258.firstrun", false); Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1331898953); Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22385206); Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22385376); Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1343117321104"); Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1343117321088"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&q="); -\\ Google Chrome v20.0.1132.57 File : C:\Users\V.O.F. Boersma\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [43884 octets] - [29/07/2012 10:26:41] AdwCleaner[s1].txt - [44976 octets] - [29/07/2012 10:30:34] ########## EOF - C:\AdwCleaner[s1].txt - [45105 octets] ########## Wat mij wel verbaasde is dat met dit programma ook babylon toolbar adviseerde, terwijl we dit er juist uit willen hebben. Bij het herstarten bleken er ook Zynga spelletjes en radio gedowndload. heel vreemd.
-
Dit heb ik een paar keer gedaan en ook wat verwijderd. Combofix blijft toch de lijnen aangeven.
-
Bij de extensies vond ik Dealply en heb hem verwijderd. Ook na opnieuw opstarten geeft combofix toch het gebruikelijke rijtje aan. Babylon niet gevonden.
-
Helaas, wat ik ook doe of hoe vaak, de lijntjes blijven staan .
-
uitgevoerd in veilige modus. ComboFix 12-07-26.04 - V.O.F. Boersma 26-07-2012 21:23:09.5.4 - x86 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2244 [GMT 2:00] Gestart vanuit: c:\users\V.O.F. Boersma\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\V.O.F. Boersma\Desktop\CFScript.txt AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))) . . 2012-07-26 19:28 . 2012-07-26 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-24 20:26 . 2012-07-26 19:28 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Local\temp 2012-07-23 19:06 . 2012-07-23 19:06 388096 ----a-r- c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-23 19:06 . 2012-07-23 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-14 12:23 . 2012-07-23 18:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 12:23 . 2012-07-23 18:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 21:55 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 11:46 . 2012-05-15 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-21 06:46 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 06:46 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 06:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 06:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 06:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 06:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 06:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 06:46 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 06:46 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-01 04:44 . 2012-06-13 21:32 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17 . 2012-06-13 21:33 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-18 13:05 . 2011-05-08 19:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-10 15:25 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] . c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-10-5 66864] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTENG32\2PART\uxddrv86.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:30] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.hardId - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15415 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:49 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst user_pref('extensions.dealply.partner', 'iron'); user_pref('extensions.dealply.channel', 'iron3'); user_pref('extensions.dealply.installId', 'v23600296910981332684742012031612500825'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '5'); . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1524) c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-07-26 21:30:01 ComboFix-quarantined-files.txt 2012-07-26 19:30 ComboFix2.txt 2012-07-26 06:25 ComboFix3.txt 2012-07-25 16:13 ComboFix4.txt 2012-07-24 20:26 . Pre-Run: 65.283.829.760 bytes beschikbaar Post-Run: 65.175.752.704 bytes beschikbaar . - - End Of File - - 720ECB644A3B1A4F21DA881E3549A897
-
Hoe doe ik dit in veilige modus en doe ik alles in veilige modus of een gedeelte?
-
ComboFix 12-07-25.04 - V.O.F. Boersma 25-07-2012 18:05:59.3.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1465 [GMT 2:00] Gestart vanuit: c:\users\V.O.F. Boersma\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\V.O.F. Boersma\Desktop\CFScript.txt AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))) . . 2012-07-25 16:11 . 2012-07-25 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-24 20:26 . 2012-07-25 16:11 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Local\temp 2012-07-23 19:06 . 2012-07-23 19:06 388096 ----a-r- c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-23 19:06 . 2012-07-23 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-14 12:23 . 2012-07-23 18:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 12:23 . 2012-07-23 18:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 21:55 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-06-26 08:27 . 2012-06-26 08:27 -------- d-----w- c:\program files\Common Files\Adobe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 11:46 . 2012-05-15 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-21 06:46 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 06:46 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 06:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 06:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 06:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 06:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 06:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 06:46 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 06:46 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-01 04:44 . 2012-06-13 21:32 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17 . 2012-06-13 21:33 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-18 13:05 . 2011-05-08 19:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-10 15:25 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] . c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-10-5 66864] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTENG32\2PART\uxddrv86.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - HITMANPRO36 *Deregistered* - hitmanpro36 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:30] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.hardId - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15415 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:49 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst user_pref('extensions.dealply.partner', 'iron'); user_pref('extensions.dealply.channel', 'iron3'); user_pref('extensions.dealply.installId', 'v23600296910981332684742012031612500825'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '5'); . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5996) c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Voltooingstijd: 2012-07-25 18:13:18 ComboFix-quarantined-files.txt 2012-07-25 16:13 ComboFix2.txt 2012-07-24 20:26 . Pre-Run: 65.785.028.608 bytes beschikbaar Post-Run: 65.749.225.472 bytes beschikbaar . - - End Of File - - C1099C32C9414F967714BDCEDFDEF5F5 dank voor het vervolg en het afmaken. dit is de inhoud van de combofix.txt. Ik zal nu combofix verwijderen en ccleaner downloaden.
