Ga naar inhoud

vervelende popups adserver, doubleclick.net


Aanbevolen berichten

ComboFix 12-07-30.03 - Wilco 31-07-2012 18:27:17.3.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1580 [GMT 2:00]

Gestart vanuit: c:\users\Wilco\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Wilco\Desktop\CFscript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Softonic.com.NL_FF

c:\program files\Softonic.com.NL_FF\GottenAppsContextMenu.xml

c:\program files\Softonic.com.NL_FF\ldrtbSoft.dll

c:\program files\Softonic.com.NL_FF\OtherAppsContextMenu.xml

c:\program files\Softonic.com.NL_FF\prxtbSoft.dll

c:\program files\Softonic.com.NL_FF\SharedAppsContextMenu.xml

c:\program files\Softonic.com.NL_FF\Softonic.com.NL_FFToolbarHelper.exe

c:\program files\Softonic.com.NL_FF\tbSoft.dll

c:\program files\Softonic.com.NL_FF\toolbar.cfg

c:\program files\Softonic.com.NL_FF\ToolbarContextMenu.xml

c:\program files\Softonic.com.NL_FF\uninstall.exe

c:\programdata\Iconix

c:\programdata\Iconix\Wilco.usr

c:\users\Wilco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))

.

.

2012-07-31 16:37 . 2012-07-31 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-31 06:46 . 2012-07-31 06:46 -------- d-----w- c:\users\Wilco\AppData\Roaming\Sammsoft

2012-07-30 09:55 . 2008-10-01 18:01 1995776 ----a-w- c:\windows\system32\vcl120.bpl

2012-07-30 09:55 . 2008-10-01 18:01 1095168 ----a-w- c:\windows\system32\rtl120.bpl

2012-07-30 09:55 . 2012-07-30 09:55 -------- d-----w- c:\program files\MyPoi Manager

2012-07-30 09:55 . 2012-07-30 09:55 -------- d-----w- c:\program files\Common Files\MyPoiWorld Shared

2012-07-30 09:55 . 2012-07-31 16:19 -------- d-----w- c:\programdata\MyPoiWorld

2012-07-19 12:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-19 06:48 . 2012-07-19 06:48 -------- d-----w- c:\users\Wilco\AppData\Local\AVG Secure Search

2012-07-19 06:48 . 2012-07-19 06:48 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-19 06:47 . 2012-07-19 06:47 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-07-19 06:47 . 2012-07-19 06:47 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-07-19 06:47 . 2012-07-19 06:47 -------- d-----w- c:\program files\AVG Secure Search

2012-07-19 06:46 . 2012-07-19 06:46 -------- d--h--w- c:\programdata\Common Files

2012-07-13 07:11 . 2012-07-13 07:11 -------- d-----w- c:\users\Wilco\AppData\Roaming\Malwarebytes

2012-07-13 07:11 . 2012-07-13 07:11 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 12:40 . 2012-07-12 12:40 388096 ----a-r- c:\users\Wilco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-12 12:40 . 2012-07-12 12:40 -------- d-----w- c:\program files\Trend Micro

2012-07-11 07:39 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 06:31 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 06:31 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-11 06:31 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 06:31 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 06:31 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-09 07:33 . 2012-07-09 07:34 -------- d-----w- c:\users\Wilco\AppData\Roaming\Spamihilator

2012-07-09 07:32 . 2012-07-09 07:32 768848 ----a-w- c:\windows\system32\msvcr100.dll

2012-07-09 07:32 . 2012-07-09 07:32 421200 ----a-w- c:\windows\system32\msvcp100.dll

2012-07-09 07:31 . 2012-07-09 07:35 -------- d-----w- c:\program files\Spamihilator

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-31 16:39 . 2012-07-31 16:39 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKslf3835fdd.sys

2012-07-31 16:25 . 2012-07-31 16:25 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\offreg.dll

2012-07-31 16:19 . 2012-07-31 16:19 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKsl5f2d4110.sys

2012-07-24 08:59 . 2012-04-11 15:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-24 08:59 . 2011-06-07 11:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-29 08:44 . 2012-07-31 09:17 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\mpengine.dll

2012-06-29 08:44 . 2012-07-31 08:50 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-13 07:35 . 2012-06-13 07:35 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-13 07:35 . 2010-04-18 17:20 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-02 22:19 . 2012-06-26 14:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-26 14:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-26 14:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-26 14:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-26 14:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-26 14:19 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-26 14:19 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-26 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-26 14:19 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-29 07:38 . 2012-05-23 16:49 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-23 16:50 . 2012-05-30 07:30 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-05-23 16:49 . 2012-05-23 16:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-05-23 16:49 . 2012-05-23 16:49 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax

2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll

2012-05-23 16:49 . 2012-05-23 16:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2012-05-23 16:49 . 2012-05-23 16:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2012-05-23 16:49 . 2012-05-23 16:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2012-05-23 16:49 . 2012-05-23 16:49 245760 ----a-w- c:\windows\system32\MSCLib.dll

2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll

2012-05-23 16:49 . 2012-05-23 16:49 172032 ----a-w- c:\windows\system32\muzapp.exe

2012-05-23 16:49 . 2012-05-23 16:49 155648 ----a-w- c:\windows\system32\MSFLib.dll

2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax

2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll

2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax

2012-05-23 16:49 . 2012-05-23 16:49 118784 ----a-w- c:\windows\system32\MaDRM.dll

2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2012-05-23 16:49 . 2012-05-30 07:30 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-21 02:09 . 2012-05-30 07:34 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-05-21 02:09 . 2012-05-30 07:34 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2008-09-30 16:51 . 2008-09-30 16:51 9774080 ----a-w- c:\program files\openofficeorg30.msi

2008-09-18 16:08 . 2008-09-18 16:08 424728 ----a-w- c:\program files\setup.exe

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

2012-07-19 06:25 . 2011-03-23 07:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-29 12:31 . 2010-06-29 12:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2010-10-13 21:28 . 2011-01-10 17:00 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-19 06:47 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-19 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-20 10:45 220624 ----a-w- c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"Yadis"="c:\program files\codessentials\yadis\yadis.exe" [2011-01-14 1758208]

"Rohos"="c:\program files\Rohos\agent.exe" [2011-05-17 801080]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SkyDrive"="c:\users\Wilco\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2011-06-17 342872]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-11-08 606904]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-19 1147488]

"MyPoi Monitor"="c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-03-26 2114808]

.

c:\users\Wilco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Wilco\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-7-17 1014624]

MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

iPrint.lnk - c:\program files\iPrint\iPrint.exe [2012-2-17 2893824]

Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-2-23 6479712]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-11-9 290872]

Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2011-6-23 1683456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Wilco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeClip.lnk]

backup=c:\windows\pss\FreeClip.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]

2008-09-18 06:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-06-29 12:31 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:06 133104 ----atw- c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]

2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]

2008-05-20 15:50 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbBoost]

2010-08-21 17:01 3788800 ----a-w- c:\program files\UsbBoost\TurboHddUsb.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-01-09 08:51 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

R2 gupdate1c9861ddb57cde0;Google Update Service (gupdate1c9861ddb57cde0);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 MpKsl5f2d4110;MpKsl5f2d4110;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKsl5f2d4110.sys [x]

S1 MpKslf3835fdd;MpKslf3835fdd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43D0118B-9260-48C7-8329-6905C7992661}\MpKslf3835fdd.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 RHDISK;RHDISK;c:\program files\Rohos\RHDISK.SYS [x]

S2 Rohos Disk;Rohos Disk service;c:\program files\Rohos\agent.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSLF3835FDD

*Deregistered* - MPFP

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:59]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:38]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:38]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-862677247-1756649656-1137367909-1000Core.job

- c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 15:06]

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-862677247-1756649656-1137367909-1000UA.job

- c:\users\Wilco\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 15:06]

.

2012-06-14 c:\windows\Tasks\NeroLiveEpgUpdate-WILCO_Wilco.job

- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 12:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://isearch.avg.com/?cid={CE363A22-D38C-4457-9E92-DFC17C8AD85A}&mid=d764d610c77447d0805dd15256e44867-b90dcfaa81cb16f4920114b5c86d3a9c40865e4a〈=nl&ds=od011&pr=sa&d=2012-07-19 08:47&v=12.1.0.20&sap=hp

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0109&m=aspire_m3641

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Invulformulieren - file://c:\program files\LastPass\context.html?cmd=fillforms

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

FF - ProfilePath - c:\users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - SeniorWeb.nl | SeniorWeb, de computerhulp voor u

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.08);user_pref(general.useragent.extra.zencast, );user_pref(extensions.BabylonToolbar_i.babTrack, affID=111805

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Softonic.com.NL_FF Toolbar - c:\program files\Softonic.com.NL_FF\uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5604)

c:\users\Wilco\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Ralink\Common\RaRegistry.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\windows\system32\WUDFHost.exe

c:\windows\RtHDVCpl.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Translate Client\translateclient_cpu_donate.exe

c:\windows\system32\conhost.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-31 18:46:05 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-31 16:46

ComboFix2.txt 2012-07-31 09:13

ComboFix3.txt 2012-07-31 08:49

.

