Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack this logje

Abraham54
8 antwoorden
  • Heb beloofd aan mn vriendin om haar laptop te onderzoeken op virussen of andere malware. Ze is er één van het type 'ik-installeer-alles-zonder-te-kijken-wat-ik-juist-installeer. Vandaar… :-)

    Zou er iemand zo vriendelijk willen zijn om dit Hijack this logje eens te bekijken? :-)

    Ik heb laatst enkele malware verwijderd m.b.v. MBAM, maar heb geen idee of alles nu verwijderd is.

    De enige problemen die ik in het verleden gemerkt heb hadden betrekking tot een 'programma' genaamd 'Babylon', dat ervoor zorgde dat er niet meer op sommige sites kon gesurft worden.


    Als ik Hijack this opstart en laat lopen, krijg ik volgend venster:

    [img:0c91655fef]http://i49.tinypic.com/162435z.png[/img:0c91655fef]

    Als ik vervolgens verderga, krijg ik dit logje:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:09:36, on 5/02/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17153)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\Nathalie\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0A0EyBzytAyEyB0C0EyE0DtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=438714810
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CAHeadless] c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
    O4 - Startup: Dropbox.lnk = Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nathalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 11215 bytes


    Alvast bedankt! :-)
  • PS: Ik lees nu pas in één van onderstaande topics dat Hijackthis niet zo goed werkt op een 64-bits versie..

    En deze laptop draait op een 64-bits versie…
  • Even wachten op Abraham54 die geeft jou beslist antwoord.
    Maar ja hij heeft het doorgaans heel erg druk op meerdere fora.
    Succes.
  • Hoi Dries, we gaan kijken.

  • Bedankt voor deze spoedige respons :-)

    Hier is het AdwCleaner logje:
    ComboFix log volgt in volgende post.


    # AdwCleaner v2.111 - Verslag gemaakt op 06/02/2013 om 11:31:09
    # Geactualiseerd op 05/02/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium (64 bits)
    # Gebruiker : Nathalie - NATHALIE-VAIO
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Nathalie\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\END
    File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
    File Verwijdert : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
    File Verwijdert : C:\user.js
    File Verwijdert : C:\Users\Nathalie\AppData\Local\funmoods-speeddial.crx
    Map Verwijdert : C:\Program Files (x86)\Conduit
    Map Verwijdert : C:\ProgramData\Babylon
    Map Verwijdert : C:\ProgramData\boost_interprocess
    Map Verwijdert : C:\ProgramData\Partner
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Conduit
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Ilivid Player
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\BabylonToolbar
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\Conduit
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\PriceGong
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\searchquband
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\Softonic
    Map Verwijdert : C:\Users\Nathalie\AppData\Roaming\Babylon
    Map Verwijdert : C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\Smartbar

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar
    Sleutel Verwijdert : HKCU\Software\Babylon
    Sleutel Verwijdert : HKCU\Software\BabylonToolbar
    Sleutel Verwijdert : HKCU\Software\DataMngr
    Sleutel Verwijdert : HKCU\Software\InstallCore
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijdert : HKLM\Software\Babylon
    Sleutel Verwijdert : HKLM\Software\BabylonToolbar
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Verwijdert : HKLM\Software\Conduit
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijdert : HKLM\SOFTWARE\DataMngr
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Browsers] *****

    -\\ Internet Explorer v8.0.7600.17153

    Verwijdert : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4 –> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0A0EyBzytAyEyB0C0EyE0DtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=438714810 –> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0A0EyBzytAyEyB0C0EyE0DtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=438714810 –> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.1 (nl)

    File : C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\prefs.js

    C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\user.js … Verwijdert !

