frank12444

het gaat hardstikke goed! hij is weer supersnel, een enkele keer hapert hij nog, maar dat is meestal op vrij grote sites als meteotines en startpagina maar dat is ook wel het enigste, en als het zo blijft zijn we zeer tevreden! nogmaals hardstikke bedankt voor uw supersnelle en profesionele hulp!

ComboFix 12-06-23.05 - Adrie 23-06-2012 14:59:27.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.545 [GMT 2:00] Gestart vanuit: c:\documents and settings\Adrie\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Adrie\Bureaublad\CFScript.txt AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . FILE :: "c:\windows\System32\XDva031.sys" "c:\windows\system32\XDva039.sys" "c:\windows\system32\XDva068.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_XDVA031 -------\Legacy_XDVA039 -------\Legacy_XDVA068 -------\Service_mailKmd -------\Service_XDva031 -------\Service_XDva039 -------\Service_XDva068 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))) . . 2012-06-23 10:34 . 2012-06-23 10:34 -------- d-----w- c:\documents and settings\All Users\Favorieten 2012-06-22 13:36 . 2012-06-22 13:36 1409 ----a-w- c:\windows\QTFont.for 2012-06-22 12:59 . 2012-06-22 12:59 388096 ----a-r- c:\documents and settings\Adrie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-22 12:59 . 2012-06-22 12:59 -------- d-----w- c:\program files\Trend Micro 2012-06-20 14:31 . 2012-06-23 12:52 -------- d--h--r- c:\documents and settings\Adrie\Onlangs geopend 2012-06-09 11:29 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2012-06-09 11:26 . 2012-06-09 11:27 -------- d-----w- c:\program files\Defraggler 2012-06-09 11:24 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\Adrie\Local Settings\Application Data\Temp 2012-06-08 19:30 . 2012-06-08 19:30 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Search 2012-06-08 11:19 . 2012-06-08 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2012-06-08 11:18 . 2012-06-08 18:40 -------- d-----w- c:\documents and settings\Adrie\Application Data\IObit 2012-05-31 07:20 . 2012-05-31 07:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-25 10:29 . 2012-05-25 10:29 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Desktop Search 2012-05-25 10:28 . 2012-05-25 10:28 -------- d-----w- c:\program files\Windows Desktop Search 2012-05-25 10:25 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2012-05-25 10:25 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2012-05-25 10:25 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 09:17 . 2009-10-07 10:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-05-31 13:22 . 2003-12-29 16:10 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-31 07:20 . 2011-05-20 08:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-22 17:05 . 2012-05-22 15:39 14664 ----a-w- c:\windows\stinger.sys 2012-05-22 15:54 . 2012-05-22 15:54 159608 ----a-w- c:\windows\system32\mfevtps.exe.c775.deleteme 2012-05-22 15:38 . 2012-05-22 15:38 159608 ----a-w- c:\windows\system32\mfevtps.exe.55ec.deleteme 2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2002-09-09 13:17 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2003-12-28 22:02 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 13:56 . 2010-08-12 11:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-23_11.23.20 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-23 13:19 . 2012-06-23 13:19 16384 c:\windows\Temp\Perflib_Perfdata_104.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRISMSTA.EXE"="PRISMSTA.EXE START" [X] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-10-03 40960] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-09-12 65536] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2006-12-13 360448] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-03-28 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 54784] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKLM\~\startupfolder\C:^Documents and Settings^Adrie^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] backup=c:\windows\pss\Google Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ImageFox.lnk] backup=c:\windows\pss\ImageFox.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk] backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk] backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^REALTEK RTL8187 Wireless LAN Utility.lnk] backup=c:\windows\pss\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^UltraMon.lnk] backup=c:\windows\pss\UltraMon.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSEMOUSE2] 2006-12-13 14:48 550400 ----a-w- c:\program files\Browser MOUSE\R2M.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 16:34 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-02-16 14:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] 2003-05-12 13:28 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] 2003-06-25 09:53 204800 ----a-w- c:\program files\Launch Manager\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 15:54 127022 -c--a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-03-09 13:29 7561216 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-03-09 13:29 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-03-09 13:29 1519616 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-01-29 17:12 57344 ----a-w- c:\program files\Home Cinema\PowerCinema\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] 2003-11-10 15:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\powerman] 2003-12-23 19:48 126976 ----a-w- c:\windows\system32\powerman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-03-28 21:37 413696 ----a-w- c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-09-29 14:00 155648 -c--a-w- c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2003-11-20 15:18 499712 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2003-11-20 15:19 98304 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] 2008-02-07 10:00 90112 -c--a-w- c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"= "c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "h:\\program files\\redalert3\\Data\\ra3_1.0.game"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9068:TCP"= 9068:TCP:BitComet 9068 TCP "9068:UDP"= 9068:UDP:BitComet 9068 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6-1-2008 13:16 715248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 8:23 108792] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6-12-2007 22:03 660768] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-7-2011 15:45 38144] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11-9-2009 8:24 735960] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 19:29 53248] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23-12-2008 17:35 50704] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14-9-2008 17:32 10496] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [16-10-2003 2:15 364320] S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [30-12-2006 20:45 15104] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 19:27 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 19:41 77824] S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [27-5-2009 14:53 223232] S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [9-7-2009 12:51 7888] S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt --> k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4-9-2009 18:56 1527900] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4-9-2008 19:32 47360] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6-7-2011 15:45 332928] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [4-1-2009 18:08 98488] S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [25-3-2011 15:42 384752] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append Link Target to Existing PDF IE: Download All Files by HiDownload IE: Download by HiDownload TCP: DhcpNameServer = 192.168.178.