Pre-Run: 210.439.909.376 bytes beschikbaar

Post-Run: 210.367.131.648 bytes beschikbaar

.

- - End Of File - - 6B72C85ABDF13F58975D56CFFC5EAD5D

Link naar reactie
Delen op andere sites

Helaas is het probleem nog niet opgelost. Ik krijg nog steeds een popup met name van adserver. De andere twee popups die ik had heb ik al enige tijd niet meer gezien. Adserver vertoont zich niet al te vaak komt plotseling te voorschijn, maar het valt niet te voorspellen wanneer.

Link naar reactie
Delen op andere sites

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites

Emsisoft Emergency Kit - Versie 2.0

Laatste Update: 1-8-2012 17:00:46

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, D:\

Scan archieven: Aan

ADS Scan: Aan

Scan gestart: 1-8-2012 17:02:52

Key: hkey_local_machine\software\trymedia systems Ontdekt: Trace.Registry.trymedia!E1

Key: hkey_local_machine\software\trymedia systems\activemark software Ontdekt: Trace.Registry.trymedia!E1

Key: hkey_local_machine\software\classes\appid\updatebho.dll Ontdekt: Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Ontdekt: Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Ontdekt: Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Ontdekt: Trace.Registry.getstyles!E1

C:\Users\Wilco\AppData\Roaming\OpenCandy\OpenCandy_2225F6DD86274A77B110ED563F01E31A\LatestDLMgr.exe Ontdekt: Adware.Win32.OpenCandy.AMN!E1

C:\Users\Wilco\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap392_1226925343.gif Ontdekt: Attached PE/Script!E2

C:\Program Files\Ixquick Deskbar\deskbar.dll Ontdekt: Adware.Win32.Softomate.AC!E1

Gescand 647511

Gevonden 9

Scan geëindigd: 1-8-2012 17:54:26

Scantijd: 0:51:34

C:\Program Files\Ixquick Deskbar\deskbar.dll Verwijderd Adware.Win32.Softomate.AC!E1

C:\Users\Wilco\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap392_1226925343.gif Verwijderd Attached PE/Script!E2

C:\Users\Wilco\AppData\Roaming\OpenCandy\OpenCandy_2225F6DD86274A77B110ED563F01E31A\LatestDLMgr.exe Verwijderd Adware.Win32.OpenCandy.AMN!E1

Key: hkey_local_machine\software\classes\appid\updatebho.dll Verwijderd Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Verwijderd Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Verwijderd Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Verwijderd Trace.Registry.getstyles!E1

Key: hkey_local_machine\software\trymedia systems Verwijderd Trace.Registry.trymedia!E1

Key: hkey_local_machine\software\trymedia systems\activemark software Verwijderd Trace.Registry.trymedia!E1

Verwijderd 9

Link naar reactie
Delen op andere sites

Download AdwCleaner by Xplode naar je Bureaublad.

  • Sluit alle openstaande vensters
  • Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Klik vervolgens op Delete
  • Klik bij AdwCleaner – Information op OK
  • Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad, Dit is normaal

Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier in een volgende bericht.

Link naar reactie
Delen op andere sites

# AdwCleaner v1.800 - Logfile created 08/01/2012 at 20:57:21

# Updated 01/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : Wilco - WILCO

# Running from : C:\Users\Wilco\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Wilco\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Wilco\AppData\Local\Conduit

Folder Deleted : C:\Users\Wilco\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}

Folder Deleted : C:\Users\Wilco\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Wilco\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Wilco\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Wilco\AppData\LocalLow\bbrs_002.tb

Folder Deleted : C:\Users\Wilco\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Wilco\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\Conduit

Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\ConduitCommon

Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\ConduitEngine

Folder Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\extensions\bbrs_002@blabbers.com

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Conduit

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\searchplugins\Conduit.xml

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2860347

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\BrowserCompanion

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\BrowserCompanion

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Search Settings

Key Deleted : HKLM\SOFTWARE\Softonic.com.NL_FF

Key Deleted : HKLM\SOFTWARE\uTorrentBar_NL

Key Deleted : HKLM\SOFTWARE\WebShot\OpenCandy

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8BC0518-CD52-4C78-ADD3-A150867FA658}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D191F5-B870-4FD6-93AA-FF94FA095814}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{636E5F38-E406-49D3-8972-EDE6C26D8C91}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6F242D2-75EC-4C67-B359-E585A2F19364}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10D8B2EE-0954-4069-A12B-B1A5B66FAAD9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0C5A98B-3984-46FA-BF5B-670000B84BE6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8BC0518-CD52-4C78-ADD3-A150867FA658}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{636E5F38-E406-49D3-8972-EDE6C26D8C91}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48FB8510-61E8-4DFF-88FD-5FB277118ED9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9D191F5-B870-4FD6-93AA-FF94FA095814}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48FB8510-61E8-4DFF-88FD-5FB277118ED9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{48FB8510-61E8-4DFF-88FD-5FB277118ED9}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={CE363A22-D38C-4457-9E92-DFC17C8AD85A}&mid=d764d610c77447d0805dd15256e44867-b90dcfaa81cb16f4920114b5c86d3a9c40865e4a〈=nl&ds=od011&pr=sa&d=2012-07-19 08:47:50&v=12.1.0.20&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default