    Verwijdert : user_pref("CT2269050.1000082.isDisplayHidden", "true";);
    Verwijdert : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[…]
    Verwijdert : user_pref("CT2269050.1000234.TWC_TMP_city", "BRUSSELS";);
    Verwijdert : user_pref("CT2269050.1000234.TWC_TMP_country", "BE";);
    Verwijdert : user_pref("CT2269050.1000234.TWC_locId", "BEXX0005";);
    Verwijdert : user_pref("CT2269050.1000234.TWC_location", "Brussels, Belgium";);
    Verwijdert : user_pref("CT2269050.1000234.TWC_region", "OT";);
    Verwijdert : user_pref("CT2269050.1000234.TWC_temp_dis", "c";);
    Verwijdert : user_pref("CT2269050.1000234.TWC_wind_dis", "kmh";);
    Verwijdert : user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"15°C\",\"temperat[…]
    Verwijdert : user_pref("CT2269050.CBOpenMAMSettings.enc", "MA==";);
    Verwijdert : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}";);
    Verwijdert : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[…]
    Verwijdert : user_pref("CT2269050.FirstTime", "true";);
    Verwijdert : user_pref("CT2269050.FirstTimeFF3", "true";);
    Verwijdert : user_pref("CT2269050.LoginRevertSettingsEnabled", true);
    Verwijdert : user_pref("CT2269050.RevertSettingsEnabled", true);
    Verwijdert : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[…]
    Verwijdert : user_pref("CT2269050.UserID", "UN72473593205633082";);
    Verwijdert : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true";);
    Verwijdert : user_pref("CT2269050.autoDisableScopes", -1);
    Verwijdert : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
    Verwijdert : user_pref("CT2269050.cb_experience_000", "Mg==";);
    Verwijdert : user_pref("CT2269050.cb_firstuse0100", "MQ==";);
    Verwijdert : user_pref("CT2269050.cbcountry_001.enc", "QkU=";);
    Verwijdert : user_pref("CT2269050.cbfirsttime.enc", "V2VkIFNlcCAyNiAyMDEyIDIxOjA3OjI2IEdNVCswMjAwIChSb21hbmNlICh6[…]
    Verwijdert : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[…]
    Verwijdert : user_pref("CT2269050.enableAlerts", "always";);
    Verwijdert : user_pref("CT2269050.enableFix404ByUser", "TRUE";);
    Verwijdert : user_pref("CT2269050.firstTimeDialogOpened", "true";);
    Verwijdert : user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE";);
    Verwijdert : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true";);
    Verwijdert : user_pref("CT2269050.fixUrls", true);
    Verwijdert : user_pref("CT2269050.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "b3[…]
    Verwijdert : user_pref("CT2269050.installType", "Unknown";);
    Verwijdert : user_pref("CT2269050.isCheckedStartAsHidden", true);
    Verwijdert : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}";);
    Verwijdert : user_pref("CT2269050.isFirstTimeToolbarLoading", "false";);
    Verwijdert : user_pref("CT2269050.isNewTabEnabled", true);
    Verwijdert : user_pref("CT2269050.isPerformedSmartBarTransition", "true";);
    Verwijdert : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}";);
    Verwijdert : user_pref("CT2269050.keyword", true);
    Verwijdert : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[…]
    Verwijdert : user_pref("CT2269050.lastVersion", "10.14.42.7";);
    Verwijdert : user_pref("CT2269050.migrateAppsAndComponents", true);
    Verwijdert : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[…]
    Verwijdert : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}";);
    Verwijdert : user_pref("CT2269050.openThankYouPage", "FALSE";);
    Verwijdert : user_pref("CT2269050.openUninstallPage", "FALSE";);
    Verwijdert : user_pref("CT2269050.search.searchAppId", "128834881989343895";);
    Verwijdert : user_pref("CT2269050.search.searchCount", "0";);
    Verwijdert : user_pref("CT2269050.searchInNewTabEnabledByUser", "true";);
    Verwijdert : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true";);
    Verwijdert : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}";);
    Verwijdert : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348686439452";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1349124398466";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348686441725";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1353274221033";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358362531726";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359570512026";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359954943517";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1349124399618";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348686441786";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1349102612501";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1359888432189";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348686441669";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1359962144128";);
