superlangzame laptop

[frank12444]

Hallo,

Het betreft een medion laptop van 2004 met windows xp home edition.

3,06ghz intel p4 proc

1gb ddr1 ram

60gb hdd functionele hdd

nvidia geforce fx 5350

Het probleem is dat je om de 30 seconde een freeze achtig iets hebt wat we niet hebben kunnen verhelpen met de volgende programmas die uptodatezijn/waren (dit probleem hebben we al ongeveer een jaar, het wordt echter alleen steeds erger en nu dus ondragelijk). Het treedt voornamelijk op als we iets doen dat met internet temaken heeft.

nod32 v4

systemmechanic

mbam

registermechanic

ccleaner

hitmanpro 3.5

spybot s&d

het enige wat tot dus ver wat geholpen heeft is hitmanpro maar na een minut of 5 a 10 hij weer niet vooruit tebranden.

we hopen dat jullie hier wat meer mee kunnen zonder dat we alles overnieuw moeten installeren wat geen optie is voor ons.

ik zal hier onder een hijackthis logje zetten aangezien die hier heilig lijken tezijn, en het begin van zoeenbeetje elke oplossing.

Alvast hardstikkebedank voor jullie goedehulp, aandacht en ideeen!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:04:10, on 22-6-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17109)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Browser MOUSE\mouse32a.exe

C:\WINDOWS\system32\PRISMSTA.EXE

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll

O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe

O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htdocs/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/013f4116546d849a9c06/netzip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192972525500

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194005729359

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a6bbb6c683e394c4.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: cbXNGaXP - cbXNGaXP.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 11098 bytes

[clarkie]

De experts (Kape en kweezie wabbit) zijn verwittigd, zodra ze online zijn helpen ze je verder.

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe

O20 - Winlogon Notify: cbXNGaXP - cbXNGaXP.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht. samen met een nieuw HijackThis log.

[frank12444]

het lijkt vooralsnog dat hij een heel stuk sneller is (heb 2 webpaginas bekeken binnen 10seconde!!!).

ComboFix 12-06-23.05 - Adrie 23-06-2012 12:58:43.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.468 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Adrie\Bureaublad\ComboFix.exe

AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

ADS - system32: deleted 12 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Adrie\Application Data\ACD Systems\ACDSee\ImageDB.ddf

c:\documents and settings\Adrie\Application Data\inst.exe

c:\documents and settings\Adrie\Application Data\SQLite3.dll

c:\documents and settings\Adrie\Application Data\vso_ts_preview.xml

c:\documents and settings\Adrie\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

C:\Documents

C:\option.ini

c:\windows\CRES1100.EXE

c:\windows\help\wmplayer.bak

c:\windows\IsUn0413.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\install

c:\windows\system32\SET5C.tmp

c:\windows\system32\SET61.tmp

c:\windows\system32\SET68.tmp

c:\windows\system32\SET71.tmp

c:\windows\system32\SET72.tmp

c:\windows\system32\SET73.tmp

c:\windows\system32\SET76.tmp

c:\windows\system32\Thumbs.db

c:\windows\unin0407.exe

c:\windows\unin0413.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_FCI

-------\Legacy_ICF

-------\Legacy_ILVMONEYDRIVER53

-------\Legacy_WINRING0_1_0_1

-------\Service_IlvMoneyDRIVER53

-------\Service_WinRing0_1_0_1

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

.

2012-06-23 10:34 . 2012-06-23 10:34 -------- d-----w- c:\documents and settings\All Users\Favorieten

2012-06-22 13:36 . 2012-06-22 13:36 1409 ----a-w- c:\windows\QTFont.for

2012-06-22 12:59 . 2012-06-22 12:59 388096 ----a-r- c:\documents and settings\Adrie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 12:59 . 2012-06-22 12:59 -------- d-----w- c:\program files\Trend Micro

2012-06-20 14:31 . 2012-06-20 14:31 -------- d--h--r- c:\documents and settings\Adrie\Onlangs geopend

2012-06-09 11:29 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2012-06-09 11:26 . 2012-06-09 11:27 -------- d-----w- c:\program files\Defraggler

2012-06-09 11:24 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\Adrie\Local Settings\Application Data\Temp

2012-06-08 19:30 . 2012-06-08 19:30 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Search

2012-06-08 11:19 . 2012-06-08 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2012-06-08 11:18 . 2012-06-08 18:40 -------- d-----w- c:\documents and settings\Adrie\Application Data\IObit

2012-05-31 07:20 . 2012-05-31 07:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-25 10:29 . 2012-05-25 10:29 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Desktop Search

2012-05-25 10:28 . 2012-05-25 10:28 -------- d-----w- c:\program files\Windows Desktop Search

2012-05-25 10:25 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-05-25 10:25 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-05-25 10:25 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-17 09:17 . 2009-10-07 10:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2012-05-31 13:22 . 2003-12-29 16:10 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-31 07:20 . 2011-05-20 08:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-22 17:05 . 2012-05-22 15:39 14664 ----a-w- c:\windows\stinger.sys

2012-05-22 15:54 . 2012-05-22 15:54 159608 ----a-w- c:\windows\system32\mfevtps.exe.c775.deleteme

2012-05-22 15:38 . 2012-05-22 15:38 159608 ----a-w- c:\windows\system32\mfevtps.exe.55ec.deleteme

2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2002-09-09 13:17 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2003-12-28 22:02 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 13:56 . 2010-08-12 11:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRISMSTA.EXE"="PRISMSTA.EXE START" [X]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-10-03 40960]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-09-12 65536]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2006-12-13 360448]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-03-28 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 54784]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKLM\~\startupfolder\C:^Documents and Settings^Adrie^Menu Start^Programma's^Opstarten^MagicDisc.lnk]