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Adrie\Application Data\Mozilla\Firefox\Profiles\x7qbfdgj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */ FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1339045178 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1339045178 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1339045178 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1338454994 FF - user.js: app.update.lastUpdateTime.restart-nag-timer - 1225570569 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1339045179 FF - user.js: browser.anchor_color - #0000FF FF - user.js: browser.display.background_color - #C0C0C0 FF - user.js: browser.display.use_system_colors - true FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\Adrie\\Mijn documenten\\Mijn afbeeldingen FF - user.js: browser.download.manager.alertOnEXEOpen - true FF - user.js: browser.download.save_converter_index - 0 FF - user.js: browser.fixup.alternate.enabled - false FF - user.js: browser.history_expire_days - 20 FF - user.js: browser.migration.version - 1 FF - user.js: browser.places.importBookmarksHTML - false FF - user.js: browser.places.importDefaults - false FF - user.js: browser.places.leftPaneFolderId - -1 FF - user.js: browser.places.migratePostDataAnnotations - false FF - user.js: browser.places.smartBookmarksVersion - 1 FF - user.js: browser.places.updateRecentTagsUri - false FF - user.js: browser.preferences.advanced.selectedTabIndex - 0 FF - user.js: browser.rights.3.shown - true FF - user.js: browser.search.defaultenginename - Google FF - user.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: browser.startup.homepage - hxxp://www.startpagina.nl FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.0.14 FF - user.js: browser.visited_color - #800080 FF - user.js: distribution.google-cjk.bookmarksProcessed - true FF - user.js: extensions.enabledItems - {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - user.js: extensions.lastAppVersion - 3.0.14 FF - user.js: extensions.mozilla.metrics.event-count - 0 FF - user.js: extensions.update.notifyUser - false FF - user.js: flashgot.custom.Retriever.maxLinks - 10 FF - user.js: flashgot.defaultDM - BitComet FF - user.js: flashgot.detect.cache - (Interne downloadbeheerder),HiDownload,BitComet FF - user.js: flashgot.dmchoice - false FF - user.js: flashgot.version - 1.1.8.7 FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729) FF - user.js: google.toolbar.auto_page_translate.rules.blacklist - nl FF - user.js: google.toolbar.auto_page_translate.rules.whitelist - FF - user.js: google.toolbar.button_option.cached.gtbCountrySearch - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbCountrySearch\ tooltip=\gtbMultilineTooltip\ label=\Nederland\ fullText=\Nederland\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbFeelingLucky - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbFeelingLucky\ tooltip=\gtbMultilineTooltip\ label=\Ik doe een gok\ fullText=\Ik doe een gok\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchBlogs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBlogs\ tooltip=\gtbMultilineTooltip\ label=\Zoeken in blogs met Google\ fullText=\Zoeken in blogs met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAYBJREFUeNqUkjtOA0EMhr1LRDYUtCCliKiQ4AB0CIkLQIkENHCgiAMgIeAAiANQ86iQoEcUqSkSsrvjMX7MLLME8bBi2Zkdf/49MxkRwcndMU0QYeLYMXH97yH9Ng756PAmA7Z8eHtEpfdQewIkc07NQSKZg0X+cQaweLopATpClaKKKyry4Dh3lMJmgaKaFBMA8rFmFaKkUjWmyPk2DIMS5P1o9QLwSnVBQYUJiMRJYwS5ZFQDODRA8CpRImNFNRKjItcCoAGwAVAzTonfQHSfqVbAmBUQRABwFyuKSspUUVAosHAEpkBOFQGaGWvdLOdBbUBy3dE6ktpVQjNGPNB0lAiSNbEizzVm+f4a7e6t6gMZTafwVjuFSKflogvzeWY3odfqG+mP16+A509ZJvLnDtZ1fWNnwJBSFfR7BdxfvYD0kZ72Aj+l08WzPmUFRFu53KZ3ljtY6MEDF0sH+MXyrwv9XvfPxTO2dLZFciYU3jvnP+5P1ZucfxRHwIcAAwAX2fYcgJ+EGwAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchBooks - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBooks\ tooltip=\gtbMultilineTooltip\ label=\Zoeken naar boeken met Google\ fullText=\Zoeken naar boeken met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAiNJREFUeNp0kztvE0EUhc/Ya5uEFCsiiJQiwjJIiAaLAkSFRUPrAgpqfgBQUSL/gkBBDRJFCpB4SBFNikAVCRE5giISTmQkjCP8iNfG6915MjO7fuKMdKTdO3O/e+beXXJzSxXWs/U8gAda57VKWk+v5lY7mFi7B7/N3hOt4iBkL299WHsfPMY20QB1xhG4d7aDC6fo8LxJfmZA8ftDU4AL6W5WM3jxLYUjL0BYWiGO2W3zJJ7Xl5HLUNx2e7i4SN242hWtgpTK/dpI4tX+Asq1EIzqQioiO8OSSgf2+2l895ZxbWmAG66PS0u0uNdO4u2hg51fCjTwIQVGyRYgRPQuJWCeOQc+Nxew8amOQesYK+kuFnOXIZiwRZScykeCMWhLWiySAXANCrwuglYDYevIwodSk9nGAWVR0EiYQyICKGNHMhDJpwByHsB4MhvDQyYXgoMIaiE2Fmt2OSxuqJoBKE5BeADi0Cgu/rc/vkIMUEOAqcRDENbXgMAC51WfuoKauQaoD0J7IKnIwUnLCX3dKCc1auQY0Eci9EAyBGpepm6uHWN752PHr/20I6TxKBmPHUg2t6r0/oAe7Np/JaGblfV/fCn9LW+BHjfsCE+yrPwuWHUPvF4p6SllTYyMdu+8Nn/besJdLTpreSTLG0CzgnNuGvL6fdQqh5C95jt95hHe3K1Gn7+aAIxBBQvig7y5ZzqVQEBOl+PE7SlHGvBPgAEAhIhYJbvKryMAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchCalendar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchCalendar\ tooltip=\gtbMultilineTooltip\ label=\Google Agenda\ fullText=\Google Agenda\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAldJREFUeNp8U01oU0EQ/t4zeU00iWLxr2nFXlSohyCkrTcv6kH0VAVPiiBeBfHmoUfBn4NHEQTxZKugN0FQNFiEgBfbElQkmor2x6bv2TQvb3fH2d2X0ODPwDCbt/N9M9/sxCEipK4pgpIgdsiIXYBky5xJcBQhR+uImiB2df+YAzbXgElBfXsLURqH+l4Gf4Ax0tE6LVdAlQeglQ/myjnzxCS5ujKUwoa5F1CLM5xQhSbUboiYRHeJxg9QUIW39tkSky2SMG1zcqZ4Ef37D+JnuoAgVIbUkJO9zw2OonfPdiyG29DyQ1tEExjNXCmQPfCTh4CWYCDPQAPj7nQMGoAv8ka/BVObQMStKgz1ClwoNJHPCLypEm6VWAaTjfYrDPc5mHynUFtSdtgdCXraZmAKp/f+wtHdLdQbLVwa8fCFk7NJhauHHUjpYuojobYgbGexuUYCPxVxvPEqwsjtOm5yVJyUz0hMfQowUa7zb9sNccdt/bYD/c7xtH1KoHo5Z6au/dl0gJl5F5PTCZw4oCyYSdYbdxB2LcqpO1XcLS2ZiueKPXaZ2IWUJra1dwgoCjvbdmQwgu/uwMRsmjUr7Mooc0ci4lnrTe0GxxLC+EUUzhaSGB5wjURd8d7rBT7omTlQ9CfYbKR7/iW11za/cRXFnWvIplw8n13FXCNnNGc9iX2b66isbOElcztgejjmJBB6INc3BLW6g9pyyr6z2sTfIpOoQeX5rd2VKW0l9PmP4Q2NQbaXY92W/cuSSQ/N94/4dJyJGDRw8sr/EX+xr0+vm7/zbwEGAAc7ldeFiLAmAAAAAElFTkSuQmCC\ hassend=\true\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton> FF - user.js: google.toolbar.button_option.cached.gtbSearchDocs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchDocs\ tooltip=\gtbMultilineTooltip\ label=\Google Documenten\ fullText=\Google Documenten\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAfxJREFUeNqEU8tOFEEUPcXMIII6gisxkogkGk0gceUs3bHgB4wkfAD/IIlbl/yBBj/ApTEhIS5MXBAzhhiBlTIsZoQZm+7pqdf1VlV3T08YY3Vu30pVnXNPnaoSRIS8vW6CzhRwJkP0uD93BVi7Dazfh8jXCRG6DlvNB7cPQJK5tAWMyxwp95s9oMLzFQI9XwokDpiTTOQEkQaOv+3jYPc94iSBZLDKwqlppcC7IwzlZq0gcHK/f97F8dcvqHZb6JugYMDRVYGgTJJvvSA450X1Rw3MP1xBdOMOYiaIWZUj6rGcVn9IslNSUnjgZFYfNCCXgFMG/WHCCyaQ2uBXfIFuPIGalRwKkzrBUfsWbTXqQuRSnn0EObmpq8wRMUGfHTVawqoBrB74bFTIc5NAe/OxKBR0BmwYBYLEhMrWKAbKLGvOGpRFx+2vvIWODEeorYW1AUweJD0JcSbNY26c5y95kEieIMuTHMZwVr6S9SCZKZFeBUqnWRAYmWLqpIna+QmixaewlZqv5mVrlSlhY7jI2HtgZR/Xfuyh3mpiWbTZqDSYlxs4BjyqgAG9hSdYnJY4pBnvtjfMar8lXL6EowRXSSKaXcCe8yF2fphgFo0H3pyqjRJc//QG91Y3PMB9/yhYtN8f3vJ/GaL8nO++ePkf2LD93Hnln+NfAQYAumFzRInKlVsAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchGroups - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchGroups\ tooltip=\gtbMultilineTooltip\ label=\Google Discussiegroepen\ fullText=\Google Discussiegroepen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchImages - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchImages\ tooltip=\gtbMultilineTooltip\ label=\Google Afbeeldingen\ fullText=\Google Afbeeldingen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchLocal - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchLocal\ tooltip=\gtbMultilineTooltip\ label=\Google Maps\ fullText=\Google Maps\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchNews - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchNews\ tooltip=\gtbMultilineTooltip\ label=\Google Nieuws\ fullText=\Google Nieuws\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbGadgetButtonWithSeparateMenu\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchPhotos - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchPhotos\ tooltip=\gtbMultilineTooltip\ label=\Picasa Webalbums\ fullText=\Picasa Webalbums\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAt9JREFUeNpcU01ME0EU/rbdtvzTghWKFCPhRyQShaiRHz2YeECTwsnEgx48wQkTMJwkHIwHOaAXPBhvJkZjQAU5eCLBkyYmBYuJRiihECgtULptd2d3xzdbStCXvMzs5H0/782shCORTsXcnPMRnWkD+C90XR3nJh8tP167mzujWki5j0w63sM0dVLspcVvMKKbYEuL4P5a8NaLQFmZVSdB6vVW1k/9Q3AITnJoW8twvH4GlspAVzJglGrnNfh6KqHKzWCSVwB7K3yNU4LAlla23QLM4xyxl2vYeW9D6spdGDYZpm6CGyZJAQ4WROn+Y8j6CiRJmtyIhNxC3CZ6Fpv42wipaqSoIT5fAPN6H4yiEpjMADeJiG1AyiyhZHc4NwALZzMMfSC9kIQaI8tUbBiGRbL50wbnENX4TmRd6FHKCOxqEPLeG9hlhzVo2ZrBugLGmKVkUDH3SzgWqIBcXIjC4YfgUQIbnykZKUvQk6tAadaILAaRXlNIncE0qdk6O6punYTT6SSXpFxQgMIaP3gkH1wrBkw7SpxhJA5uzyYm5KhxkQMdyoV8fOlqIrDDAgvywzXtgZmspPRhR20lp3rWQWI/Aaffhc3LxRh1n4MzrOB2jUq0/ICAW60lHR2QmFPcADL5TTBT6SzBysofNJ85i/FYNULbHC0uDV9jQUyvzyFFA02Ssz2dIanRbbA8NLh8eFTRiuVwGLV1RBBc+IH6ugYMnOKYX8+jFlWE9sKYi4ag6AYSOhFoDEwjOVXCvfNXIUYlcB2d3bD19Q1J7yYn0e7leNW2g2pysE+gjYyKLVWlfrPgIjMPT1vuoLvxEj7OfILAWU9b9ChiYuIJ7w0E6G1zfN/+jee/ZrGqxFDl8KC9/DS6/W3wFnnwYXrGAlO9WLPvQMTBocUWuHkDL7rui9dm3YKqaaQ6e1h39C+VxVRzLhQl5RkcHNnNER0NARwbG3UfuEV//wPLwV8BBgAilqQLWMIqvAAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchScholar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchScholar\ tooltip=\gtbMultilineTooltip\ label=\Wetenschap\ fullText=\Wetenschap\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////4yMjP9OV1r/PktM/7W1tf////////////////////////////////////////////////////////////////8hJCj/ZL72/1Oezf9ra2v/////////////////////////////////////////////////////////////////SkpK/1Oi1f9Dhqz/lJSU/////////////////97e3v/39/f//////////////////////////////////////4yMjP9Lkrz/MmqM/+fn5////////////56Zl/+QQTD/bktF/8bHxv////////////////////////////////+cnJz/Q4a0/ylVa//Nzc3/kIyM/3dHPv/eXDn//2xC//9sQv+tTDH/hGRb/5eXl/+1tbX/3t7e////////////ra2t/0OGrP9LboT/lC8h/95UMf/3XDn//2xC//9sQv//bEL//2xC//dgOf/GRDH/czAh/5SUlP///////////97e3v9Afpj/X3mH/3ssGP/nUDH/91g5/7VMMf+cQCn/nDsp/61IKf/3WDH/71Ax/0oYEP/n5+f////////////39/f/GDhS/21vcv8wHxf/nDMh/5wzIf/eTDH//1Q5//9UOf/nTDH/pTch/4wrGP9EJh//////////////////jIyM/zFJWv9SLCn/zkQx//9UOf//VDn//1Q5//9UOf//VDn//1Q5//9UOf//VDn/pTMh/0w3Mf+xsLH//v7+/z4fF//GQCn/xkxC/71QSv+cREL/pURC/3swMf9rJBj/vUAp//9UOf//VDn//1Q5//9UOf//UDn/ShgQ/zAzMP/v7+//jIyM/2ZBN/+MKyH/70wx//9UOf//VDn/xkAp/85EMf//VDn//1Q5/95IMf97KBj/Nh8Y/4SGhP/n5+f/////////////////xsbG/1dVUv9wJx//xkAp//9QOf/GOyn/cyQY/1IzMP9zc3P/xsbG////////////////////////////////////////////5+fn/4SEhP82LCn/e3t7/97e3v//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchSite - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchSite\ tooltip=\gtbMultilineTooltip\ label=\Site doorzoeken\ fullText=\Site doorzoeken\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchVideo - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchVideo\ tooltip=\gtbMultilineTooltip\ label=\Google Video\ fullText=\Google Video\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAghJREFUeNpsksFrE0EUxr83M7ubpkK0tLYB9VArUolHvfUgvXn3Ih79Q/wL/AMURNSrQs8eBEF67E3sIbSUpralIDQsscnOjO/NzCZd6ZKXmd2d7zff93bIe4/tr8f+sF/i90GJvKXRe7QAbQhyfdsaYH93iLVeBxtPu+HZqKzw4fUu3n/fJPr8tu/zQoUX5bDCYL+EQNcedKaQnR9n2Ps1xK3VeTx+cjM8G/+1+PJuD3p9+cWrG4sFslxBQNoonByOcHo0wlK3BaUJ3TvtAO//PMf5nzFu370W1t172AE9v//Ri7g9b1BfsngydijmNObaevr8ZDAK7hYWWxw1ujbLvdWwuxG7RHDWoc3iauK5XCiBTXgsVuL87ILHIb/juZEFznlMSACA57nc20rKwVq+ryu986kcuzFC1JyTYr/YIuJCFohYNqgh9j8Q+Bcd2CZActYCcVKJEx5d1QQpRdGBUhKfmoDaRTWDXAbJuoy/2hUA34hxGRJANkaSMxKaL52k8EVijBowbaaNO4Z+iAP+OnI25MTm0YFlQNxd/n0dw/mmi+REcou44DJZikDpE14JSBDvEGznRRRnWTpI7oLzKhfVwKwPLkIEJhGlYSIOtpMYrDVHfgvr158F0QwQR4mmpUxdKkSQzTS73j7+BBJhb+XlTJ2aQampYc4TcUFoXjsHb+ifAAMAoBeO3DWt6ZQAAAAASUVORK5CYII=\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton> FF - user.js: google.toolbar.button_option.cached.gtbSearchWebhistory - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchWebhistory\ tooltip=\gtbMultilineTooltip\ label=\Webgeschiedenis\ fullText=\Webgeschiedenis\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml\ tooltip=\gtbMultilineTooltip\ label=\Gmail\ fullText=\Gmail\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg42v84ONr/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/ODja/zg42v84ONr/ODja/+Li////////////////////////////////////////////////////////4uL//zg42v84ONr/ODja/zg42v+np/n/4uL/////////////////////////////////////////////4uL//6en+f84ONr/ODja/zg42v84ONr/4uL//6en+f/i4v////////////+BgfL/gYHy////////////4uL//6en+f/i4v//ODja/zg42v84ONr/ODja///////i4v//p6f5/7a2//+BgfL/Wlrp/1pa6f+BgfL/trb//6en+f/i4v///////zg42v84ONr/ODja/zg42v///////////7a2//+BgfL/Wlrp/zg42v84ONr/Wlrp/4GB8v+2tv////////////84ONr/ODja/zg42v84ONr///////////+BgfL/Wlrp/zg42v+2tv//trb//zg42v9aWun/gYHy////////////ODja/zg42v84ONr/ODja//////+BgfL/Wlrp/zg42v+2tv////////////+2tv//ODja/1pa6f+BgfL//////zg42v84ONr/ODja/zg42v+BgfL/Wlrp/zg42v+2tv///////////////////////7a2//84ONr/Wlrp/4GB8v84ONr/ODja/zg42v84ONr/ODja/zg42v+2tv//////////////////////////////////trb//zg42v84ONr/ODja/zg42v84ONr/ODja/zg42v+BgfL/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+BgfL/ODja/zg42v84ONr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AAD//wAA//8AAA==\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton> FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml\ tooltip=\gtbMultilineTooltip\ label=\Knoppenlijstj\ fullText=\Knoppenlijstj\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAcNJREFUeNpsU7tOAzEQXF8uCgLCQ+IHkICa74ACISEaOh4SNeIXqGmgA0o+AAlqhBDiG6CkoQHEI+Tu/FhmbcdJjlia2+TsnZ0d7ykaWMzs49Y98XtFJHgDPiqmtw2lZE+FkM5ngwSyuf9IbMBje8B7B7QvuzyY3FtZ/UWB02UECpNGdM5JORq1Mq5tdAxR1waiArGSXBAwWxrVbi6P3QdmqfiLMz8m4DcSVVYkGGJraezslZ0uyOnSd+wfm3fg5lBJEoTkG8nfmugLZmitkV8iqfKJnsD/Bw6XVS5O29hrEVV0ogpjLCqbCI1WEJ0NYBdakGtyQsDBOFHRRWULyc5UHmz0MAl+90xNBCaqMJIoFaxI1yFGJDXOJTPz6aajT5A0ieGopR9fuS/bJ0NFA5XHc4eZQKU8o5lWHq6xON2jSSqprQqgosyWwSSPfgsZa5oGwUwrJDevjsPwyX0ure6kYXhZPwomeakmSDdBzcLtSZL+dH2u0hz07lQWromT07Fn55Jp/2Y5q8/3/ATTbG5pKjM01UBsMs2NNWhhtjV0DqppJOPiyjabtQOqj3jsWT3fXAyNsxo134Oe1Huuf85/AgwABNSAmdF/QsEAAAAASUVORK5CYII=\ type=\menu\ class=\gtb-custombutton gtbHelperIcon gtbWholeMenuGadgetButton\/> FF - user.js: google.toolbar.button_option.cached.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml\ tooltip=\gtbMultilineTooltip\ label=\Google Earth\ fullText=\Google Earth\ image=\data:image/x-icon;base64,R0lGODlhEAAQAPfDAA40ViRReM7q/c7h8hA6XxM/ZjpUbDpVbgUrTB88VqSuuBJNgQw5YRVOgS+BwlNpfQ8yUhhJdRxMdgkvUqy7ytHd59Xe5Nfe5UZjfiZoojlad0FhfvD095umsSNln32SpU9meytzsCJzummCmCZmnUqp7CBWh7S+x6S+1RY8X3SJm0FedzqGxp2tupams2d5iRYzTRRYlD6V1i54uKSwuxw7V2F1hkRbb4merx5SgImaqU1tih08WV638vv7/Mzd66i1wZKjsiJAWwcpRwc3YwAkSDJijEODvG+ZvszU3AYqSqS1xNHo94Cqzm6p2hpFbDuX2yiByV1/nVN0kVOGsmOBmwYpSCJai2at41mv6nWv4B1ioSRnoqvM6O/y9dzs+dzi6DRcfjWS1xMzUCdqpVBpgCpyrypspn6QnxVQhg8zVF6HrIOVpTxbdx5RfWqJpqu8zC+CxCVkm/Hz9Qo0WSZWgRQ6Wyt5uziR05mxxz1cdx9dlTJzrk5pgDWFyh5Jb5Souc3b5vn6+3ms2TZXdFt3j4mZp0qBswErUFam4aazvoGmxdDb5GuBlR5vt4+hsGCUwiNglhI/aS9kk3mRpp650B1OelBofaexvPX4/JilsGeIpEVccFd+oZ2uvofM9hhBZR5VhxhQgqvA0tHZ36G91wsqR/z8/C9/wCZtrGyFmwsqRihspxE5XKne/TthgqOzwaa0waKywdDi8wkrSltugTVfhHqYtBdQhOfs70llfXKGl+34/pajryx2tT9ffS58vBIvSf///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAMMALAAAAAAQABAAAAj8AIcJFDjq1psqqoAMXDgMxZZUkEoFshBrhSKGSI4McuLH0Zk1jASpQDOwUpNMwoR90SIihhsKwnbREEhlFhNeKYV14bPgTxIfBoblOcQi0SdXAlL+mESE0JwTmDp5uCMjS48SWAYIqxAGkS5DNupEMhMHDxQxUWYs4pBLQxFanAKYIBECmANUvriksSWLVCMhN6ZEaLAnAysycq5YKkCnjY4HtQC92mREFK5QOSQ8AZVCjZVVCobtEOYFjpQAkhgQaAUAwphgAnF4SnnqwhJKhTD0OQCjw8ARsMBs+PWhRRA2lxK8YPhIjx0AExAoGWJKE8OBLsrwqAGiF8OAADs=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.gtbAutoFill - true FF - user.js: google.toolbar.button_option.gtbBookmarks - true FF - user.js: google.toolbar.button_option.gtbSearchBookmarks - true FF - user.js: google.toolbar.button_option.gtbSearchGoogle - true FF - user.js: google.toolbar.button_option.gtbSidewiki - false FF - user.js: google.toolbar.button_option.gtbSpellCheck - false FF - user.js: google.toolbar.button_option.gtbTranslate - true FF - user.js: google.toolbar.button_option.gtbTranslateMenu - false FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - true FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml.feedUpdate - 1339045199 FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - true FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml.feedUpdate - 1339054058 FF - user.js: google.toolbar.button_option.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - true FF - user.js: google.toolbar.component.bundled.dictionaries_config.json - 7.1.20110512 FF - user.js: google.toolbar.component.bundled.share_providers.json - 7.1.20110512 FF - user.js: google.toolbar.component.bundled.suggest_window.html - 7.1.20110512 FF - user.js: google.toolbar.custombuttons.list - gtbSearchImages,gtbCountrySearch,gtbSearchLocal,gtbSearchSite,gtbSearchNews,gtbSearchVideo,gtbSearchWebhistory,gtbFeelingLucky,gtbSearchGroups,gtbSearchBlogs,gtbSearchBooks,gtbSearchCalendar,gtbSearchDocs,gtbSearchPhotos,gtbSearchScholar,gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml,gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml,gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml FF - user.js: google.toolbar.custombuttons.migrated - true FF - user.js: google.toolbar.custombuttons.order.migrated.to.v6 - false FF - user.js: google.toolbar.custombuttons.version - 1 FF - user.js: google.toolbar.done_page_shown - AU_3.1.20081010 FF - user.js: google.toolbar.enhanced_features.week - -1 FF - user.js: google.toolbar.firstrun.done - true FF - user.js: google.toolbar.google_home - www.google.nl FF - user.js: google.toolbar.google_home.default - www.google.nl FF - user.js: google.toolbar.install_id - qeoEXlA1Y819UJ5vx9pOZH7VzwuiGy5koK1eMpyEoHPs FF - user.js: google.toolbar.install_ping_acked - true FF - user.js: google.toolbar.last_ping_attempt - 1338967666101 