    Verwijdert : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1359888432657";);
    Verwijdert : user_pref("CT2269050.settingsINI", true);
    Verwijdert : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE";);
    Verwijdert : user_pref("CT2269050.smartbar.CTID", "CT2269050";);
    Verwijdert : user_pref("CT2269050.smartbar.Uninstall", "1";);
    Verwijdert : user_pref("CT2269050.smartbar.homepage", true);
    Verwijdert : user_pref("CT2269050.smartbar.isHidden", true);
    Verwijdert : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ";);
    Verwijdert : user_pref("CT2269050.startPage", "userChanged";);
    Verwijdert : user_pref("CT2269050.toolbarBornServerTime", "26-9-2012";);
    Verwijdert : user_pref("CT2269050.toolbarCurrentServerTime", "4-2-2013";);
    Verwijdert : user_pref("CT2269050.url_history0001.enc", "aHR0cDovL3d3dy5rb29wamVza3JhbnQuYmUvZ2VudF9odWlzX2xvc3N0[…]
    Verwijdert : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[…]
    Verwijdert : user_pref("Smartbar.ConduitHomepagesList", "";);
    Verwijdert : user_pref("Smartbar.ConduitSearchEngineList", "";);
    Verwijdert : user_pref("Smartbar.ConduitSearchUrlList", "";);
    Verwijdert : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.softonic.com/MON00222/tb_v1?Search[…]
    Verwijdert : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050";);
    Verwijdert : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)";);
    Verwijdert : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)";);
    Verwijdert : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/?affID=110000&tt=3512_5&[…]
    Verwijdert : user_pref("browser.BabylonToolbar_i.newTab", "";);
    Verwijdert : user_pref("browser.BabylonToolbar_i.newTabUrl", "";);
    Verwijdert : user_pref("browser.babylon.HPOnNewTab", "";);
    Verwijdert : user_pref("extensions.BabylonToolbar.admin", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.aflt", "babsst";);
    Verwijdert : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}";);
    Verwijdert : user_pref("extensions.BabylonToolbar.autoRvrt", "false";);
    Verwijdert : user_pref("extensions.BabylonToolbar.babExt", "";);
    Verwijdert : user_pref("extensions.BabylonToolbar.babTrack", "affID=110000&tt=3512_5";);
    Verwijdert : user_pref("extensions.BabylonToolbar.bbDpng", 2);
    Verwijdert : user_pref("extensions.BabylonToolbar.cntry", "BE";);
    Verwijdert : user_pref("extensions.BabylonToolbar.dfltLng", "en";);
    Verwijdert : user_pref("extensions.BabylonToolbar.dfltSrch", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.envrmnt", "production";);
    Verwijdert : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.hdrMd5", "91F8BAD855AB60AFBC64A5BE4FA89CD7";);
    Verwijdert : user_pref("extensions.BabylonToolbar.hmpg", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.id", "3484ce4d0000000000004a0f6ef7b6de";);
    Verwijdert : user_pref("extensions.BabylonToolbar.instlDay", "15585";);
    Verwijdert : user_pref("extensions.BabylonToolbar.instlRef", "sst";);
    Verwijdert : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=10588&babsrc=adbart[…]
    Verwijdert : user_pref("extensions.BabylonToolbar.lastDP", 2);
    Verwijdert : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1220:34:45";);
    Verwijdert : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0";);
    Verwijdert : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1";);
    Verwijdert : user_pref("extensions.BabylonToolbar.newTab", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP";);
    Verwijdert : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"6\",\"lastVrsn\":\"6\",\"vrsnLoad\":\[…]
    Verwijdert : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar";);
    Verwijdert : user_pref("extensions.BabylonToolbar.propectorlck", 85172171);
    Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 1);
    Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
    Verwijdert : user_pref("extensions.BabylonToolbar.prtnrId", "babylon";);
    Verwijdert : user_pref("extensions.BabylonToolbar.ptch_0717", true);
    Verwijdert : user_pref("extensions.BabylonToolbar.sg", "azb";);
    Verwijdert : user_pref("extensions.BabylonToolbar.smplGrp", "azb";);
    Verwijdert : user_pref("extensions.BabylonToolbar.srcExt", "ss";);
    Verwijdert : user_pref("extensions.BabylonToolbar.tlbrId", "tb9";);
    Verwijdert : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[…]
    Verwijdert : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12";);
    Verwijdert : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1220:34:45";);