File : C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\prefs.js

C:\Users\Wilco\AppData\Roaming\Mozilla\Firefox\Profiles\w3y63b6w.default\user.js ... Deleted !

Deleted : user_pref("CT1460988.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT1460988.CT1667811.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1668860.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1668889.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1669100.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1669115.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1670222.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1670245.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1729581.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1729585.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1729585.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1460988.CT1729585.FeedLastCount128460900971181341", 226);

Deleted : user_pref("CT1460988.CT1729585.GroupingInvalidateCache", false);

Deleted : user_pref("CT1460988.CT1729585.GroupingLastCheckTime", "Tue Jan 19 2010 16:05:56 GMT+0100");

Deleted : user_pref("CT1460988.CT1729585.GroupingLastErrorCode", "");

Deleted : user_pref("CT1460988.CT1729585.GroupingLastResponse", true);

Deleted : user_pref("CT1460988.CT1729585.GroupingLastServerUpdateTime", "129083020843070000");

Deleted : user_pref("CT1460988.CT1729585.InvalidateCache", false);

Deleted : user_pref("CT1460988.CT1729585.LanguagePackLastCheckTime", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.CT1729585.Locale", "nl");

Deleted : user_pref("CT1460988.CT1729585.RadioLastCheckTime", "Tue Jan 19 2010 16:05:56 GMT+0100");

Deleted : user_pref("CT1460988.CT1729585.RadioLastUpdateIPServer", "4");

Deleted : user_pref("CT1460988.CT1729585.RadioLastUpdateServer", "4");

Deleted : user_pref("CT1460988.CT1729585.SearchEngine", "Zoek||hxxp://search.conduit.com/Results.aspx?q=UCM_SE[...]

Deleted : user_pref("CT1460988.CT1729585.SearchInNewTabLastCheckTime", "Tue Jan 19 2010 16:03:16 GMT+0100");

Deleted : user_pref("CT1460988.CT1729585.SettingsCheckIntervalMin", 120);

Deleted : user_pref("CT1460988.CT1729585.SettingsLastCheckTime", "Tue Jan 19 2010 16:05:55 GMT+0100");

Deleted : user_pref("CT1460988.CT1729585.SettingsLastUpdate", "1263821284");

Deleted : user_pref("CT1460988.CT1729585.ThirdPartyComponentsLastCheck", "Sun Jan 17 2010 10:16:16 GMT+0100");

Deleted : user_pref("CT1460988.CT1729585.ThirdPartyComponentsLastUpdate", "1263484715");

Deleted : user_pref("CT1460988.CT1729585.components.128460851192119579", false);

Deleted : user_pref("CT1460988.CT1729585.components.128460900971181341", false);

Deleted : user_pref("CT1460988.CT1729585.components.128471966754825544", false);

Deleted : user_pref("CT1460988.CT1729585.components.128551719552877929", false);

Deleted : user_pref("CT1460988.CT1729585.components.128793523396200505", false);

Deleted : user_pref("CT1460988.CT1729585.components.128809958847144598", false);

Deleted : user_pref("CT1460988.CT1729585.components.128815983753575738", false);

Deleted : user_pref("CT1460988.CT1729585.components.128816065480138193", false);

Deleted : user_pref("CT1460988.CT1729585.components.128824677339131748", false);

Deleted : user_pref("CT1460988.CT1729585.components.128921590430743976", false);

Deleted : user_pref("CT1460988.CT1729585.components.128933358426907094", false);

Deleted : user_pref("CT1460988.CT1729585.components.7946447417813871543", false);

Deleted : user_pref("CT1460988.CT1729587.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT1729593.CommunityChanged", true);

Deleted : user_pref("CT1460988.CT2164362.CommunityChanged", true);

Deleted : user_pref("CT1460988.CTID", "CT1729585");

Deleted : user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Tue Jan 19 2010 16:07:52 GMT+0100");

Deleted : user_pref("CT1460988.CommunitiesStatus.CT1729585", 0);