FF - user.js: google.toolbar.never_show_done_page - false FF - user.js: google.toolbar.opted_into_advanced_features_1 - true FF - user.js: google.toolbar.rlz - 1B3GGGL_nlNL247NL255 FF - user.js: google.toolbar.safebrowsing.keyupdatetime - 1339130996 FF - user.js: google.toolbar.search-icon - data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97h0f9JeBz/NHoA/z98Av9AfAD/PHsA/0F6AP8AAAAA/vz7/1+33/8Mp+z/FrHw/xWy8f8bs/T/Hqrx/3zE7v////7/t8qp/zF2A/87gwH/P4ID/z59AP8+egD/Q3kA/97s8v8botj/ELn3/wy58f8PtfL/D7Lw/xuz9P8vq+f/8/n///779v9KhR3/OYYA/0GFAv88hgD/QIAC/z17AP/0+/j/N6bM/wC07/8Cxf7/CsP7/wm+9v8Aqur/SrDb//7+/v///P7/VZEl/zSJAP87jQD/PYYA/0OBBf8+fQH///3//9Dp8/84sM7/CrDf/wC14/8CruL/KqnW/9ns8f/8/v//4OjX/z+GDf85kAD/PIwD/z2JAv8+hQD/PoEA/9C7pv/97uv////+/9Xw+v+w3ej/ls/e/+rz9///////+/z6/22mSf8qjQH/OJMA/zuQAP85iwL/PIgA/zyFAP+OSSL/nV44/7J+Vv/AkG7/7trP//7//f/9//7/6/Lr/2uoRv8tjQH/PJYA/zuTAP87kwD/PY8A/z2KAP89hAD/olkn/6RVHP+eSgj/mEgR//Ho3//+/v7/5Ozh/1GaJv8tlAD/OZcC/zuXAv84lAD/O5IC/z2PAf89iwL/OIkA/6hWFf+cTxD/pm9C/76ihP/8/v//+////8nav/8fdwL/NZsA/zeZAP83mgD/PJQB/zyUAf84jwD/PYsB/z6HAf+fXif/1r6s//79///58u//3r+g/+3i2v/+//3/mbiF/yyCAP87mgP/OpgD/zeWAP85lgD/OpEB/z+TAP9ChwH/7eHb/////v/28ej/tWwo/7tUAP+5XQ7/5M+5/////v+bsZn/IHAd/zeVAP89lgP/O5MA/zaJCf8tZTr/DyuK//3////9////0qmC/7lTAP/KZAT/vVgC/8iQWf/+//3///j//ygpx/8GGcL/ESax/xEgtv8FEMz/AALh/wAB1f///f7///z//758O//GXQL/yGYC/8RaAv/Ojlf/+/////////9QU93/BAD0/wAB//8DAP3/AAHz/wAA5f8DAtr///////v7+/+2bCT/yGMA/89mAP/BWQD/0q+D///+/////P7/Rkbg/wEA+f8AA/z/AQH5/wMA8P8AAev/AADf///7/P////7/uINQ/7lXAP/MYwL/vGIO//Lm3P/8/v//1dT2/woM5/8AAP3/AwH+/wAB/f8AAfb/BADs/wAC4P8AAAAA//z7/+LbzP+mXyD/oUwE/9Gshv/8//3/7/H5/zo/w/8AAdX/AgL6/wAA/f8CAP3/AAH2/wAA7v8AAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAA== FF - user.js: google.toolbar.searchdomaincheck.done - true FF - user.js: google.toolbar.spell_check.dictionary.words2 - FF - user.js: google.toolbar.spell_check.lang - nl FF - user.js: google.toolbar.spell_check.last_lang - nl FF - user.js: google.toolbar.translate.target_lang - nl FF - user.js: google.toolbar.translate.updateFlag - true FF - user.js: google.toolbar.usage_stats.default - false FF - user.js: intl.accept_languages - nl FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, ISO-8859-9, UTF-8, ISO-8859-15 FF - user.js: metrics.event-count - 0 FF - user.js: microsoft.CLR.auto_install - false FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.http.proxy.version - 1.0 FF - user.js: pref.advanced.javascript.disable_button.advanced - false FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false FF - user.js: pref.browser.homepage.disable_button.current_page - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: spellchecker.dictionary - nl FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1339166194 FF - user.js: urlclassifier.tableversion.goog-black-enchash - 1.62997 FF - user.js: urlclassifier.tableversion.goog-black-url - 1.25401 FF - user.js: urlclassifier.tableversion.goog-white-domain - 1.493 FF - user.js: urlclassifier.tableversion.goog-white-url - 1.371 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-23 15:21 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@?`??????w???w???????w???w;??w?r@????? ???????????????d???????????????????????4????????$?w???????????sI??s???s@????????????a?wx??st???????B-?s???????????????s???s?????n?w????Y??sL;??D??s??@??4@?X;????????? LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????\??? ??|h??|????a??|Nj?w?j?w????????0??? ???????????????d??????|????????p????u@????????????????s???????s???sx??s@?????????????}|h??st??????????s?????????????????C?sc"?sx??s??????:~??@?N'?s?;???4@? ;????????? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver] "ImagePath"="\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\SecuROM\License information*] "datasecu"=hex:02,bd,4e,ee,17,04,52,9b,f9,e0,34,2e,47,f2,ac,2b,be,74,fc,78,f1, 0f,68,25,1f,74,40,11,98,ab,a4,9b,a0,e2,aa,62,4b,e1,0d,6a,c8,ae,af,6e,45,70,\ "rkeysecu"=hex:67,68,7a,37,96,63,29,84,de,3d,d0,37,0e,0f,6d,63 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(1516) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Browser MOUSE\MOUDL32A.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\PRISMSTA.EXE c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Voltooingstijd: 2012-06-23 15:32:23 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-23 13:32 ComboFix2.txt 2012-06-23 11:36 . Pre-Run: 5.903.589.376 bytes beschikbaar Post-Run: 5.891.608.576 bytes beschikbaar . - - End Of File - - C8FAFD7A9CCA32FEF51D0322B87D6F65

het lijkt vooralsnog dat hij een heel stuk sneller is (heb 2 webpaginas bekeken binnen 10seconde!!!). ComboFix 12-06-23.05 - Adrie 23-06-2012 12:58:43.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.468 [GMT 2:00] Gestart vanuit: c:\documents and settings\Adrie\Bureaublad\ComboFix.exe AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ADS - system32: deleted 12 bytes in 1 streams. . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Adrie\Application Data\ACD Systems\ACDSee\ImageDB.ddf c:\documents and settings\Adrie\Application Data\inst.exe c:\documents and settings\Adrie\Application Data\SQLite3.dll c:\documents and settings\Adrie\Application Data\vso_ts_preview.xml c:\documents and settings\Adrie\WINDOWS c:\documents and settings\All Users\Application Data\TEMP C:\Documents C:\option.ini c:\windows\CRES1100.EXE c:\windows\help\wmplayer.bak c:\windows\IsUn0413.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\install c:\windows\system32\SET5C.tmp c:\windows\system32\SET61.tmp c:\windows\system32\SET68.tmp c:\windows\system32\SET71.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET73.tmp c:\windows\system32\SET76.tmp c:\windows\system32\Thumbs.db c:\windows\unin0407.exe c:\windows\unin0413.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_FCI -------\Legacy_ICF -------\Legacy_ILVMONEYDRIVER53 -------\Legacy_WINRING0_1_0_1 -------\Service_IlvMoneyDRIVER53 -------\Service_WinRing0_1_0_1 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))) . . 2012-06-23 10:34 . 2012-06-23 10:34 -------- d-----w- c:\documents and settings\All Users\Favorieten 2012-06-22 13:36 . 2012-06-22 13:36 1409 ----a-w- c:\windows\QTFont.for 2012-06-22 12:59 . 2012-06-22 12:59 388096 ----a-r- c:\documents and settings\Adrie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-22 12:59 . 2012-06-22 12:59 -------- d-----w- c:\program files\Trend Micro 2012-06-20 14:31 . 2012-06-20 14:31 -------- d--h--r- c:\documents and settings\Adrie\Onlangs geopend 2012-06-09 11:29 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2012-06-09 11:26 . 2012-06-09 11:27 -------- d-----w- c:\program files\Defraggler 2012-06-09 11:24 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\Adrie\Local Settings\Application Data\Temp 2012-06-08 19:30 . 2012-06-08 19:30 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Search 2012-06-08 11:19 . 2012-06-08 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2012-06-08 11:18 . 2012-06-08 18:40 -------- d-----w- c:\documents and settings\Adrie\Application Data\IObit 2012-05-31 07:20 . 2012-05-31 07:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-25 10:29 . 2012-05-25 10:29 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Desktop Search 2012-05-25 10:28 . 2012-05-25 10:28 -------- d-----w- c:\program files\Windows Desktop Search 2012-05-25 10:25 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2012-05-25 10:25 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2012-05-25 10:25 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 09:17 . 2009-10-07 10:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-05-31 13:22 . 2003-12-29 16:10 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-31 07:20 . 2011-05-20 08:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-22 17:05 . 2012-05-22 15:39 14664 ----a-w- c:\windows\stinger.sys 2012-05-22 15:54 . 2012-05-22 15:54 159608 ----a-w- c:\windows\system32\mfevtps.exe.c775.deleteme 2012-05-22 15:38 . 2012-05-22 15:38 159608 ----a-w- c:\windows\system32\mfevtps.exe.55ec.deleteme 2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2002-09-09 13:17 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2003-12-28 22:02 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 13:56 . 