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ImageFox.lnk]

backup=c:\windows\pss\ImageFox.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]

backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^REALTEK RTL8187 Wireless LAN Utility.lnk]

backup=c:\windows\pss\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^UltraMon.lnk]

backup=c:\windows\pss\UltraMon.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSEMOUSE2]

2006-12-13 14:48 550400 ----a-w- c:\program files\Browser MOUSE\R2M.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 16:34 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 14:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]

2003-05-12 13:28 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]

2003-06-25 09:53 204800 ----a-w- c:\program files\Launch Manager\OSD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2002-12-10 15:54 127022 -c--a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-03-09 13:29 7561216 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-03-09 13:29 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-03-09 13:29 1519616 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2004-01-29 17:12 57344 ----a-w- c:\program files\Home Cinema\PowerCinema\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-11-10 15:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\powerman]

2003-12-23 19:48 126976 ----a-w- c:\windows\system32\powerman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 21:37 413696 ----a-w- c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-09-29 14:00 155648 -c--a-w- c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2003-11-20 15:18 499712 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2003-11-20 15:19 98304 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]

2008-02-07 10:00 90112 -c--a-w- c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=

"c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"h:\\program files\\redalert3\\Data\\ra3_1.0.game"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9068:TCP"= 9068:TCP:BitComet 9068 TCP

"9068:UDP"= 9068:UDP:BitComet 9068 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6-1-2008 13:16 715248]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 8:23 108792]

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6-12-2007 22:03 660768]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-7-2011 15:45 38144]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11-9-2009 8:24 735960]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 19:29 53248]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23-12-2008 17:35 50704]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14-9-2008 17:32 10496]

R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [16-10-2003 2:15 364320]

S1 mailKmd;mailKmd; [x]

S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [30-12-2006 20:45 15104]

S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 19:27 77824]

S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 19:41 77824]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [27-5-2009 14:53 223232]

S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [9-7-2009 12:51 7888]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt --> k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4-9-2009 18:56 1527900]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4-9-2008 19:32 47360]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6-7-2011 15:45 332928]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [4-1-2009 18:08 98488]

S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [25-3-2011 15:42 384752]

S3 XDva031;XDva031;\??\c:\windows\System32\XDva031.sys --> c:\windows\System32\XDva031.sys [?]

S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]

S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append Link Target to Existing PDF

IE: Download All Files by HiDownload

IE: Download by HiDownload

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Adrie\Application Data\Mozilla\Firefox\Profiles\x7qbfdgj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: accessibility.typeaheadfind.flashBar - 0

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1339045178

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1339045178

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1339045178

FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1338454994

FF - user.js: app.update.lastUpdateTime.restart-nag-timer - 1225570569

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1339045179

FF - user.js: browser.anchor_color - #0000FF

FF - user.js: browser.display.background_color - #C0C0C0

FF - user.js: browser.display.use_system_colors - true

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\Adrie\\Mijn documenten\\Mijn afbeeldingen

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.save_converter_index - 0

FF - user.js: browser.fixup.alternate.enabled - false

FF - user.js: browser.history_expire_days - 20

FF - user.js: browser.migration.version - 1

FF - user.js: browser.places.importBookmarksHTML - false

FF - user.js: browser.places.importDefaults - false

FF - user.js: browser.places.leftPaneFolderId - -1

FF - user.js: browser.places.migratePostDataAnnotations - false

FF - user.js: browser.places.smartBookmarksVersion - 1

FF - user.js: browser.places.updateRecentTagsUri - false

FF - user.js: browser.preferences.advanced.selectedTabIndex - 0

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.search.defaultenginename - Google

FF - user.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage - hxxp://www.startpagina.nl

FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.0.14

FF - user.js: browser.visited_color - #800080

FF - user.js: distribution.google-cjk.bookmarksProcessed - true

FF - user.js: extensions.enabledItems - {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - user.js: extensions.lastAppVersion - 3.0.14

FF - user.js: extensions.mozilla.metrics.event-count - 0

FF - user.js: extensions.update.notifyUser - false

FF - user.js: flashgot.custom.Retriever.maxLinks - 10

FF - user.js: flashgot.defaultDM - BitComet

FF - user.js: flashgot.detect.cache - (Interne downloadbeheerder),HiDownload,BitComet

FF - user.js: flashgot.dmchoice - false

FF - user.js: flashgot.version - 1.1.8.7

FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)