Deleted : user_pref("CT1460988.CommunityChanged", true);

Deleted : user_pref("CT1460988.CurrentServerDate", "19-1-2010");

Deleted : user_pref("CT1460988.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1460988.EMailNotifierPollDate", "Tue Jan 19 2010 16:03:18 GMT+0100");

Deleted : user_pref("CT1460988.FeedPollDate128460898315556274", "Tue Jan 19 2010 16:03:16 GMT+0100");

Deleted : user_pref("CT1460988.FeedPollDate128460899415556929", "Tue Jan 19 2010 16:03:16 GMT+0100");

Deleted : user_pref("CT1460988.FeedPollDate128460899564463182", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.FeedPollDate128460899661963361", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.FeedPollDate128460899768994715", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.FeedPollDate128479826070094154", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.FeedTTL128460898315556274", 5);

Deleted : user_pref("CT1460988.FeedTTL128460899415556929", 20);

Deleted : user_pref("CT1460988.FeedTTL128460899564463182", 30);

Deleted : user_pref("CT1460988.FeedTTL128460899661963361", 15);

Deleted : user_pref("CT1460988.FirstServerDate", "17-1-2010");

Deleted : user_pref("CT1460988.FirstTime", true);

Deleted : user_pref("CT1460988.FirstTimeFF3", true);

Deleted : user_pref("CT1460988.FixPageNotFoundErrors", true);

Deleted : user_pref("CT1460988.GroupingLastCheckTime", "Tue Jan 19 2010 16:03:16 GMT+0100");

Deleted : user_pref("CT1460988.GroupingLastErrorCode", "");

Deleted : user_pref("CT1460988.GroupingLastResponse", true);

Deleted : user_pref("CT1460988.GroupingLastServerUpdateTime", "129083928859130000");

Deleted : user_pref("CT1460988.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT1460988.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT1460988.Initialize", true);

Deleted : user_pref("CT1460988.InitializeCommonPrefs", true);

Deleted : user_pref("CT1460988.InstalledDate", "Sun Jan 17 2010 10:12:20 GMT+0100");

Deleted : user_pref("CT1460988.IsGrouping", true);

Deleted : user_pref("CT1460988.IsMulticommunity", false);

Deleted : user_pref("CT1460988.IsOpenThankYouPage", false);

Deleted : user_pref("CT1460988.IsOpenUninstallPage", true);

Deleted : user_pref("CT1460988.LanguagePackLastCheckTime", "Sun Jan 17 2010 10:12:21 GMT+0100");

Deleted : user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT1460988.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT1460988.LastLogin_2.5.4.6", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.LatestVersion", "2.1.0.18");

Deleted : user_pref("CT1460988.Locale", "en-us");

Deleted : user_pref("CT1460988.LoginCache", 4);

Deleted : user_pref("CT1460988.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT1460988.MCDetectTooltipShow", false);

Deleted : user_pref("CT1460988.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT1460988.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT1460988.RadioIsPodcast", false);

Deleted : user_pref("CT1460988.RadioMediaID", "9962");

Deleted : user_pref("CT1460988.RadioMediaType", "Media Player");

Deleted : user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609889962");

Deleted : user_pref("CT1460988.RadioShrinked", "shrinked");

Deleted : user_pref("CT1460988.RadioStationName", "California%20Rock");

Deleted : user_pref("CT1460988.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT1460988.SHRINK_TOOLBAR", 0);

Deleted : user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Deleted : user_pref("CT1460988.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146[...]

Deleted : user_pref("CT1460988.SearchInNewTabEnabled", true);

Deleted : user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT1460988.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]

Deleted : user_pref("CT1460988.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT1460988.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT1460988.SettingsCheckIntervalMin", 120);

Deleted : user_pref("CT1460988.SettingsLastCheckTime", "Sun Jan 17 2010 10:12:19 GMT+0100");

Deleted : user_pref("CT1460988.SettingsLastUpdate", "1263572606");

Deleted : user_pref("CT1460988.ThirdPartyComponentsInterval", 72);

Deleted : user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Sun Jan 17 2010 10:12:18 GMT+0100");

Deleted : user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1263572606");

Deleted : user_pref("CT1460988.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Deleted : user_pref("CT1460988.UserID", "UN30811847687079275");

Deleted : user_pref("CT1460988.ValidationData_Search", 0);

Deleted : user_pref("CT1460988.ValidationData_Toolbar", 2);

Deleted : user_pref("CT1460988.WeatherNetwork", "");

Deleted : user_pref("CT1460988.WeatherPollDate", "Tue Jan 19 2010 16:03:17 GMT+0100");