-
Laatste adviezen hoef ik niet meer op te volgen. Ik zit nu een tijdje te internetten en kom geen text enhance meer tegen. Zelfs nu shockwave flash ingeschakeld is. ik ben hier onwijs blij mee. Heel erg bedankt!
-
Hierbij het logbestand van combofix ComboFix 12-07-25.04 - V.O.F. Boersma 24-07-2012 22:17:13.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1847 [GMT 2:00] Gestart vanuit: c:\users\V.O.F. Boersma\Desktop\ComboFix.exe AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPly.xpi c:\program files\DealPly\icon.ico c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\install.rdf c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\extensions\crossriderapp2258@crossrider.com\skin\update.css c:\windows\system32\system . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))) . . 2012-07-24 20:23 . 2012-07-24 20:23 -------- d-----w- c:\users\V.O.F. Boersma\AppData\Local\temp 2012-07-24 20:23 . 2012-07-24 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-23 19:06 . 2012-07-23 19:06 388096 ----a-r- c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-23 19:06 . 2012-07-23 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-14 12:23 . 2012-07-23 18:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 12:23 . 2012-07-23 18:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 21:55 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-06-26 08:27 . 2012-06-26 08:27 -------- d-----w- c:\program files\Common Files\Adobe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 11:46 . 2012-05-15 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-21 06:46 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 06:46 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 06:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 06:46 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 06:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 06:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 06:46 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 06:46 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 06:46 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-01 04:44 . 2012-06-13 21:32 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17 . 2012-06-13 21:33 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 04:45 . 2012-06-13 21:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45 . 2012-06-13 21:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-13 21:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-07-18 13:05 . 2011-05-08 19:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-10 15:25 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-13 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\V.O.F. Boersma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-10-5 66864] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTENG32\2PART\uxddrv86.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:30] . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 18:43] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\V.O.F. Boersma\AppData\Roaming\Mozilla\Firefox\Profiles\f7h6mknh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.hardId - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15415 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:49 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst user_pref('extensions.dealply.partner', 'iron'); user_pref('extensions.dealply.channel', 'iron3'); user_pref('extensions.dealply.installId', 'v23600296910981332684742012031612500825'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '5'); . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-FoxTab PDF Creator - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-07-24 22:26:19 ComboFix-quarantined-files.txt 2012-07-24 20:26 . Pre-Run: 66.873.098.240 bytes beschikbaar Post-Run: 66.543.067.136 bytes beschikbaar . - - End Of File - - A4FBDA02064E8236898481C2657DDD33
-
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by V.O.F. Boersma at 13:44:58 on 2012-07-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1289 [GMT 2:00] . AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: H - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\vof~1.boe\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\v.o.f. boersma\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 TCP: Interfaces\{791C45EC-818A-4D06-B209-BD58F1B308FD} : DhcpNameServer = 62.179.104.196 213.46.228.196 TCP: Interfaces\{A5A92387-2E44-462F-8C08-88C4EA7494B9} : DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642697&q= FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\components\RadioWMPCore.dll FF - component: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - component: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\engine@conduit.com\components\RadioWMPCore.dll FF - component: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\plugins\np-mswmp.dll FF - plugin: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll FF - plugin: c:\users\v.o.f. boersma\appdata\roaming\mozilla\firefox\profiles\f7h6mknh.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.hardId - c21550820000000000000015af5d4279 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15415 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:49:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . user_pref('extensions.dealply.partner', 'iron'); . user_pref('extensions.dealply.channel', 'iron3'); . user_pref('extensions.dealply.installId', 'v23600296910981332684742012031612500825'); . user_pref('extensions.dealply.installIdSource', 'inst'); . user_pref('extensions.dealply.sampleGroup', '5'); . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-3-18 105832] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-24 655944] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-15 22344] R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-14 250056] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-10 167264] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 113120] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-16 36384] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224] S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-15 1343400] . =============== Created Last 30 ================ . 2012-07-23 19:06:21 388096 ----a-r- c:\users\v.o.f. boersma\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-07-23 19:06:21 -------- d-----w- c:\program files\Trend Micro 2012-07-14 12:23:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 12:23:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 21:55:49 2345984 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 13:45:16,43 =============== gedaan. Er opende zich een kladblok bestandje.
-
Dan heb ik gewoon Text Enhance.
-
Nogmaals uitgevoerd en alle aangevinkt en verwijdert. Als ik plug in shockwave flash uitschakel heb ik inderdaad geen last meer van text Enhance. Maar dan kan ik niets meer zien op you tube of andere filmpjes. Dus graag zou ik Text Enhance verwijderen. Dit is mijn nieuwe HijackThis. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:44:11, on 24-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- End of file - 10406 bytes Bedankt voor het meedenken
-
Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.07.24.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 V.O.F. Boersma :: VOFBOERSMA-PC [administrator] Realtime bescherming: Ingeschakeld 24-7-2012 9:03:21 mbam-log-2012-07-24 (09-03-21).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 204092 Verstreken tijd: 14 minuut/minuten, 24 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:31:39, on 24-7-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Users\V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = V.O.F. Boersma\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- End of file - 11119 bytes instucties opgevolgd. Item 3,4 en 6 waren niet te vinden om aan te vinken in Hijackthis.
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!