    Verwijdert : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.aflt", "babclient";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.babExt", "";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000&tt=3512_5";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.hardId", "3484ce4d000000000000889ffae79347";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.id", "3484ce4d000000000000889ffae79347";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.instlDay", "15326";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.instlRef", "std";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.smplGrp", "none";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.srcExt", "ss";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.tlbrId", "base";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1220:34:45";);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17";);
    Verwijdert : user_pref("extensions.Softonic.admin", false);
    Verwijdert : user_pref("extensions.Softonic.aflt", "orgnl";);
    Verwijdert : user_pref("extensions.Softonic.autoRvrt", "false";);
    Verwijdert : user_pref("extensions.Softonic.cntry", "BE";);
    Verwijdert : user_pref("extensions.Softonic.cv", "cv5";);
    Verwijdert : user_pref("extensions.Softonic.dfltLng", "";);
    Verwijdert : user_pref("extensions.Softonic.dfltSrch", true);
    Verwijdert : user_pref("extensions.Softonic.dfltlng", "en";);
    Verwijdert : user_pref("extensions.Softonic.dfltsrch", true);
    Verwijdert : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)";);
    Verwijdert : user_pref("extensions.Softonic.dspOld", "Search";);
    Verwijdert : user_pref("extensions.Softonic.envrmnt", "production";);
    Verwijdert : user_pref("extensions.Softonic.excTlbr", false);
    Verwijdert : user_pref("extensions.Softonic.hdrMd5", "7F77BD8EBC3DD57CBB31CCF37644541A";);
    Verwijdert : user_pref("extensions.Softonic.hmpg", true);
    Verwijdert : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=13&[…]
    Verwijdert : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=13&cc[…]
    Verwijdert : user_pref("extensions.Softonic.hpOld", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEt[…]
    Verwijdert : user_pref("extensions.Softonic.hrdid", "3484ce4d0000000000004a0f6ef7b6de";);
    Verwijdert : user_pref("extensions.Softonic.id", "3484ce4d0000000000004a0f6ef7b6de";);
    Verwijdert : user_pref("extensions.Softonic.instlDay", "15607";);
    Verwijdert : user_pref("extensions.Softonic.instlRef", "MON00001";);
    Verwijdert : user_pref("extensions.Softonic.instlday", "15607";);
    Verwijdert : user_pref("extensions.Softonic.instlref", "MON00001";);
    Verwijdert : user_pref("extensions.Softonic.isdcmntcmplt", "false";);
    Verwijdert : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=[…]
    Verwijdert : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=[…]
    Verwijdert : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.418:53:03";);
    Verwijdert : user_pref("extensions.Softonic.mntrvrsn", "1.3.0";);
    Verwijdert : user_pref("extensions.Softonic.newTab", false);
    Verwijdert : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=1[…]
    Verwijdert : user_pref("extensions.Softonic.newtab", "false";);
    Verwijdert : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=1[…]
    Verwijdert : user_pref("extensions.Softonic.prdct", "Softonic";);
    Verwijdert : user_pref("extensions.Softonic.propectorlck", 94232804);
    Verwijdert : user_pref("extensions.Softonic.prtnrId", "softonic";);
    Verwijdert : user_pref("extensions.Softonic.prtnrid", "softonic";);
    Verwijdert : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[…]
    Verwijdert : user_pref("extensions.Softonic.savedVrsnTs", "1";);
    Verwijdert : user_pref("extensions.Softonic.sg", "az";);
    Verwijdert : user_pref("extensions.Softonic.smplGrp", "none";);
    Verwijdert : user_pref("extensions.Softonic.smplgrp", "none";);
    Verwijdert : user_pref("extensions.Softonic.srch", "";);
    Verwijdert : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)";);
    Verwijdert : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)";);
    Verwijdert : user_pref("extensions.Softonic.tlbrId", "base";);
    Verwijdert : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[…]
    Verwijdert : user_pref("extensions.Softonic.tlbrid", "base";);
    Verwijdert : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[…]
    Verwijdert : user_pref("extensions.Softonic.vrsn", "1.6.7.4";);
    Verwijdert : user_pref("extensions.Softonic.vrsnTs", "1.6.7.418:53:03";);
    Verwijdert : user_pref("extensions.Softonic.vrsni", "1.6.7.4";);
    Verwijdert : user_pref("extensions.Softonic.vrsnts", "1.6.7.418:53:03";);