Deleted : user_pref("CT1460988.WeatherUnit", "C");

Deleted : user_pref("CT1460988.clientLogIsEnabled", false);

Deleted : user_pref("CT1460988.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Deleted : user_pref("CT1460988.components.1000034", false);

Deleted : user_pref("CT1460988.ct1729585.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1460988.ct1729585.FeedLastCount128460900971181341", 155);

Deleted : user_pref("CT1460988.ct1729585.GroupingInvalidateCache", false);

Deleted : user_pref("CT1460988.ct1729585.GroupingLastCheckTime", "Sun Jan 17 2010 10:12:20 GMT+0100");

Deleted : user_pref("CT1460988.ct1729585.GroupingLastErrorCode", "");

Deleted : user_pref("CT1460988.ct1729585.GroupingLastResponse", true);

Deleted : user_pref("CT1460988.ct1729585.GroupingLastServerUpdateTime", "129079655152100000");

Deleted : user_pref("CT1460988.ct1729585.InvalidateCache", false);

Deleted : user_pref("CT1460988.ct1729585.LanguagePackLastCheckTime", "Sun Jan 17 2010 10:12:22 GMT+0100");

Deleted : user_pref("CT1460988.ct1729585.Locale", "nl");

Deleted : user_pref("CT1460988.ct1729585.RadioLastCheckTime", "Sun Jan 17 2010 10:12:21 GMT+0100");

Deleted : user_pref("CT1460988.ct1729585.RadioLastUpdateIPServer", "4");

Deleted : user_pref("CT1460988.ct1729585.RadioLastUpdateServer", "4");

Deleted : user_pref("CT1460988.ct1729585.SearchEngine", "Zoek||hxxp://search.conduit.com/Results.aspx?q=UCM_SE[...]

Deleted : user_pref("CT1460988.ct1729585.SearchInNewTabLastCheckTime", "Sun Jan 17 2010 10:12:21 GMT+0100");

Deleted : user_pref("CT1460988.ct1729585.SettingsCheckIntervalMin", 120);

Deleted : user_pref("CT1460988.ct1729585.SettingsLastCheckTime", "Sun Jan 17 2010 10:12:20 GMT+0100");

Deleted : user_pref("CT1460988.ct1729585.SettingsLastUpdate", "1263484715");

Deleted : user_pref("CT1460988.ct1729585.ThirdPartyComponentsLastCheck", "Sun Jan 17 2010 10:12:20 GMT+0100");

Deleted : user_pref("CT1460988.ct1729585.ThirdPartyComponentsLastUpdate", "1263484715");

Deleted : user_pref("CT1460988.myStuffEnabled", true);

Deleted : user_pref("CT1460988.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT1460988.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]

Deleted : user_pref("CT1460988.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT1460988.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT1460988.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Deleted : user_pref("CT2860347..clientLogIsEnabled", true);

Deleted : user_pref("CT2860347..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2860347..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2860347.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2860347.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2860347.CTID", "CT2860347");

Deleted : user_pref("CT2860347.CurrentServerDate", "20-11-2011");

Deleted : user_pref("CT2860347.DSInstall", true);

Deleted : user_pref("CT2860347.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2860347.DialogsGetterLastCheckTime", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.DownloadReferralCookieData", "");

Deleted : user_pref("CT2860347.EMailNotifierPollDate", "Sun Nov 20 2011 09:47:51 GMT+0100");

Deleted : user_pref("CT2860347.FeedLastCount129359256046388233", 709);

Deleted : user_pref("CT2860347.FeedPollDate129150409730308153", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150410477960158", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150411149992123", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150411149992124", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150413057804235", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150414312491517", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150414941085546", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150415506867223", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150416295308354", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150416821245960", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150417598276979", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150418464839018", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150418961870358", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150419428120755", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150421384370672", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150422141713870", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150443759997630", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150461459212855", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate129150462560150661", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate3927911755645313500", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.FeedPollDate3927911755645379000", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.FeedTTL129150410477960158", 2);

Deleted : user_pref("CT2860347.FeedTTL129150414312491517", 5);

Deleted : user_pref("CT2860347.FeedTTL129150417598276979", 10);

Deleted : user_pref("CT2860347.FirstServerDate", "13-11-2011");

Deleted : user_pref("CT2860347.FirstTime", true);

Deleted : user_pref("CT2860347.FirstTimeFF3", true);

Deleted : user_pref("CT2860347.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2860347.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2860347.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2860347.HPInstall", false);

Deleted : user_pref("CT2860347.HasUserGlobalKeys", true);

Deleted : user_pref("CT2860347.HomePageProtectorEnabled", true);

Deleted : user_pref("CT2860347.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2860347&SearchSource=[...]