FF - user.js: google.toolbar.auto_page_translate.rules.blacklist - nl

FF - user.js: google.toolbar.auto_page_translate.rules.whitelist -

FF - user.js: google.toolbar.button_option.cached.gtbCountrySearch - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbCountrySearch\ tooltip=\gtbMultilineTooltip\ label=\Nederland\ fullText=\Nederland\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbFeelingLucky - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbFeelingLucky\ tooltip=\gtbMultilineTooltip\ label=\Ik doe een gok\ fullText=\Ik doe een gok\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchBlogs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBlogs\ tooltip=\gtbMultilineTooltip\ label=\Zoeken in blogs met Google\ fullText=\Zoeken in blogs met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAYBJREFUeNqUkjtOA0EMhr1LRDYUtCCliKiQ4AB0CIkLQIkENHCgiAMgIeAAiANQ86iQoEcUqSkSsrvjMX7MLLME8bBi2Zkdf/49MxkRwcndMU0QYeLYMXH97yH9Ng756PAmA7Z8eHtEpfdQewIkc07NQSKZg0X+cQaweLopATpClaKKKyry4Dh3lMJmgaKaFBMA8rFmFaKkUjWmyPk2DIMS5P1o9QLwSnVBQYUJiMRJYwS5ZFQDODRA8CpRImNFNRKjItcCoAGwAVAzTonfQHSfqVbAmBUQRABwFyuKSspUUVAosHAEpkBOFQGaGWvdLOdBbUBy3dE6ktpVQjNGPNB0lAiSNbEizzVm+f4a7e6t6gMZTafwVjuFSKflogvzeWY3odfqG+mP16+A509ZJvLnDtZ1fWNnwJBSFfR7BdxfvYD0kZ72Aj+l08WzPmUFRFu53KZ3ljtY6MEDF0sH+MXyrwv9XvfPxTO2dLZFciYU3jvnP+5P1ZucfxRHwIcAAwAX2fYcgJ+EGwAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchBooks - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBooks\ tooltip=\gtbMultilineTooltip\ label=\Zoeken naar boeken met Google\ fullText=\Zoeken naar boeken met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAiNJREFUeNp0kztvE0EUhc/Ya5uEFCsiiJQiwjJIiAaLAkSFRUPrAgpqfgBQUSL/gkBBDRJFCpB4SBFNikAVCRE5giISTmQkjCP8iNfG6915MjO7fuKMdKTdO3O/e+beXXJzSxXWs/U8gAda57VKWk+v5lY7mFi7B7/N3hOt4iBkL299WHsfPMY20QB1xhG4d7aDC6fo8LxJfmZA8ftDU4AL6W5WM3jxLYUjL0BYWiGO2W3zJJ7Xl5HLUNx2e7i4SN242hWtgpTK/dpI4tX+Asq1EIzqQioiO8OSSgf2+2l895ZxbWmAG66PS0u0uNdO4u2hg51fCjTwIQVGyRYgRPQuJWCeOQc+Nxew8amOQesYK+kuFnOXIZiwRZScykeCMWhLWiySAXANCrwuglYDYevIwodSk9nGAWVR0EiYQyICKGNHMhDJpwByHsB4MhvDQyYXgoMIaiE2Fmt2OSxuqJoBKE5BeADi0Cgu/rc/vkIMUEOAqcRDENbXgMAC51WfuoKauQaoD0J7IKnIwUnLCX3dKCc1auQY0Eci9EAyBGpepm6uHWN752PHr/20I6TxKBmPHUg2t6r0/oAe7Np/JaGblfV/fCn9LW+BHjfsCE+yrPwuWHUPvF4p6SllTYyMdu+8Nn/besJdLTpreSTLG0CzgnNuGvL6fdQqh5C95jt95hHe3K1Gn7+aAIxBBQvig7y5ZzqVQEBOl+PE7SlHGvBPgAEAhIhYJbvKryMAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchCalendar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchCalendar\ tooltip=\gtbMultilineTooltip\ label=\Google Agenda\ fullText=\Google Agenda\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAldJREFUeNp8U01oU0EQ/t4zeU00iWLxr2nFXlSohyCkrTcv6kH0VAVPiiBeBfHmoUfBn4NHEQTxZKugN0FQNFiEgBfbElQkmor2x6bv2TQvb3fH2d2X0ODPwDCbt/N9M9/sxCEipK4pgpIgdsiIXYBky5xJcBQhR+uImiB2df+YAzbXgElBfXsLURqH+l4Gf4Ax0tE6LVdAlQeglQ/myjnzxCS5ujKUwoa5F1CLM5xQhSbUboiYRHeJxg9QUIW39tkSky2SMG1zcqZ4Ef37D+JnuoAgVIbUkJO9zw2OonfPdiyG29DyQ1tEExjNXCmQPfCTh4CWYCDPQAPj7nQMGoAv8ka/BVObQMStKgz1ClwoNJHPCLypEm6VWAaTjfYrDPc5mHynUFtSdtgdCXraZmAKp/f+wtHdLdQbLVwa8fCFk7NJhauHHUjpYuojobYgbGexuUYCPxVxvPEqwsjtOm5yVJyUz0hMfQowUa7zb9sNccdt/bYD/c7xtH1KoHo5Z6au/dl0gJl5F5PTCZw4oCyYSdYbdxB2LcqpO1XcLS2ZiueKPXaZ2IWUJra1dwgoCjvbdmQwgu/uwMRsmjUr7Mooc0ci4lnrTe0GxxLC+EUUzhaSGB5wjURd8d7rBT7omTlQ9CfYbKR7/iW11za/cRXFnWvIplw8n13FXCNnNGc9iX2b66isbOElcztgejjmJBB6INc3BLW6g9pyyr6z2sTfIpOoQeX5rd2VKW0l9PmP4Q2NQbaXY92W/cuSSQ/N94/4dJyJGDRw8sr/EX+xr0+vm7/zbwEGAAc7ldeFiLAmAAAAAElFTkSuQmCC\ hassend=\true\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton>