    Verwijdert : user_pref("extensions.Softonic_i.dnsErr", true);
    Verwijdert : user_pref("extensions.Softonic_i.hmpg", true);
    Verwijdert : user_pref("extensions.Softonic_i.newTab", false);
    Verwijdert : user_pref("extensions.Softonic_i.smplGrp", "none";);
    Verwijdert : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.418:53:03";);
    Verwijdert : user_pref("extensions.facemoods._xpiupdate", true);
    Verwijdert : user_pref("extensions.facemoods.aflt", "_#wbst";);
    Verwijdert : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4";);
    Verwijdert : user_pref("extensions.facemoods.first_time", false);
    Verwijdert : user_pref("extensions.facemoods.id", "_#13ea277658f54f45adc98abaced55655";);
    Verwijdert : user_pref("extensions.facemoods.instlDay", "_#15338";);
    Verwijdert : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com";);
    Verwijdert : user_pref("extensions.facemoods.sid", "_#13ea277658f54f45adc98abaced55655";);
    Verwijdert : user_pref("extensions.facemoods.update", "_#v1.4.0";);
    Verwijdert : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5";);
    Verwijdert : user_pref("extensions.funmoods.aflt", "iron2";);
    Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);
    Verwijdert : user_pref("extensions.funmoods.brwsrsrc", "ietlbr";);
    Verwijdert : user_pref("extensions.funmoods.cntry", "BE";);
    Verwijdert : user_pref("extensions.funmoods.cv", "cv5";);
    Verwijdert : user_pref("extensions.funmoods.dfltLng", "";);
    Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);
    Verwijdert : user_pref("extensions.funmoods.dfltlng", "en";);
    Verwijdert : user_pref("extensions.funmoods.dfltsrch", true);
    Verwijdert : user_pref("extensions.funmoods.dnsErr", true);
    Verwijdert : user_pref("extensions.funmoods.envrmnt", "production";);
    Verwijdert : user_pref("extensions.funmoods.excTlbr", false);
    Verwijdert : user_pref("extensions.funmoods.hdrMd5", "4CE4DB7B61E9CC6D4D566277E917E78D";);
    Verwijdert : user_pref("extensions.funmoods.hmpg", true);
    Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[…]
    Verwijdert : user_pref("extensions.funmoods.hrdid", "889FFAE79347CE4D";);
    Verwijdert : user_pref("extensions.funmoods.id", "889FFAE79347CE4D";);
    Verwijdert : user_pref("extensions.funmoods.instlDay", "15585";);
    Verwijdert : user_pref("extensions.funmoods.instlRef", "iron2";);
    Verwijdert : user_pref("extensions.funmoods.instlday", "15585";);
    Verwijdert : user_pref("extensions.funmoods.instlref", "iron2";);
    Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.funmoods.keywordurl", "";);
    Verwijdert : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:58:14";);
    Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0";);
    Verwijdert : user_pref("extensions.funmoods.newTab", true);
    Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[…]
    Verwijdert : user_pref("extensions.funmoods.newtab", true);
    Verwijdert : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[…]
    Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods";);
    Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods";);
    Verwijdert : user_pref("extensions.funmoods.prtnrid", "funmoods";);
    Verwijdert : user_pref("extensions.funmoods.savedVrsnTs", "1";);
    Verwijdert : user_pref("extensions.funmoods.sg", "none";);
    Verwijdert : user_pref("extensions.funmoods.smplGrp", "none";);
    Verwijdert : user_pref("extensions.funmoods.smplgrp", "none";);
    Verwijdert : user_pref("extensions.funmoods.srch", "";);
    Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Search";);
    Verwijdert : user_pref("extensions.funmoods.srchprvdr", "Search";);
    Verwijdert : user_pref("extensions.funmoods.tlbrId", "base";);
    Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[…]
    Verwijdert : user_pref("extensions.funmoods.tlbrid", "base";);
    Verwijdert : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[…]
    Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22";);
    Verwijdert : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:58:14";);
    Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22";);
    Verwijdert : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:58:14";);
    Verwijdert : user_pref("extensions.funmoods_i.newTab", true);
    Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none";);
    Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:58:14";);
    Verwijdert : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[…]
    Verwijdert : user_pref("smartbar.machineId", "XDH4NSSPV7L2XZAVSPG3K+2INM3IXT7TKIUQVZWOY9X5C3ZDXROIM6CUYLDHBWLOO4F[…]
    Verwijdert : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[…]