Deleted : user_pref("CT2860347.Initialize", true);

Deleted : user_pref("CT2860347.InitializeCommonPrefs", true);

Deleted : user_pref("CT2860347.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2860347.InstallationId", "CT2860347_00699_00706_072054_BL");

Deleted : user_pref("CT2860347.InstallationType", "ConduitIntegration");

Deleted : user_pref("CT2860347.InstalledDate", "Sun Nov 13 2011 10:21:11 GMT+0100");

Deleted : user_pref("CT2860347.InvalidateCache", false);

Deleted : user_pref("CT2860347.IsAlertDBUpdated", true);

Deleted : user_pref("CT2860347.IsGrouping", false);

Deleted : user_pref("CT2860347.IsInitSetupIni", true);

Deleted : user_pref("CT2860347.IsMulticommunity", false);

Deleted : user_pref("CT2860347.IsOpenThankYouPage", false);

Deleted : user_pref("CT2860347.IsOpenUninstallPage", true);

Deleted : user_pref("CT2860347.IsProtectorsInit", true);

Deleted : user_pref("CT2860347.LanguagePackLastCheckTime", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2860347.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2860347.LastLogin_3.7.0.6", "Sun Nov 13 2011 10:21:13 GMT+0100");

Deleted : user_pref("CT2860347.LastLogin_3.8.0.8", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.LatestVersion", "3.5.0.12");

Deleted : user_pref("CT2860347.Locale", "nl");

Deleted : user_pref("CT2860347.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2860347.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2860347.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2860347.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2860347.OriginalFirstVersion", "3.7.0.6");

Deleted : user_pref("CT2860347.RadioIsPodcast", false);

Deleted : user_pref("CT2860347.RadioLastCheckTime", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2860347.RadioLastUpdateServer", "3");

Deleted : user_pref("CT2860347.RadioMediaID", "9962");

Deleted : user_pref("CT2860347.RadioMediaType", "Media Player");

Deleted : user_pref("CT2860347.RadioMenuSelectedID", "EBRadioMenu_CT28603479962");

Deleted : user_pref("CT2860347.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT2860347.RadioStationName", "California%20Rock");

Deleted : user_pref("CT2860347.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT2860347.SavedHomepage", "hxxp://www.seniorweb.nl/default.aspx");

Deleted : user_pref("CT2860347.SearchCaption", "Softonic.com.NL FF Customized Web Search");

Deleted : user_pref("CT2860347.SearchEngineBeforeUnload", "Softonic.com.NL FF Customized Web Search");

Deleted : user_pref("CT2860347.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2860347.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]

Deleted : user_pref("CT2860347.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2860347.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2860347.SearchInNewTabLastCheckTime", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2860347.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2860347.SearchProtectorEnabled", true);

Deleted : user_pref("CT2860347.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2860347.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2860347.ServiceMapLastCheckTime", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CT2860347.SettingsLastCheckTime", "Sun Nov 20 2011 09:47:50 GMT+0100");

Deleted : user_pref("CT2860347.SettingsLastUpdate", "1318930104");

Deleted : user_pref("CT2860347.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2860347&SearchSource=13");

Deleted : user_pref("CT2860347.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2860347.ThirdPartyComponentsLastCheck", "Sun Nov 13 2011 10:21:10 GMT+0100");

Deleted : user_pref("CT2860347.ThirdPartyComponentsLastUpdate", "1256026239");

Deleted : user_pref("CT2860347.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2860347.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2860347");

Deleted : user_pref("CT2860347.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2860347.UserID", "UN82112093246467953");

Deleted : user_pref("CT2860347.WeatherNetwork", "");

Deleted : user_pref("CT2860347.WeatherPollDate", "Sun Nov 20 2011 09:47:53 GMT+0100");

Deleted : user_pref("CT2860347.WeatherUnit", "C");

Deleted : user_pref("CT2860347.alertChannelId", "1252363");

Deleted : user_pref("CT2860347.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2860347.globalFirstTimeInfoLastCheckTime", "Sun Nov 20 2011 09:47:55 GMT+0100");

Deleted : user_pref("CT2860347.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2860347.initDone", true);

Deleted : user_pref("CT2860347.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2860347.isFirstRadioInstallation", false);

Deleted : user_pref("CT2860347.myStuffEnabled", true);

Deleted : user_pref("CT2860347.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2860347.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2860347.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2860347.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2860347.oldAppsList", "129359256026544019,129359256026700270,111,3109033329227924510,12[...]