FF - user.js: google.toolbar.button_option.cached.gtbSearchDocs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchDocs\ tooltip=\gtbMultilineTooltip\ label=\Google Documenten\ fullText=\Google Documenten\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAfxJREFUeNqEU8tOFEEUPcXMIII6gisxkogkGk0gceUs3bHgB4wkfAD/IIlbl/yBBj/ApTEhIS5MXBAzhhiBlTIsZoQZm+7pqdf1VlV3T08YY3Vu30pVnXNPnaoSRIS8vW6CzhRwJkP0uD93BVi7Dazfh8jXCRG6DlvNB7cPQJK5tAWMyxwp95s9oMLzFQI9XwokDpiTTOQEkQaOv+3jYPc94iSBZLDKwqlppcC7IwzlZq0gcHK/f97F8dcvqHZb6JugYMDRVYGgTJJvvSA450X1Rw3MP1xBdOMOYiaIWZUj6rGcVn9IslNSUnjgZFYfNCCXgFMG/WHCCyaQ2uBXfIFuPIGalRwKkzrBUfsWbTXqQuRSnn0EObmpq8wRMUGfHTVawqoBrB74bFTIc5NAe/OxKBR0BmwYBYLEhMrWKAbKLGvOGpRFx+2vvIWODEeorYW1AUweJD0JcSbNY26c5y95kEieIMuTHMZwVr6S9SCZKZFeBUqnWRAYmWLqpIna+QmixaewlZqv5mVrlSlhY7jI2HtgZR/Xfuyh3mpiWbTZqDSYlxs4BjyqgAG9hSdYnJY4pBnvtjfMar8lXL6EowRXSSKaXcCe8yF2fphgFo0H3pyqjRJc//QG91Y3PMB9/yhYtN8f3vJ/GaL8nO++ePkf2LD93Hnln+NfAQYAumFzRInKlVsAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchGroups - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchGroups\ tooltip=\gtbMultilineTooltip\ label=\Google Discussiegroepen\ fullText=\Google Discussiegroepen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchImages - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchImages\ tooltip=\gtbMultilineTooltip\ label=\Google Afbeeldingen\ fullText=\Google Afbeeldingen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchLocal - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchLocal\ tooltip=\gtbMultilineTooltip\ label=\Google Maps\ fullText=\Google Maps\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchNews - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchNews\ tooltip=\gtbMultilineTooltip\ label=\Google Nieuws\ fullText=\Google Nieuws\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbGadgetButtonWithSeparateMenu\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchPhotos - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchPhotos\ tooltip=\gtbMultilineTooltip\ label=\Picasa Webalbums\ fullText=\Picasa Webalbums\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAt9JREFUeNpcU01ME0EU/rbdtvzTghWKFCPhRyQShaiRHz2YeECTwsnEgx48wQkTMJwkHIwHOaAXPBhvJkZjQAU5eCLBkyYmBYuJRiihECgtULptd2d3xzdbStCXvMzs5H0/782shCORTsXcnPMRnWkD+C90XR3nJh8tP167mzujWki5j0w63sM0dVLspcVvMKKbYEuL4P5a8NaLQFmZVSdB6vVW1k/9Q3AITnJoW8twvH4GlspAVzJglGrnNfh6KqHKzWCSVwB7K3yNU4LAlla23QLM4xyxl2vYeW9D6spdGDYZpm6CGyZJAQ4WROn+Y8j6CiRJmtyIhNxC3CZ6Fpv42wipaqSoIT5fAPN6H4yiEpjMADeJiG1AyiyhZHc4NwALZzMMfSC9kIQaI8tUbBiGRbL50wbnENX4TmRd6FHKCOxqEPLeG9hlhzVo2ZrBugLGmKVkUDH3SzgWqIBcXIjC4YfgUQIbnykZKUvQk6tAadaILAaRXlNIncE0qdk6O6punYTT6SSXpFxQgMIaP3gkH1wrBkw7SpxhJA5uzyYm5KhxkQMdyoV8fOlqIrDDAgvywzXtgZmspPRhR20lp3rWQWI/Aaffhc3LxRh1n4MzrOB2jUq0/ICAW60lHR2QmFPcADL5TTBT6SzBysofNJ85i/FYNULbHC0uDV9jQUyvzyFFA02Ssz2dIanRbbA8NLh8eFTRiuVwGLV1RBBc+IH6ugYMnOKYX8+jFlWE9sKYi4ag6AYSOhFoDEwjOVXCvfNXIUYlcB2d3bD19Q1J7yYn0e7leNW2g2pysE+gjYyKLVWlfrPgIjMPT1vuoLvxEj7OfILAWU9b9ChiYuIJ7w0E6G1zfN/+jee/ZrGqxFDl8KC9/DS6/W3wFnnwYXrGAlO9WLPvQMTBocUWuHkDL7rui9dm3YKqaaQ6e1h39C+VxVRzLhQl5RkcHNnNER0NARwbG3UfuEV//wPLwV8BBgAilqQLWMIqvAAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchScholar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchScholar\ tooltip=\gtbMultilineTooltip\ label=\Wetenschap\ fullText=\Wetenschap\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////4yMjP9OV1r/PktM/7W1tf////////////////////////////////////////////////////////////////8hJCj/ZL72/1Oezf9ra2v/////////////////////////////////////////////////////////////////SkpK/1Oi1f9Dhqz/lJSU/////////////////97e3v/39/f//////////////////////////////////////4yMjP9Lkrz/MmqM/+fn5////////////56Zl/+QQTD/bktF/8bHxv////////////////////////////////+cnJz/Q4a0/ylVa//Nzc3/kIyM/3dHPv/eXDn//2xC//9sQv+tTDH/hGRb/5eXl/+1tbX/3t7e////////////ra2t/0OGrP9LboT/lC8h/95UMf/3XDn//2xC//9sQv//bEL//2xC//dgOf/GRDH/czAh/5SUlP///////////97e3v9Afpj/X3mH/3ssGP/nUDH/91g5/7VMMf+cQCn/nDsp/61IKf/3WDH/71Ax/0oYEP/n5+f////////////39/f/GDhS/21vcv8wHxf/nDMh/5wzIf/eTDH//1Q5//9UOf/nTDH/pTch/4wrGP9EJh//////////////////jIyM/zFJWv9SLCn/zkQx//9UOf//VDn//1Q5//9UOf//VDn//1Q5//9UOf//VDn/pTMh/0w3Mf+xsLH//v7+/z4fF//GQCn/xkxC/71QSv+cREL/pURC/3swMf9rJBj/vUAp//9UOf//VDn//1Q5//9UOf//UDn/ShgQ/zAzMP/v7+//jIyM/2ZBN/+MKyH/70wx//9UOf//VDn/xkAp/85EMf//VDn//1Q5/95IMf97KBj/Nh8Y/4SGhP/n5+f/////////////////xsbG/1dVUv9wJx//xkAp//9QOf/GOyn/cyQY/1IzMP9zc3P/xsbG////////////////////////////////////////////5+fn/4SEhP82LCn/e3t7/97e3v//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchSite - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchSite\ tooltip=\gtbMultilineTooltip\ label=\Site doorzoeken\ fullText=\Site doorzoeken\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchVideo - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchVideo\ tooltip=\gtbMultilineTooltip\ label=\Google Video\ fullText=\Google Video\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAghJREFUeNpsksFrE0EUxr83M7ubpkK0tLYB9VArUolHvfUgvXn3Ih79Q/wL/AMURNSrQs8eBEF67E3sIbSUpralIDQsscnOjO/NzCZd6ZKXmd2d7zff93bIe4/tr8f+sF/i90GJvKXRe7QAbQhyfdsaYH93iLVeBxtPu+HZqKzw4fUu3n/fJPr8tu/zQoUX5bDCYL+EQNcedKaQnR9n2Ps1xK3VeTx+cjM8G/+1+PJuD3p9+cWrG4sFslxBQNoonByOcHo0wlK3BaUJ3TvtAO//PMf5nzFu370W1t172AE9v//Ri7g9b1BfsngydijmNObaevr8ZDAK7hYWWxw1ujbLvdWwuxG7RHDWoc3iauK5XCiBTXgsVuL87ILHIb/juZEFznlMSACA57nc20rKwVq+ryu986kcuzFC1JyTYr/YIuJCFohYNqgh9j8Q+Bcd2CZActYCcVKJEx5d1QQpRdGBUhKfmoDaRTWDXAbJuoy/2hUA34hxGRJANkaSMxKaL52k8EVijBowbaaNO4Z+iAP+OnI25MTm0YFlQNxd/n0dw/mmi+REcou44DJZikDpE14JSBDvEGznRRRnWTpI7oLzKhfVwKwPLkIEJhGlYSIOtpMYrDVHfgvr158F0QwQR4mmpUxdKkSQzTS73j7+BBJhb+XlTJ2aQampYc4TcUFoXjsHb+ifAAMAoBeO3DWt6ZQAAAAASUVORK5CYII=\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton>