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [31605 octets] - [06/02/2013 11:31:09]

    ########## EOF - C:\AdwCleaner[S1].txt - [31666 octets] ##########
  • Hier volgt het ComboFix logje:

    ( Het zijn twee logjes, aangezien ik de eerste keer vergeten was Windows Defender uit te schakelen.

    Logje met WD nog aan:

    ComboFix 13-02-03.03 - Nathalie 06/02/2013 11:49:14.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3950.2547 [GMT 1:00]
    Gestart vanuit: c:\users\Nathalie\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-06 10:40 . 2013-02-06 10:40 ——– d—–w- C:\Virusscan logs
    2013-02-05 10:56 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C54FD52-7704-4A7E-ACC9-60B2107134C1}\mpengine.dll
    2013-02-03 21:27 . 2013-02-03 21:27 ——– d—–w- c:\program files (x86)\ESET
    2013-02-03 10:50 . 2013-02-03 10:50 ——– d—–w- c:\users\Nathalie\AppData\Roaming\Apple Computer
    2013-01-15 18:24 . 2013-01-04 18:51 9376256 —-a-w- c:\windows\system32\mshtml.dll
    2013-01-15 18:24 . 2010-11-04 04:35 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2013-01-15 18:24 . 2010-11-04 04:08 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-09 15:19 . 2012-11-09 05:34 751104 —-a-w- c:\windows\system32\win32spl.dll
    2013-01-09 15:19 . 2012-11-09 04:49 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 15:17 . 2012-11-30 05:43 424960 —-a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 15:16 . 2012-11-23 03:45 3147264 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 00:28 . 2011-07-09 16:47 273840 ——w- c:\windows\system32\MpSigStub.exe
    2013-01-12 13:11 . 2011-07-09 11:10 67599240 —-a-w- c:\windows\system32\MRT.exe
    2013-01-09 21:26 . 2012-12-19 18:44 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 21:26 . 2012-01-12 15:29 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 16:52 . 2012-12-21 20:36 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-21 20:36 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 15:49 . 2011-07-09 16:45 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:56 . 2013-01-09 15:17 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-11-19 20:12 . 2012-11-19 20:12 477168 —-a-w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-11-19 20:12 . 2011-07-06 21:12 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-16 18:00 . 2012-11-19 18:42 112640 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2012-11-09 05:34 . 2012-12-16 16:00 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:49 . 2012-12-16 16:00 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-08 98304]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    c:\users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-24 202752]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 21:26]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.be/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://www.google.com
    IE: Free YouTube to MP3 Converter - c:\users\Nathalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\
    FF - prefs.js: browser.startup.homepage - www.google.be
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\windows\SysWOW64\RunDll32.exe
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-02-06 12:05:29 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-02-06 11:05
    .
    Pre-Run: 400.966.885.376 bytes beschikbaar
    Post-Run: 400.702.656.512 bytes beschikbaar
    .
    - - End Of File - - 89C76DD0B0E8329777F1FCAD64B4F5DB