Deleted : user_pref("CT2860347.revertSettingsEnabled", true);

Deleted : user_pref("CT2860347.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2860347.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2860347.testingCtid", "");

Deleted : user_pref("CT2860347.toolbarAppMetaDataLastCheckTime", "Sun Nov 20 2011 09:47:54 GMT+0100");

Deleted : user_pref("CT2860347.toolbarContextMenuLastCheckTime", "Sun Nov 13 2011 10:21:13 GMT+0100");

Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2866295,CT2865317");

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2860347&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Softonic.com.NL FF Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/10896/10676/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1252363/1248036/NL", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24183/23680/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24247/23744/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24250/23747/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24264/23761/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24266/23763/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24349/23846/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/24350/23847/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28311/27793/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28312/27794/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28313/27795/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/28315/27797/NL", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/563458/559322/NL", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NL", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2860347", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2866295", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2860347",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2866295",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2860347&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2866295/CT2866295[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"1ec[...]

Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);

Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");

Deleted : user_pref("CommunityToolbar.IsEngineShown", false);

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Wilco\\AppData\\Roaming\\Mozilla\\F[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2865317");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{87775fdb-6972-41f9-ae51-8326e38cb206}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_nl");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://toolbar.ask.com/toolbarv/askRedir[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1460988,ConduitEngine,CT2860347");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,ConduitEngine,CT2860347");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2860347");

Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 08:55:49 GMT+01[...]

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 11:34:39 GMT+0200");

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 09:46:55 GMT+0200");

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "{736d7011-7b7a-4dab-940b-f829ad7e0207}");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 14 2011 18:52:51 GMT+0100");

Deleted : user_pref("CommunityToolbar.globalUserId", "73fbd730-4223-44b4-bf72-3c28c193b35c");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2860347");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 13 2011 10:21:1[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 20 2011 09:48:00 GMT+010[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 20 2011 09:47:52 GMT+0100");

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "f942a688-185e-4c6e-ba54-21f7d13224ad");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.seniorweb.nl/default.aspx");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");

Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 20 2011 08:28:27 GMT+0200");

Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");

Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jan 10 2011 15:38:18 GMT+0100");

Deleted : user_pref("ConduitEngine.FirstServerDate", "01/09/2011 11");

Deleted : user_pref("ConduitEngine.FirstTime", true);

Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);

Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);

Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);

Deleted : user_pref("ConduitEngine.Initialize", true);

Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");

Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Jan 09 2011 09:55:13 GMT+0100");

Deleted : user_pref("ConduitEngine.IsMulticommunity", false);

Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);

Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jan 10 2011 15:38:21 GMT+0100");

Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jan 09 2011 09:55:13 GMT+0100");

Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Mon Jan 10 2011 15:38:21 GMT+0100");

Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);

Deleted : user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13"[...]

Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]

Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jan 10 2011 15:38:18 GMT+0100");

Deleted : user_pref("ConduitEngine.UserID", "UN50479045714002962");

Deleted : user_pref("ConduitEngine.engineLocale", "nl");

Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jan 10 2011 15:38:18 GMT+0100");

Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jan 10 2011 15:38:22 GMT+0100");

Deleted : user_pref("ConduitEngine.initDone", true);

Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic.com.NL FF Customized Web Search");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111805");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111805&babsrc=N[...]

Deleted : user_pref("extensions.asktb.cbid", "F4");

Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]

Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.emailing.nespresso.com/r/?id=he54e99c,5aa[...]

Deleted : user_pref("extensions.asktb.fresh-install", false);

Deleted : user_pref("extensions.asktb.l", "dis");

Deleted : user_pref("extensions.asktb.last-config-req", "1273338507141");

Deleted : user_pref("extensions.asktb.locale", "en_US");

Deleted : user_pref("extensions.asktb.o", "101699");

Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Deleted : user_pref("extensions.asktb.qsrc", "2871");

Deleted : user_pref("extensions.asktb.r", "2");

Deleted : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...]

Deleted : user_pref("extensions.snipit.askTbInstalled", true);

Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&g[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Wilco\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "urls_to_restore_on_startup": [ "hxxp://www.seniorweb.nl/", "hxxps://isearch.avg.com/?cid={[...]

Deleted : "description": "AVG Secure Search",

Deleted : "name": "AVG Secure Search",

Deleted : "description": "SweetIm for Facebook",

Deleted : "name": "SweetIM for Facebook",

Deleted : "urls_to_restore_on_startup": [ "hxxp://www.seniorweb.nl/", "hxxps://isearch.avg.com/?cid={CE3[...]

*************************

AdwCleaner[s1].txt - [49524 octets] - [01/08/2012 20:57:21]

########## EOF - C:\AdwCleaner[s1].txt - [49653 octets] ##########

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder AdwCleaner en Emsisoft manueel.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.