FF - user.js: google.toolbar.button_option.cached.gtbSearchWebhistory - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchWebhistory\ tooltip=\gtbMultilineTooltip\ label=\Webgeschiedenis\ fullText=\Webgeschiedenis\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml\ tooltip=\gtbMultilineTooltip\ label=\Gmail\ fullText=\Gmail\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg42v84ONr/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/ODja/zg42v84ONr/ODja/+Li////////////////////////////////////////////////////////4uL//zg42v84ONr/ODja/zg42v+np/n/4uL/////////////////////////////////////////////4uL//6en+f84ONr/ODja/zg42v84ONr/4uL//6en+f/i4v////////////+BgfL/gYHy////////////4uL//6en+f/i4v//ODja/zg42v84ONr/ODja///////i4v//p6f5/7a2//+BgfL/Wlrp/1pa6f+BgfL/trb//6en+f/i4v///////zg42v84ONr/ODja/zg42v///////////7a2//+BgfL/Wlrp/zg42v84ONr/Wlrp/4GB8v+2tv////////////84ONr/ODja/zg42v84ONr///////////+BgfL/Wlrp/zg42v+2tv//trb//zg42v9aWun/gYHy////////////ODja/zg42v84ONr/ODja//////+BgfL/Wlrp/zg42v+2tv////////////+2tv//ODja/1pa6f+BgfL//////zg42v84ONr/ODja/zg42v+BgfL/Wlrp/zg42v+2tv///////////////////////7a2//84ONr/Wlrp/4GB8v84ONr/ODja/zg42v84ONr/ODja/zg42v+2tv//////////////////////////////////trb//zg42v84ONr/ODja/zg42v84ONr/ODja/zg42v+BgfL/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+BgfL/ODja/zg42v84ONr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AAD//wAA//8AAA==\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton>

FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml\ tooltip=\gtbMultilineTooltip\ label=\Knoppenlijstj\ fullText=\Knoppenlijstj\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAcNJREFUeNpsU7tOAzEQXF8uCgLCQ+IHkICa74ACISEaOh4SNeIXqGmgA0o+AAlqhBDiG6CkoQHEI+Tu/FhmbcdJjlia2+TsnZ0d7ykaWMzs49Y98XtFJHgDPiqmtw2lZE+FkM5ngwSyuf9IbMBje8B7B7QvuzyY3FtZ/UWB02UECpNGdM5JORq1Mq5tdAxR1waiArGSXBAwWxrVbi6P3QdmqfiLMz8m4DcSVVYkGGJraezslZ0uyOnSd+wfm3fg5lBJEoTkG8nfmugLZmitkV8iqfKJnsD/Bw6XVS5O29hrEVV0ogpjLCqbCI1WEJ0NYBdakGtyQsDBOFHRRWULyc5UHmz0MAl+90xNBCaqMJIoFaxI1yFGJDXOJTPz6aajT5A0ieGopR9fuS/bJ0NFA5XHc4eZQKU8o5lWHq6xON2jSSqprQqgosyWwSSPfgsZa5oGwUwrJDevjsPwyX0ure6kYXhZPwomeakmSDdBzcLtSZL+dH2u0hz07lQWromT07Fn55Jp/2Y5q8/3/ATTbG5pKjM01UBsMs2NNWhhtjV0DqppJOPiyjabtQOqj3jsWT3fXAyNsxo134Oe1Huuf85/AgwABNSAmdF/QsEAAAAASUVORK5CYII=\ type=\menu\ class=\gtb-custombutton gtbHelperIcon gtbWholeMenuGadgetButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml\ tooltip=\gtbMultilineTooltip\ label=\Google Earth\ fullText=\Google Earth\ image=\data:image/x-icon;base64,R0lGODlhEAAQAPfDAA40ViRReM7q/c7h8hA6XxM/ZjpUbDpVbgUrTB88VqSuuBJNgQw5YRVOgS+BwlNpfQ8yUhhJdRxMdgkvUqy7ytHd59Xe5Nfe5UZjfiZoojlad0FhfvD095umsSNln32SpU9meytzsCJzummCmCZmnUqp7CBWh7S+x6S+1RY8X3SJm0FedzqGxp2tupams2d5iRYzTRRYlD6V1i54uKSwuxw7V2F1hkRbb4merx5SgImaqU1tih08WV638vv7/Mzd66i1wZKjsiJAWwcpRwc3YwAkSDJijEODvG+ZvszU3AYqSqS1xNHo94Cqzm6p2hpFbDuX2yiByV1/nVN0kVOGsmOBmwYpSCJai2at41mv6nWv4B1ioSRnoqvM6O/y9dzs+dzi6DRcfjWS1xMzUCdqpVBpgCpyrypspn6QnxVQhg8zVF6HrIOVpTxbdx5RfWqJpqu8zC+CxCVkm/Hz9Qo0WSZWgRQ6Wyt5uziR05mxxz1cdx9dlTJzrk5pgDWFyh5Jb5Souc3b5vn6+3ms2TZXdFt3j4mZp0qBswErUFam4aazvoGmxdDb5GuBlR5vt4+hsGCUwiNglhI/aS9kk3mRpp650B1OelBofaexvPX4/JilsGeIpEVccFd+oZ2uvofM9hhBZR5VhxhQgqvA0tHZ36G91wsqR/z8/C9/wCZtrGyFmwsqRihspxE5XKne/TthgqOzwaa0waKywdDi8wkrSltugTVfhHqYtBdQhOfs70llfXKGl+34/pajryx2tT9ffS58vBIvSf///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAMMALAAAAAAQABAAAAj8AIcJFDjq1psqqoAMXDgMxZZUkEoFshBrhSKGSI4McuLH0Zk1jASpQDOwUpNMwoR90SIihhsKwnbREEhlFhNeKYV14bPgTxIfBoblOcQi0SdXAlL+mESE0JwTmDp5uCMjS48SWAYIqxAGkS5DNupEMhMHDxQxUWYs4pBLQxFanAKYIBECmANUvriksSWLVCMhN6ZEaLAnAysycq5YKkCnjY4HtQC92mREFK5QOSQ8AZVCjZVVCobtEOYFjpQAkhgQaAUAwphgAnF4SnnqwhJKhTD0OQCjw8ARsMBs+PWhRRA2lxK8YPhIjx0AExAoGWJKE8OBLsrwqAGiF8OAADs=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.gtbAutoFill - true

FF - user.js: google.toolbar.button_option.gtbBookmarks - true

FF - user.js: google.toolbar.button_option.gtbSearchBookmarks - true

FF - user.js: google.toolbar.button_option.gtbSearchGoogle - true

FF - user.js: google.toolbar.button_option.gtbSidewiki - false

FF - user.js: google.toolbar.button_option.gtbSpellCheck - false

FF - user.js: google.toolbar.button_option.gtbTranslate - true

FF - user.js: google.toolbar.button_option.gtbTranslateMenu - false

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - true

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml.feedUpdate - 1339045199

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - true

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml.feedUpdate - 1339054058

FF - user.js: google.toolbar.button_option.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - true

FF - user.js: google.toolbar.component.bundled.dictionaries_config.json - 7.1.20110512

FF - user.js: google.toolbar.component.bundled.share_providers.json - 7.1.20110512

FF - user.js: google.toolbar.component.bundled.suggest_window.html - 7.1.20110512

FF - user.js: google.toolbar.custombuttons.list - gtbSearchImages,gtbCountrySearch,gtbSearchLocal,gtbSearchSite,gtbSearchNews,gtbSearchVideo,gtbSearchWebhistory,gtbFeelingLucky,gtbSearchGroups,gtbSearchBlogs,gtbSearchBooks,gtbSearchCalendar,gtbSearchDocs,gtbSearchPhotos,gtbSearchScholar,gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml,gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml,gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml

FF - user.js: google.toolbar.custombuttons.migrated - true

FF - user.js: google.toolbar.custombuttons.order.migrated.to.v6 - false

FF - user.js: google.toolbar.custombuttons.version - 1

FF - user.js: google.toolbar.done_page_shown - AU_3.1.20081010

FF - user.js: google.toolbar.enhanced_features.week - -1

FF - user.js: google.toolbar.firstrun.done - true

FF - user.js: google.toolbar.google_home - www.google.nl

FF - user.js: google.toolbar.google_home.default - www.google.nl

FF - user.js: google.toolbar.install_id - qeoEXlA1Y819UJ5vx9pOZH7VzwuiGy5koK1eMpyEoHPs