    Logje met WD uitgeschakeld:


    ComboFix 13-02-03.03 - Nathalie 06/02/2013 12:13:09.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3950.2563 [GMT 1:00]
    Gestart vanuit: c:\users\Nathalie\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-06 11:21 . 2013-02-06 11:21 ——– d—–w- c:\users\Default\AppData\Local\temp
    2013-02-06 10:40 . 2013-02-06 11:08 ——– d—–w- C:\Virusscan logs
    2013-02-05 10:56 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C54FD52-7704-4A7E-ACC9-60B2107134C1}\mpengine.dll
    2013-02-03 21:27 . 2013-02-03 21:27 ——– d—–w- c:\program files (x86)\ESET
    2013-02-03 10:50 . 2013-02-03 10:50 ——– d—–w- c:\users\Nathalie\AppData\Roaming\Apple Computer
    2013-01-15 18:24 . 2013-01-04 18:51 9376256 —-a-w- c:\windows\system32\mshtml.dll
    2013-01-15 18:24 . 2010-11-04 04:35 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2013-01-15 18:24 . 2010-11-04 04:08 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-09 15:19 . 2012-11-09 05:34 751104 —-a-w- c:\windows\system32\win32spl.dll
    2013-01-09 15:19 . 2012-11-09 04:49 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 15:17 . 2012-11-30 05:43 424960 —-a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 15:16 . 2012-11-23 03:45 3147264 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 00:28 . 2011-07-09 16:47 273840 ——w- c:\windows\system32\MpSigStub.exe
    2013-01-12 13:11 . 2011-07-09 11:10 67599240 —-a-w- c:\windows\system32\MRT.exe
    2013-01-09 21:26 . 2012-12-19 18:44 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 21:26 . 2012-01-12 15:29 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 16:52 . 2012-12-21 20:36 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-21 20:36 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 15:49 . 2011-07-09 16:45 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:56 . 2013-01-09 15:17 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-11-19 20:12 . 2012-11-19 20:12 477168 —-a-w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-11-19 20:12 . 2011-07-06 21:12 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-16 18:00 . 2012-11-19 18:42 112640 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2012-11-09 05:34 . 2012-12-16 16:00 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:49 . 2012-12-16 16:00 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-08 98304]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    c:\users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-24 202752]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 21:26]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.be/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://www.google.com
    IE: Free YouTube to MP3 Converter - c:\users\Nathalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\
    FF - prefs.js: browser.startup.homepage - www.google.be
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-02-06 12:23:43
    ComboFix-quarantined-files.txt 2013-02-06 11:23
    .
    Pre-Run: 400.765.202.432 bytes beschikbaar
    Post-Run: 400.468.570.112 bytes beschikbaar
    .
    - - End Of File - - 976339FA3B838615FF2D7549FCA70D18


    Nogmaals bedankt!

  • We gaan nu een volledige scan doen.
    Er is al een hoop troep verwijderd, ik neem aan dat dit al merkbaar is.

    [b:06536fc18b]Welk programma[/b:06536fc18b]:
  • Er is inderdaad al veel verwijderd. Hopelijk vliegt de resterende troep ook snel van de baan.
    Hier het logbestand:


    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 6-2-2013 14:03:48

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, Q:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 6-2-2013 14:05:20

    C:\Program Files (x86)\DownloadManager Ontdekt: Trace.File.MediaPipe (A)

    Gescand 462670
    Gevonden 1

    Scan geëindigd: 6-2-2013 15:13:46
    Scantijd: 1:08:26

    C:\Program Files (x86)\DownloadManager Verwijderd Trace.File.MediaPipe (A)

    Verwijderd 1

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.