2010-08-12 11:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRISMSTA.EXE"="PRISMSTA.EXE START" [X] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-10-03 40960] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-09-12 65536] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2006-12-13 360448] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360] "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-03-28 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 54784] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKLM\~\startupfolder\C:^Documents and Settings^Adrie^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] backup=c:\windows\pss\Google Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ImageFox.lnk] backup=c:\windows\pss\ImageFox.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk] backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk] backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^REALTEK RTL8187 Wireless LAN Utility.lnk] backup=c:\windows\pss\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^UltraMon.lnk] backup=c:\windows\pss\UltraMon.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSEMOUSE2] 2006-12-13 14:48 550400 ----a-w- c:\program files\Browser MOUSE\R2M.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 16:34 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-02-16 14:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] 2003-05-12 13:28 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] 2003-06-25 09:53 204800 ----a-w- c:\program files\Launch Manager\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 15:54 127022 -c--a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-03-09 13:29 7561216 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-03-09 13:29 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-03-09 13:29 1519616 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-01-29 17:12 57344 ----a-w- c:\program files\Home Cinema\PowerCinema\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] 2003-11-10 15:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\powerman] 2003-12-23 19:48 126976 ----a-w- c:\windows\system32\powerman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-03-28 21:37 413696 ----a-w- c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-09-29 14:00 155648 -c--a-w- c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2003-11-20 15:18 499712 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2003-11-20 15:19 98304 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] 2008-02-07 10:00 90112 -c--a-w- c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"= "c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "h:\\program files\\redalert3\\Data\\ra3_1.0.game"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9068:TCP"= 9068:TCP:BitComet 9068 TCP "9068:UDP"= 9068:UDP:BitComet 9068 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6-1-2008 13:16 715248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 8:23 108792] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6-12-2007 22:03 660768] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-7-2011 15:45 38144] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11-9-2009 8:24 735960] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 19:29 53248] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23-12-2008 17:35 50704] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14-9-2008 17:32 10496] R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [16-10-2003 2:15 364320] S1 mailKmd;mailKmd; [x] S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [30-12-2006 20:45 15104] S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 19:27 77824] S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 19:41 77824] S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [27-5-2009 14:53 223232] S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [9-7-2009 12:51 7888] S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt --> k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4-9-2009 18:56 1527900] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4-9-2008 19:32 47360] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6-7-2011 15:45 332928] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [4-1-2009 18:08 98488] S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [25-3-2011 15:42 384752] S3 XDva031;XDva031;\??\c:\windows\System32\XDva031.sys --> c:\windows\System32\XDva031.sys [?] S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?] S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?] . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append Link Target to Existing PDF IE: Download All Files by HiDownload IE: Download by HiDownload DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Adrie\Application Data\Mozilla\Firefox\Profiles\x7qbfdgj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */ FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1339045178 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1339045178 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1339045178 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1338454994 FF - user.js: app.update.lastUpdateTime.restart-nag-timer - 1225570569 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1339045179 FF - user.js: browser.anchor_color - #0000FF FF - user.js: browser.display.background_color - #C0C0C0 FF - user.js: browser.display.use_system_colors - true FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\Adrie\\Mijn documenten\\Mijn afbeeldingen FF - user.js: browser.download.manager.alertOnEXEOpen - true FF - user.js: browser.download.save_converter_index - 0 FF - user.js: browser.fixup.alternate.enabled - false FF - user.js: browser.history_expire_days - 20 FF - user.js: browser.migration.version - 1 FF - user.js: browser.places.importBookmarksHTML - false FF - user.js: browser.places.importDefaults - false FF - user.js: browser.places.leftPaneFolderId - -1 FF - user.js: browser.places.migratePostDataAnnotations - false FF - user.js: browser.places.smartBookmarksVersion - 1 FF - user.js: browser.places.updateRecentTagsUri - false FF - user.js: browser.preferences.advanced.selectedTabIndex - 0 FF - user.js: browser.rights.3.shown - true FF - user.js: browser.search.defaultenginename - Google FF - user.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: browser.startup.homepage - hxxp://www.startpagina.nl FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.0.14 FF - user.js: browser.visited_color - #800080 FF - user.js: distribution.google-cjk.bookmarksProcessed - true FF - user.js: extensions.enabledItems - {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - user.js: extensions.lastAppVersion - 3.0.14 FF - user.js: extensions.mozilla.metrics.event-count - 0 FF - user.js: extensions.update.notifyUser - false FF - user.js: flashgot.custom.Retriever.maxLinks - 10 FF - user.js: flashgot.defaultDM - BitComet FF - user.js: flashgot.detect.cache - (Interne downloadbeheerder),HiDownload,BitComet FF - user.js: flashgot.dmchoice - false FF - user.js: flashgot.version - 1.1.8.7 FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729) FF - user.js: google.toolbar.auto_page_translate.rules.blacklist - nl FF - user.js: google.toolbar.auto_page_translate.rules.whitelist - FF - user.js: google.toolbar.button_option.cached.gtbCountrySearch - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbCountrySearch\ tooltip=\gtbMultilineTooltip\ label=\Nederland\ fullText=\Nederland\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbFeelingLucky - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbFeelingLucky\ tooltip=\gtbMultilineTooltip\ label=\Ik doe een gok\ fullText=\Ik doe een gok\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchBlogs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBlogs\ tooltip=\gtbMultilineTooltip\ label=\Zoeken in blogs met Google\ fullText=\Zoeken in blogs met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAYBJREFUeNqUkjtOA0EMhr1LRDYUtCCliKiQ4AB0CIkLQIkENHCgiAMgIeAAiANQ86iQoEcUqSkSsrvjMX7MLLME8bBi2Zkdf/49MxkRwcndMU0QYeLYMXH97yH9Ng756PAmA7Z8eHtEpfdQewIkc07NQSKZg0X+cQaweLopATpClaKKKyry4Dh3lMJmgaKaFBMA8rFmFaKkUjWmyPk2DIMS5P1o9QLwSnVBQYUJiMRJYwS5ZFQDODRA8CpRImNFNRKjItcCoAGwAVAzTonfQHSfqVbAmBUQRABwFyuKSspUUVAosHAEpkBOFQGaGWvdLOdBbUBy3dE6ktpVQjNGPNB0lAiSNbEizzVm+f4a7e6t6gMZTafwVjuFSKflogvzeWY3odfqG+mP16+A509ZJvLnDtZ1fWNnwJBSFfR7BdxfvYD0kZ72Aj+l08WzPmUFRFu53KZ3ljtY6MEDF0sH+MXyrwv9XvfPxTO2dLZFciYU3jvnP+5P1ZucfxRHwIcAAwAX2fYcgJ+EGwAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchBooks - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBooks\ tooltip=\gtbMultilineTooltip\ label=\Zoeken naar boeken met Google\ fullText=\Zoeken naar boeken met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAiNJREFUeNp0kztvE0EUhc/Ya5uEFCsiiJQiwjJIiAaLAkSFRUPrAgpqfgBQUSL/gkBBDRJFCpB4SBFNikAVCRE5giISTmQkjCP8iNfG6915MjO7fuKMdKTdO3O/e+beXXJzSxXWs/U8gAda57VKWk+v5lY7mFi7B7/N3hOt4iBkL299WHsfPMY20QB1xhG4d7aDC6fo8LxJfmZA8ftDU4AL6W5WM3jxLYUjL0BYWiGO2W3zJJ7Xl5HLUNx2e7i4SN242hWtgpTK/dpI4tX+Asq1EIzqQioiO8OSSgf2+2l895ZxbWmAG66PS0u0uNdO4u2hg51fCjTwIQVGyRYgRPQuJWCeOQc+Nxew8amOQesYK+kuFnOXIZiwRZScykeCMWhLWiySAXANCrwuglYDYevIwodSk9nGAWVR0EiYQyICKGNHMhDJpwByHsB4MhvDQyYXgoMIaiE2Fmt2OSxuqJoBKE5BeADi0Cgu/rc/vkIMUEOAqcRDENbXgMAC51WfuoKauQaoD0J7IKnIwUnLCX3dKCc1auQY0Eci9EAyBGpepm6uHWN752PHr/20I6TxKBmPHUg2t6r0/oAe7Np/JaGblfV/fCn9LW+BHjfsCE+yrPwuWHUPvF4p6SllTYyMdu+8Nn/besJdLTpreSTLG0CzgnNuGvL6fdQqh5C95jt95hHe3K1Gn7+aAIxBBQvig7y5ZzqVQEBOl+PE7SlHGvBPgAEAhIhYJbvKryMAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchCalendar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchCalendar\ tooltip=\gtbMultilineTooltip\ label=\Google Agenda\ fullText=\Google Agenda\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAldJREFUeNp8U01oU0EQ/t4zeU00iWLxr2nFXlSohyCkrTcv6kH0VAVPiiBeBfHmoUfBn4NHEQTxZKugN0FQNFiEgBfbElQkmor2x6bv2TQvb3fH2d2X0ODPwDCbt/N9M9/sxCEipK4pgpIgdsiIXYBky5xJcBQhR+uImiB2df+YAzbXgElBfXsLURqH+l4Gf4Ax0tE6LVdAlQeglQ/myjnzxCS5ujKUwoa5F1CLM5xQhSbUboiYRHeJxg9QUIW39tkSky2SMG1zcqZ4Ef37D+JnuoAgVIbUkJO9zw2OonfPdiyG29DyQ1tEExjNXCmQPfCTh4CWYCDPQAPj7nQMGoAv8ka/BVObQMStKgz1ClwoNJHPCLypEm6VWAaTjfYrDPc5mHynUFtSdtgdCXraZmAKp/f+wtHdLdQbLVwa8fCFk7NJhauHHUjpYuojobYgbGexuUYCPxVxvPEqwsjtOm5yVJyUz0hMfQowUa7zb9sNccdt/bYD/c7xtH1KoHo5Z6au/dl0gJl5F5PTCZw4oCyYSdYbdxB2LcqpO1XcLS2ZiueKPXaZ2IWUJra1dwgoCjvbdmQwgu/uwMRsmjUr7Mooc0ci4lnrTe0GxxLC+EUUzhaSGB5wjURd8d7rBT7omTlQ9CfYbKR7/iW11za/cRXFnWvIplw8n13FXCNnNGc9iX2b66isbOElcztgejjmJBB6INc3BLW6g9pyyr6z2sTfIpOoQeX5rd2VKW0l9PmP4Q2NQbaXY92W/cuSSQ/N94/4dJyJGDRw8sr/EX+xr0+vm7/zbwEGAAc7ldeFiLAmAAAAAElFTkSuQmCC\ hassend=\true\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton> FF - user.js: google.toolbar.button_option.cached.gtbSearchDocs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchDocs\ tooltip=\gtbMultilineTooltip\ label=\Google Documenten\ fullText=\Google Documenten\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAfxJREFUeNqEU8tOFEEUPcXMIII6gisxkogkGk0gceUs3bHgB4wkfAD/IIlbl/yBBj/ApTEhIS5MXBAzhhiBlTIsZoQZm+7pqdf1VlV3T08YY3Vu30pVnXNPnaoSRIS8vW6CzhRwJkP0uD93BVi7Dazfh8jXCRG6DlvNB7cPQJK5tAWMyxwp95s9oMLzFQI9XwokDpiTTOQEkQaOv+3jYPc94iSBZLDKwqlppcC7IwzlZq0gcHK/f97F8dcvqHZb6JugYMDRVYGgTJJvvSA450X1Rw3MP1xBdOMOYiaIWZUj6rGcVn9IslNSUnjgZFYfNCCXgFMG/WHCCyaQ2uBXfIFuPIGalRwKkzrBUfsWbTXqQuRSnn0EObmpq8wRMUGfHTVawqoBrB74bFTIc5NAe/OxKBR0BmwYBYLEhMrWKAbKLGvOGpRFx+2vvIWODEeorYW1AUweJD0JcSbNY26c5y95kEieIMuTHMZwVr6S9SCZKZFeBUqnWRAYmWLqpIna+QmixaewlZqv5mVrlSlhY7jI2HtgZR/Xfuyh3mpiWbTZqDSYlxs4BjyqgAG9hSdYnJY4pBnvtjfMar8lXL6EowRXSSKaXcCe8yF2fphgFo0H3pyqjRJc//QG91Y3PMB9/yhYtN8f3vJ/GaL8nO++ePkf2LD93Hnln+NfAQYAumFzRInKlVsAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchGroups - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchGroups\ tooltip=\gtbMultilineTooltip\ label=\Google Discussiegroepen\ fullText=\Google Discussiegroepen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchImages - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchImages\ tooltip=\gtbMultilineTooltip\ label=\Google Afbeeldingen\ fullText=\Google Afbeeldingen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchLocal - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchLocal\ tooltip=\gtbMultilineTooltip\ label=\Google Maps\ fullText=\Google Maps\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchNews - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchNews\ tooltip=\gtbMultilineTooltip\ label=\Google Nieuws\ fullText=\Google Nieuws\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbGadgetButtonWithSeparateMenu\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchPhotos - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchPhotos\ tooltip=\gtbMultilineTooltip\ label=\Picasa Webalbums\ fullText=\Picasa Webalbums\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAt9JREFUeNpcU01ME0EU/rbdtvzTghWKFCPhRyQShaiRHz2YeECTwsnEgx48wQkTMJwkHIwHOaAXPBhvJkZjQAU5eCLBkyYmBYuJRiihECgtULptd2d3xzdbStCXvMzs5H0/782shCORTsXcnPMRnWkD+C90XR3nJh8tP167mzujWki5j0w63sM0dVLspcVvMKKbYEuL4P5a8NaLQFmZVSdB6vVW1k/9Q3AITnJoW8twvH4GlspAVzJglGrnNfh6KqHKzWCSVwB7K3yNU4LAlla23QLM4xyxl2vYeW9D6spdGDYZpm6CGyZJAQ4WROn+Y8j6CiRJmtyIhNxC3CZ6Fpv42wipaqSoIT5fAPN6H4yiEpjMADeJiG1AyiyhZHc4NwALZzMMfSC9kIQaI8tUbBiGRbL50wbnENX4TmRd6FHKCOxqEPLeG9hlhzVo2ZrBugLGmKVkUDH3SzgWqIBcXIjC4YfgUQIbnykZKUvQk6tAadaILAaRXlNIncE0qdk6O6punYTT6SSXpFxQgMIaP3gkH1wrBkw7SpxhJA5uzyYm5KhxkQMdyoV8fOlqIrDDAgvywzXtgZmspPRhR20lp3rWQWI/Aaffhc3LxRh1n4MzrOB2jUq0/ICAW60lHR2QmFPcADL5TTBT6SzBysofNJ85i/FYNULbHC0uDV9jQUyvzyFFA02Ssz2dIanRbbA8NLh8eFTRiuVwGLV1RBBc+IH6ugYMnOKYX8+jFlWE9sKYi4ag6AYSOhFoDEwjOVXCvfNXIUYlcB2d3bD19Q1J7yYn0e7leNW2g2pysE+gjYyKLVWlfrPgIjMPT1vuoLvxEj7OfILAWU9b9ChiYuIJ7w0E6G1zfN/+jee/ZrGqxFDl8KC9/DS6/W3wFnnwYXrGAlO9WLPvQMTBocUWuHkDL7rui9dm3YKqaaQ6e1h39C+VxVRzLhQl5RkcHNnNER0NARwbG3UfuEV//wPLwV8BBgAilqQLWMIqvAAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchScholar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchScholar\ tooltip=\gtbMultilineTooltip\ label=\Wetenschap\ fullText=\Wetenschap\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////4yMjP9OV1r/PktM/7W1tf////////////////////////////////////////////////////////////////8hJCj/ZL72/1Oezf9ra2v/////////////////////////////////////////////////////////////////SkpK/1Oi1f9Dhqz/lJSU/////////////////97e3v/39/f//////////////////////////////////////4yMjP9Lkrz/MmqM/+fn5////////////56Zl/+QQTD/bktF/8bHxv////////////////////////////////+cnJz/Q4a0/ylVa//Nzc3/kIyM/3dHPv/eXDn//2xC//9sQv+tTDH/hGRb/5eXl/+1tbX/3t7e////////////ra2t/0OGrP9LboT/lC8h/95UMf/3XDn//2xC//9sQv//bEL//2xC//dgOf/GRDH/czAh/5SUlP///////////97e3v9Afpj/X3mH/3ssGP/nUDH/91g5/7VMMf+cQCn/nDsp/61IKf/3WDH/71Ax/0oYEP/n5+f////////////39/f/GDhS/21vcv8wHxf/nDMh/5wzIf/eTDH//1Q5//9UOf/nTDH/pTch/4wrGP9EJh//////////////////jIyM/zFJWv9SLCn/zkQx//9UOf//VDn//1Q5//9UOf//VDn//1Q5//9UOf//VDn/pTMh/0w3Mf+xsLH//v7+/z4fF//GQCn/xkxC/71QSv+cREL/pURC/3swMf9rJBj/vUAp//9UOf//VDn//1Q5//9UOf//UDn/ShgQ/zAzMP/v7+//jIyM/2ZBN/+MKyH/70wx//9UOf//VDn/xkAp/85EMf//VDn//1Q5/95IMf97KBj/Nh8Y/4SGhP/n5+f/////////////////xsbG/1dVUv9wJx//xkAp//9QOf/GOyn/cyQY/1IzMP9zc3P/xsbG////////////////////////////////////////////5+fn/4SEhP82LCn/e3t7/97e3v//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchSite - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchSite\ tooltip=\gtbMultilineTooltip\ label=\Site doorzoeken\ fullText=\Site doorzoeken\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbSearchVideo - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchVideo\ tooltip=\gtbMultilineTooltip\ label=\Google Video\ fullText=\Google Video\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAghJREFUeNpsksFrE0EUxr83M7ubpkK0tLYB9VArUolHvfUgvXn3Ih79Q/wL/AMURNSrQs8eBEF67E3sIbSUpralIDQsscnOjO/NzCZd6ZKXmd2d7zff93bIe4/tr8f+sF/i90GJvKXRe7QAbQhyfdsaYH93iLVeBxtPu+HZqKzw4fUu3n/fJPr8tu/zQoUX5bDCYL+EQNcedKaQnR9n2Ps1xK3VeTx+cjM8G/+1+PJuD3p9+cWrG4sFslxBQNoonByOcHo0wlK3BaUJ3TvtAO//PMf5nzFu370W1t172AE9v//Ri7g9b1BfsngydijmNObaevr8ZDAK7hYWWxw1ujbLvdWwuxG7RHDWoc3iauK5XCiBTXgsVuL87ILHIb/juZEFznlMSACA57nc20rKwVq+ryu986kcuzFC1JyTYr/YIuJCFohYNqgh9j8Q+Bcd2CZActYCcVKJEx5d1QQpRdGBUhKfmoDaRTWDXAbJuoy/2hUA34hxGRJANkaSMxKaL52k8EVijBowbaaNO4Z+iAP+OnI25MTm0YFlQNxd/n0dw/mmi+REcou44DJZikDpE14JSBDvEGznRRRnWTpI7oLzKhfVwKwPLkIEJhGlYSIOtpMYrDVHfgvr158F0QwQR4mmpUxdKkSQzTS73j7+BBJhb+XlTJ2aQampYc4TcUFoXjsHb+ifAAMAoBeO3DWt6ZQAAAAASUVORK5CYII=\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton> FF - user.js: google.toolbar.button_option.cached.gtbSearchWebhistory - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchWebhistory\ tooltip=\gtbMultilineTooltip\ label=\Webgeschiedenis\ fullText=\Webgeschiedenis\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml\ tooltip=\gtbMultilineTooltip\ label=\Gmail\ fullText=\Gmail\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg42v84ONr/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/ODja/zg42v84ONr/ODja/+Li////////////////////////////////////////////////////////4uL//zg42v84ONr/ODja/zg42v+np/n/4uL/////////////////////////////////////////////4uL//6en+f84ONr/ODja/zg42v84ONr/4uL//6en+f/i4v////////////+BgfL/gYHy////////////4uL//6en+f/i4v//ODja/zg42v84ONr/ODja///////i4v//p6f5/7a2//+BgfL/Wlrp/1pa6f+BgfL/trb//6en+f/i4v///////zg42v84ONr/ODja/zg42v///////////7a2//+BgfL/Wlrp/zg42v84ONr/Wlrp/4GB8v+2tv////////////84ONr/ODja/zg42v84ONr///////////+BgfL/Wlrp/zg42v+2tv//trb//zg42v9aWun/gYHy////////////ODja/zg42v84ONr/ODja//////+BgfL/Wlrp/zg42v+2tv////////////+2tv//ODja/1pa6f+BgfL//////zg42v84ONr/ODja/zg42v+BgfL/Wlrp/zg42v+2tv///////////////////////7a2//84ONr/Wlrp/4GB8v84ONr/ODja/zg42v84ONr/ODja/zg42v+2tv//////////////////////////////////trb//zg42v84ONr/ODja/zg42v84ONr/ODja/zg42v+BgfL/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+BgfL/ODja/zg42v84ONr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AAD//wAA//8AAA==\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton> FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml\ tooltip=\gtbMultilineTooltip\ label=\Knoppenlijstj\ fullText=\Knoppenlijstj\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAcNJREFUeNpsU7tOAzEQXF8uCgLCQ+IHkICa74ACISEaOh4SNeIXqGmgA0o+AAlqhBDiG6CkoQHEI+Tu/FhmbcdJjlia2+TsnZ0d7ykaWMzs49Y98XtFJHgDPiqmtw2lZE+FkM5ngwSyuf9IbMBje8B7B7QvuzyY3FtZ/UWB02UECpNGdM5JORq1Mq5tdAxR1waiArGSXBAwWxrVbi6P3QdmqfiLMz8m4DcSVVYkGGJraezslZ0uyOnSd+wfm3fg5lBJEoTkG8nfmugLZmitkV8iqfKJnsD/Bw6XVS5O29hrEVV0ogpjLCqbCI1WEJ0NYBdakGtyQsDBOFHRRWULyc5UHmz0MAl+90xNBCaqMJIoFaxI1yFGJDXOJTPz6aajT5A0ieGopR9fuS/bJ0NFA5XHc4eZQKU8o5lWHq6xON2jSSqprQqgosyWwSSPfgsZa5oGwUwrJDevjsPwyX0ure6kYXhZPwomeakmSDdBzcLtSZL+dH2u0hz07lQWromT07Fn55Jp/2Y5q8/3/ATTbG5pKjM01UBsMs2NNWhhtjV0DqppJOPiyjabtQOqj3jsWT3fXAyNsxo134Oe1Huuf85/AgwABNSAmdF/QsEAAAAASUVORK5CYII=\ type=\menu\ class=\gtb-custombutton gtbHelperIcon gtbWholeMenuGadgetButton\/> FF - user.js: google.toolbar.button_option.cached.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml\ tooltip=\gtbMultilineTooltip\ label=\Google Earth\ fullText=\Google Earth\ image=\data:image/x-icon;base64,R0lGODlhEAAQAPfDAA40ViRReM7q/c7h8hA6XxM/ZjpUbDpVbgUrTB88VqSuuBJNgQw5YRVOgS+BwlNpfQ8yUhhJdRxMdgkvUqy7ytHd59Xe5Nfe5UZjfiZoojlad0FhfvD095umsSNln32SpU9meytzsCJzummCmCZmnUqp7CBWh7S+x6S+1RY8X3SJm0FedzqGxp2tupams2d5iRYzTRRYlD6V1i54uKSwuxw7V2F1hkRbb4merx5SgImaqU1tih08WV638vv7/Mzd66i1wZKjsiJAWwcpRwc3YwAkSDJijEODvG+ZvszU3AYqSqS1xNHo94Cqzm6p2hpFbDuX2yiByV1/nVN0kVOGsmOBmwYpSCJai2at41mv6nWv4B1ioSRnoqvM6O/y9dzs+dzi6DRcfjWS1xMzUCdqpVBpgCpyrypspn6QnxVQhg8zVF6HrIOVpTxbdx5RfWqJpqu8zC+CxCVkm/Hz9Qo0WSZWgRQ6Wyt5uziR05mxxz1cdx9dlTJzrk5pgDWFyh5Jb5Souc3b5vn6+3ms2TZXdFt3j4mZp0qBswErUFam4aazvoGmxdDb5GuBlR5vt4+hsGCUwiNglhI/aS9kk3mRpp650B1OelBofaexvPX4/JilsGeIpEVccFd+oZ2uvofM9hhBZR5VhxhQgqvA0tHZ36G91wsqR/z8/C9/wCZtrGyFmwsqRihspxE5XKne/TthgqOzwaa0waKywdDi8wkrSltugTVfhHqYtBdQhOfs70llfXKGl+34/pajryx2tT9ffS58vBIvSf///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAMMALAAAAAAQABAAAAj8AIcJFDjq1psqqoAMXDgMxZZUkEoFshBrhSKGSI4McuLH0Zk1jASpQDOwUpNMwoR90SIihhsKwnbREEhlFhNeKYV14bPgTxIfBoblOcQi0SdXAlL+mESE0JwTmDp5uCMjS48SWAYIqxAGkS5DNupEMhMHDxQxUWYs4pBLQxFanAKYIBECmANUvriksSWLVCMhN6ZEaLAnAysycq5YKkCnjY4HtQC92mREFK5QOSQ8AZVCjZVVCobtEOYFjpQAkhgQaAUAwphgAnF4SnnqwhJKhTD0OQCjw8ARsMBs+PWhRRA2lxK8YPhIjx0AExAoGWJKE8OBLsrwqAGiF8OAADs=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/> FF - user.js: google.toolbar.button_option.gtbAutoFill - true FF - user.js: google.toolbar.button_option.gtbBookmarks - true FF - user.js: google.toolbar.button_option.gtbSearchBookmarks - true FF - user.js: google.toolbar.button_option.gtbSearchGoogle - true FF - user.js: google.toolbar.button_option.gtbSidewiki - false FF - user.js: google.toolbar.button_option.gtbSpellCheck - false FF - user.js: google.toolbar.button_option.gtbTranslate - true FF - user.js: google.toolbar.button_option.gtbTranslateMenu - false FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - true FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml.feedUpdate - 1339045199 FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - true FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml.feedUpdate - 1339054058 FF - user.js: google.toolbar.button_option.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - true FF - user.js: google.toolbar.component.bundled.dictionaries_config.json - 7.1.20110512 FF - user.js: google.toolbar.component.bundled.share_providers.json - 7.1.20110512 FF - user.js: google.toolbar.component.bundled.suggest_window.html - 7.1.20110512 FF - user.js: google.toolbar.custombuttons.list - gtbSearchImages,gtbCountrySearch,gtbSearchLocal,gtbSearchSite,gtbSearchNews,gtbSearchVideo,gtbSearchWebhistory,gtbFeelingLucky,gtbSearchGroups,gtbSearchBlogs,gtbSearchBooks,gtbSearchCalendar,gtbSearchDocs,gtbSearchPhotos,gtbSearchScholar,gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml,gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml,gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml FF - user.js: google.toolbar.custombuttons.migrated - true FF - user.js: google.toolbar.custombuttons.order.migrated.to.v6 - false FF - user.js: google.toolbar.custombuttons.version - 1 FF - user.js: google.toolbar.done_page_shown - AU_3.1.20081010 FF - user.js: google.toolbar.enhanced_features.week - -1 FF - user.js: google.toolbar.firstrun.done - true FF - user.js: google.toolbar.google_home - www.google.nl FF - user.js: google.toolbar.google_home.default - www.google.nl FF - user.js: google.toolbar.install_id - qeoEXlA1Y819UJ5vx9pOZH7VzwuiGy5koK1eMpyEoHPs FF - user.js: google.toolbar.install_ping_acked - true FF - user.js: google.toolbar.last_ping_attempt - 1338967666101 FF - user.js: google.toolbar.never_show_done_page - false FF - user.js: google.toolbar.opted_into_advanced_features_1 - true FF - user.js: google.toolbar.rlz - 1B3GGGL_nlNL247NL255 FF - user.js: google.toolbar.safebrowsing.keyupdatetime - 1339130996 FF - user.js: google.toolbar.search-icon - data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97h0f9JeBz/NHoA/z98Av9AfAD/PHsA/0F6AP8AAAAA/vz7/1+33/8Mp+z/FrHw/xWy8f8bs/T/Hqrx/3zE7v////7/t8qp/zF2A/87gwH/P4ID/z59AP8+egD/Q3kA/97s8v8botj/ELn3/wy58f8PtfL/D7Lw/xuz9P8vq+f/8/n///779v9KhR3/OYYA/0GFAv88hgD/QIAC/z17AP/0+/j/N6bM/wC07/8Cxf7/CsP7/wm+9v8Aqur/SrDb//7+/v///P7/VZEl/zSJAP87jQD/PYYA/0OBBf8+fQH///3//9Dp8/84sM7/CrDf/wC14/8CruL/KqnW/9ns8f/8/v//4OjX/z+GDf85kAD/PIwD/z2JAv8+hQD/PoEA/9C7pv/97uv////+/9Xw+v+w3ej/ls/e/+rz9///////+/z6/22mSf8qjQH/OJMA/zuQAP85iwL/PIgA/zyFAP+OSSL/nV44/7J+Vv/AkG7/7trP//7//f/9//7/6/Lr/2uoRv8tjQH/PJYA/zuTAP87kwD/PY8A/z2KAP89hAD/olkn/6RVHP+eSgj/mEgR//Ho3//+/v7/5Ozh/1GaJv8tlAD/OZcC/zuXAv84lAD/O5IC/z2PAf89iwL/OIkA/6hWFf+cTxD/pm9C/76ihP/8/v//+////8nav/8fdwL/NZsA/zeZAP83mgD/PJQB/zyUAf84jwD/PYsB/z6HAf+fXif/1r6s//79///58u//3r+g/+3i2v/+//3/mbiF/yyCAP87mgP/OpgD/zeWAP85lgD/OpEB/z+TAP9ChwH/7eHb/////v/28ej/tWwo/7tUAP+5XQ7/5M+5/////v+bsZn/IHAd/zeVAP89lgP/O5MA/zaJCf8tZTr/DyuK//3////9////0qmC/7lTAP/KZAT/vVgC/8iQWf/+//3///j//ygpx/8GGcL/ESax/xEgtv8FEMz/AALh/wAB1f///f7///z//758O//GXQL/yGYC/8RaAv/Ojlf/+/////////9QU93/BAD0/wAB//8DAP3/AAHz/wAA5f8DAtr///////v7+/+2bCT/yGMA/89mAP/BWQD/0q+D///+/////P7/Rkbg/wEA+f8AA/z/AQH5/wMA8P8AAev/AADf///7/P////7/uINQ/7lXAP/MYwL/vGIO//Lm3P/8/v//1dT2/woM5/8AAP3/AwH+/wAB/f8AAfb/BADs/wAC4P8AAAAA//z7/+LbzP+mXyD/oUwE/9Gshv/8//3/7/H5/zo/w/8AAdX/AgL6/wAA/f8CAP3/AAH2/wAA7v8AAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAA== FF - user.js: google.toolbar.searchdomaincheck.done - true FF - user.js: google.toolbar.spell_check.dictionary.words2 - FF - user.js: google.toolbar.spell_check.lang - nl FF - user.js: google.toolbar.spell_check.last_lang - nl FF - user.js: google.toolbar.translate.target_lang - nl FF - user.js: google.toolbar.translate.updateFlag - true FF - user.js: google.toolbar.usage_stats.default - false FF - user.js: intl.accept_languages - nl FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, ISO-8859-9, UTF-8, ISO-8859-15 FF - user.js: metrics.event-count - 0 FF - user.js: microsoft.CLR.auto_install - false FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.http.proxy.version - 1.0 FF - user.js: pref.advanced.javascript.disable_button.advanced - false FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false FF - user.js: pref.browser.homepage.disable_button.current_page - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: spellchecker.dictionary - nl FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1339166194 FF - user.js: urlclassifier.tableversion.goog-black-enchash - 1.62997 FF - user.js: urlclassifier.tableversion.goog-black-url - 1.25401 FF - user.js: urlclassifier.tableversion.goog-white-domain - 1.493 FF - user.js: urlclassifier.tableversion.goog-white-url - 1.371 . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0413.EXE AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0413.EXE AddRemove-EPSON Scan! II - c:\program files\epsonscannerdrivers\DeIsL2.isu AddRemove-MagicDisc 2.7.105 - h:\progra~1\MAGICD~1\UNWISE.EXE AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe AddRemove-Microsoft Plus! Windows CE, Handheld PC Edition 3.0 - j:\vraagteken\alle geinstaleerde dingen\Uninst.isu . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-23 13:24 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@?`??????w???w???????w???w;??w?r@????? ???????????????d???????????????????????4????????$?w???????????sI??s???s@????????????a?wx??st???????B-?s???????????????s???s?????n?w????Y??sL;??D??s??@??4@?X;????????? LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????\??? ??|h??|????a??|Nj?w?j?w????????0??? ???????????????d??????|????????p????u@????????????????s???????s???sx??s@?????????????}|h??st??????????s?????????????????C?sc"?sx??s??????:~??@?N'?s?;???4@? ;????????? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver] "ImagePath"="\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\SecuROM\License information*] "datasecu"=hex:02,bd,4e,ee,17,04,52,9b,f9,e0,34,2e,47,f2,ac,2b,be,74,fc,78,f1, 0f,68,25,1f,74,40,11,98,ab,a4,9b,a0,e2,aa,62,4b,e1,0d,6a,c8,ae,af,6e,45,70,\ "rkeysecu"=hex:67,68,7a,37,96,63,29,84,de,3d,d0,37,0e,0f,6d,63 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3216) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Browser MOUSE\MOUDL32A.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\PRISMSTA.EXE c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Voltooingstijd: 2012-06-23 13:36:34 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-23 11:36 . Pre-Run: 5.268.869.120 bytes beschikbaar Post-Run: 5.904.068.608 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - A73E9D8E4622A8C79ECDB114F5C72000 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:10:30, on 23-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17109) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htdocs/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192972525500 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194005729359 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a6bbb6c683e394c4.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10343 bytes

ik zit nu op mijn geinvecteeds account in safe modus, ik had het hijackthis logje ook bekeken omtekijken of er dezelfde files er instonden. niet dus. echter heb ik dus nogsteeds het politivirus / ukashvirus worm of hoe je het ook wilt noemen melding die alles vergendeld lekker is dit... drie maal overnieuw opgestard 3maal politie melding... net na safemodus en nogmaals mbam en ccleaner die beide niets vonden nogmaals geprobeerd en o my god 0.0" its gone!!! ik heb al aardig wat rare dingetjes mee gemaakt maar dit soort problemen die zich zelf oplossen slaat alles... in mijn logica dan... als jullie het niet erg vinden houdt ik dit nog eventjes open mocht hij weer oppopen en dezekeer niet zonder iets tedoen weer verdwijnt nogmaals hardstikke bedankt voor de geweldige hulp!

het was opgelost dacht ik, echter is hij of nooit weggeweest of hij is weer terrug binnen 24 uur... ik heb ondertussen wel bitdefendergeinstalleerd. en voor de 2e infectie heb ik met het dacht ik echt met ccleaner opgeruimd. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:26:50, on 23-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSICAC5.tmp O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- End of file - 9491 bytes

Hallo, Het betreft een medion laptop van 2004 met windows xp home edition. 3,06ghz intel p4 proc 1gb ddr1 ram 60gb hdd functionele hdd nvidia geforce fx 5350 Het probleem is dat je om de 30 seconde een freeze achtig iets hebt wat we niet hebben kunnen verhelpen met de volgende programmas die uptodatezijn/waren (dit probleem hebben we al ongeveer een jaar, het wordt echter alleen steeds erger en nu dus ondragelijk). Het treedt voornamelijk op als we iets doen dat met internet temaken heeft. nod32 v4 systemmechanic mbam registermechanic ccleaner hitmanpro 3.5 spybot s&d het enige wat tot dus ver wat geholpen heeft is hitmanpro maar na een minut of 5 a 10 hij weer niet vooruit tebranden. we hopen dat jullie hier wat meer mee kunnen zonder dat we alles overnieuw moeten installeren wat geen optie is voor ons. ik zal hier onder een hijackthis logje zetten aangezien die hier heilig lijken tezijn, en het begin van zoeenbeetje elke oplossing. Alvast hardstikkebedank voor jullie goedehulp, aandacht en ideeen! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:04:10, on 22-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17109) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htdocs/srl_bin/sysreqlab_srl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/013f4116546d849a9c06/netzip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192972525500 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194005729359 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a6bbb6c683e394c4.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: cbXNGaXP - cbXNGaXP.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11098 bytes

mbam heeft niets gevonden dit is hopelijk normaal (hij is uptodate). ik zal zometeen in deze reactie neerzetten of het gefixt is. totdusver lijkt het probleem opgelost! TOPERS ZIJN JULLIE, hardstikkebedankt!!!! Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.22.04 Windows 7 Service Pack 1 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 8.0.7601.17514 Frank :: FRANK-PC [administrator] 22-6-2012 14:22:08 mbam-log-2012-06-22 (14-22-08).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 274272 Verstreken tijd: 6 minuut/minuten, 13 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:30:30, on 22-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ºÃ¿´123ÍøÖ·µ¼º½--ÉÏÍø¾ÍÉϺÿ´123! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [spybotDeletingF4382] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt" O4 - HKCU\..\RunOnce: [spybotDeletingF8311] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt" O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSICAC5.tmp O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- End of file - 9836 bytes

Ik zit nu inde veilige modus op het desbetreffende acount. Hijackthis als admin uitgevoerd, toch een melding dat hij geen schrijftoegang heeft tot host file? naja hopelijk kunt u hier iets meer mee , wacht vol smart op uw antwoord. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:36:39, on 22-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ºÃ¿´123ÍøÖ·µ¼º½--ÉÏÍø¾ÍÉϺÿ´123! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [wjpnviplakdvxjg] C:\ProgramData\wjpnvipl.exe O4 - HKCU\..\RunOnce: [spybotDeletingF4382] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt" O4 - HKCU\..\RunOnce: [spybotDeletingF8311] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt" O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSICAC5.tmp O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- End of file - 10225 bytes

Hardstikkebedankt voor uw super snelle reactie! Ik ben alleen vergeten tevermelden dat ik op een ander acount zit dan de geinvecteerde kan dit kwaad (wel de zelfde os hoor)? UPDATE: Ik heb net gereboot en hij zit er nogsteeds in, mijn volgende stap wordt dan toch maar een hijackthis logje maken op het desbetreffende account in de safe modus, zal ik zometeen posten. mbamlog Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.22.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 HTC :: FRANK-PC [administrator] 22-6-2012 12:04:49 mbam-log-2012-06-22 (12-04-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 273997 Time elapsed: 6 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) hijackthislog: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:13:15, on 22-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ºÃ¿´123ÍøÖ·µ¼º½--ÉÏÍø¾ÍÉϺÿ´123! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSICAC5.tmp O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- End of file - 9949 bytes

ik heb er dus sinds een uurtjes of 6 last van en ik wordt er knetter van... hier mijn hijack this logje, want hier uitvandaan schijnt het tamelijk makkelijk te fixen tezijn samen met mbam. (overigens kan ik hier niet zoveelwijsuit maar dat zal wel normaalzijn ) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:46:07, on 22-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ºÃ¿´123ÍøÖ·µ¼º½--ÉÏÍø¾ÍÉϺÿ´123! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing) O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSICAC5.tmp O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- End of file - 10910 bytes het kan zijn dat ik wat verkeerd zit qua plek in forum, sorry daarvoor. alvast bedankt voor de moeite!!!