FF - user.js: google.toolbar.install_ping_acked - true

FF - user.js: google.toolbar.last_ping_attempt - 1338967666101

FF - user.js: google.toolbar.never_show_done_page - false

FF - user.js: google.toolbar.opted_into_advanced_features_1 - true

FF - user.js: google.toolbar.rlz - 1B3GGGL_nlNL247NL255

FF - user.js: google.toolbar.safebrowsing.keyupdatetime - 1339130996

FF - user.js: google.toolbar.search-icon - data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97h0f9JeBz/NHoA/z98Av9AfAD/PHsA/0F6AP8AAAAA/vz7/1+33/8Mp+z/FrHw/xWy8f8bs/T/Hqrx/3zE7v////7/t8qp/zF2A/87gwH/P4ID/z59AP8+egD/Q3kA/97s8v8botj/ELn3/wy58f8PtfL/D7Lw/xuz9P8vq+f/8/n///779v9KhR3/OYYA/0GFAv88hgD/QIAC/z17AP/0+/j/N6bM/wC07/8Cxf7/CsP7/wm+9v8Aqur/SrDb//7+/v///P7/VZEl/zSJAP87jQD/PYYA/0OBBf8+fQH///3//9Dp8/84sM7/CrDf/wC14/8CruL/KqnW/9ns8f/8/v//4OjX/z+GDf85kAD/PIwD/z2JAv8+hQD/PoEA/9C7pv/97uv////+/9Xw+v+w3ej/ls/e/+rz9///////+/z6/22mSf8qjQH/OJMA/zuQAP85iwL/PIgA/zyFAP+OSSL/nV44/7J+Vv/AkG7/7trP//7//f/9//7/6/Lr/2uoRv8tjQH/PJYA/zuTAP87kwD/PY8A/z2KAP89hAD/olkn/6RVHP+eSgj/mEgR//Ho3//+/v7/5Ozh/1GaJv8tlAD/OZcC/zuXAv84lAD/O5IC/z2PAf89iwL/OIkA/6hWFf+cTxD/pm9C/76ihP/8/v//+////8nav/8fdwL/NZsA/zeZAP83mgD/PJQB/zyUAf84jwD/PYsB/z6HAf+fXif/1r6s//79///58u//3r+g/+3i2v/+//3/mbiF/yyCAP87mgP/OpgD/zeWAP85lgD/OpEB/z+TAP9ChwH/7eHb/////v/28ej/tWwo/7tUAP+5XQ7/5M+5/////v+bsZn/IHAd/zeVAP89lgP/O5MA/zaJCf8tZTr/DyuK//3////9////0qmC/7lTAP/KZAT/vVgC/8iQWf/+//3///j//ygpx/8GGcL/ESax/xEgtv8FEMz/AALh/wAB1f///f7///z//758O//GXQL/yGYC/8RaAv/Ojlf/+/////////9QU93/BAD0/wAB//8DAP3/AAHz/wAA5f8DAtr///////v7+/+2bCT/yGMA/89mAP/BWQD/0q+D///+/////P7/Rkbg/wEA+f8AA/z/AQH5/wMA8P8AAev/AADf///7/P////7/uINQ/7lXAP/MYwL/vGIO//Lm3P/8/v//1dT2/woM5/8AAP3/AwH+/wAB/f8AAfb/BADs/wAC4P8AAAAA//z7/+LbzP+mXyD/oUwE/9Gshv/8//3/7/H5/zo/w/8AAdX/AgL6/wAA/f8CAP3/AAH2/wAA7v8AAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAA==

FF - user.js: google.toolbar.searchdomaincheck.done - true

FF - user.js: google.toolbar.spell_check.dictionary.words2 -

FF - user.js: google.toolbar.spell_check.lang - nl

FF - user.js: google.toolbar.spell_check.last_lang - nl

FF - user.js: google.toolbar.translate.target_lang - nl

FF - user.js: google.toolbar.translate.updateFlag - true

FF - user.js: google.toolbar.usage_stats.default - false

FF - user.js: intl.accept_languages - nl

FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, ISO-8859-9, UTF-8, ISO-8859-15

FF - user.js: metrics.event-count - 0

FF - user.js: microsoft.CLR.auto_install - false

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.http.proxy.version - 1.0

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false

FF - user.js: pref.browser.homepage.disable_button.current_page - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: spellchecker.dictionary - nl

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1339166194

FF - user.js: urlclassifier.tableversion.goog-black-enchash - 1.62997

FF - user.js: urlclassifier.tableversion.goog-black-url - 1.25401

FF - user.js: urlclassifier.tableversion.goog-white-domain - 1.493

FF - user.js: urlclassifier.tableversion.goog-white-url - 1.371

.

.

------- Bestandsassociaties -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0413.EXE

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE

AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0413.EXE

AddRemove-EPSON Scan! II - c:\program files\epsonscannerdrivers\DeIsL2.isu

AddRemove-MagicDisc 2.7.105 - h:\progra~1\MAGICD~1\UNWISE.EXE

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

AddRemove-Microsoft Plus! Windows CE, Handheld PC Edition 3.0 - j:\vraagteken\alle geinstaleerde dingen\Uninst.isu

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-23 13:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@?`??????w???w???????w???w;??w?r@????? ???????????????d???????????????????????4????????$?w???????????sI??s???s@????????????a?wx??st???????B-?s???????????????s???s?????n?w????Y??sL;??D??s??@??4@?X;?????????

LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????\??? ??|h??|????a??|Nj?w?j?w????????0??? ???????????????d??????|????????p????u@????????????????s???????s???sx??s@?????????????}|h??st??????????s?????????????????C?sc"?sx??s??????:~??@?N'?s?;???4@? ;?????????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt"

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\SecuROM\License information*]

"datasecu"=hex:02,bd,4e,ee,17,04,52,9b,f9,e0,34,2e,47,f2,ac,2b,be,74,fc,78,f1,

0f,68,25,1f,74,40,11,98,ab,a4,9b,a0,e2,aa,62,4b,e1,0d,6a,c8,ae,af,6e,45,70,\

"rkeysecu"=hex:67,68,7a,37,96,63,29,84,de,3d,d0,37,0e,0f,6d,63

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3216)

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Browser MOUSE\MOUDL32A.DLL

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\PRISMSTA.EXE

c:\progra~1\MI3AA1~1\rapimgr.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-23 13:36:34 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-23 11:36

.

Pre-Run: 5.268.869.120 bytes beschikbaar

Post-Run: 5.904.068.608 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - A73E9D8E4622A8C79ECDB114F5C72000

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:10:30, on 23-6-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17109)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Browser MOUSE\mouse32a.exe

C:\WINDOWS\system32\PRISMSTA.EXE

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll

O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe

O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htdocs/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192972525500

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194005729359

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-a6bbb6c683e394c4.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 10343 bytes

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\System32\XDva031.sys

c:\windows\system32\XDva039.sys

c:\windows\system32\XDva068.sys

Driver::

mailKmd

XDva031

XDva039

XDva068

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[frank12444]

ComboFix 12-06-23.05 - Adrie 23-06-2012 14:59:27.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.545 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Adrie\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Adrie\Bureaublad\CFScript.txt

AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

FILE ::

"c:\windows\System32\XDva031.sys"

"c:\windows\system32\XDva039.sys"

"c:\windows\system32\XDva068.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_XDVA031

-------\Legacy_XDVA039

-------\Legacy_XDVA068

-------\Service_mailKmd

-------\Service_XDva031

-------\Service_XDva039

-------\Service_XDva068

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

.

2012-06-23 10:34 . 2012-06-23 10:34 -------- d-----w- c:\documents and settings\All Users\Favorieten

2012-06-22 13:36 . 2012-06-22 13:36 1409 ----a-w- c:\windows\QTFont.for

2012-06-22 12:59 . 2012-06-22 12:59 388096 ----a-r- c:\documents and settings\Adrie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 12:59 . 2012-06-22 12:59 -------- d-----w- c:\program files\Trend Micro

2012-06-20 14:31 . 2012-06-23 12:52 -------- d--h--r- c:\documents and settings\Adrie\Onlangs geopend

2012-06-09 11:29 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2012-06-09 11:26 . 2012-06-09 11:27 -------- d-----w- c:\program files\Defraggler

2012-06-09 11:24 . 2012-06-09 11:30 -------- d-----w- c:\documents and settings\Adrie\Local Settings\Application Data\Temp

2012-06-08 19:30 . 2012-06-08 19:30 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Search

2012-06-08 11:19 . 2012-06-08 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2012-06-08 11:18 . 2012-06-08 18:40 -------- d-----w- c:\documents and settings\Adrie\Application Data\IObit

2012-05-31 07:20 . 2012-05-31 07:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-25 10:29 . 2012-05-25 10:29 -------- d-----w- c:\documents and settings\Adrie\Application Data\Windows Desktop Search

2012-05-25 10:28 . 2012-05-25 10:28 -------- d-----w- c:\program files\Windows Desktop Search

2012-05-25 10:25 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-05-25 10:25 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-05-25 10:25 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-17 09:17 . 2009-10-07 10:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2012-05-31 13:22 . 2003-12-29 16:10 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-31 07:20 . 2011-05-20 08:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-22 17:05 . 2012-05-22 15:39 14664 ----a-w- c:\windows\stinger.sys

2012-05-22 15:54 . 2012-05-22 15:54 159608 ----a-w- c:\windows\system32\mfevtps.exe.c775.deleteme

2012-05-22 15:38 . 2012-05-22 15:38 159608 ----a-w- c:\windows\system32\mfevtps.exe.55ec.deleteme

2012-04-11 13:55 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2002-09-09 13:17 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:55 . 2003-12-28 22:02 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-04-04 13:56 . 2010-08-12 11:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-23_11.23.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-23 13:19 . 2012-06-23 13:19 16384 c:\windows\Temp\Perflib_Perfdata_104.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRISMSTA.EXE"="PRISMSTA.EXE START" [X]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-10-03 40960]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-09-12 65536]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2006-12-13 360448]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-03-28 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 54784]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKLM\~\startupfolder\C:^Documents and Settings^Adrie^Menu Start^Programma's^Opstarten^MagicDisc.lnk]

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ImageFox.lnk]

backup=c:\windows\pss\ImageFox.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]

backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk]

backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^REALTEK RTL8187 Wireless LAN Utility.lnk]

backup=c:\windows\pss\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^UltraMon.lnk]

backup=c:\windows\pss\UltraMon.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMBROWSEMOUSE2]

2006-12-13 14:48 550400 ----a-w- c:\program files\Browser MOUSE\R2M.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 16:34 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 14:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]

2003-05-12 13:28 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]

2003-06-25 09:53 204800 ----a-w- c:\program files\Launch Manager\OSD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2002-12-10 15:54 127022 -c--a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-03-09 13:29 7561216 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-03-09 13:29 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-03-09 13:29 1519616 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2004-01-29 17:12 57344 ----a-w- c:\program files\Home Cinema\PowerCinema\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-11-10 15:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\powerman]

2003-12-23 19:48 126976 ----a-w- c:\windows\system32\powerman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 21:37 413696 ----a-w- c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-09-29 14:00 155648 -c--a-w- c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2003-11-20 15:18 499712 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2003-11-20 15:19 98304 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]

2008-02-07 10:00 90112 -c--a-w- c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=

"c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"h:\\program files\\redalert3\\Data\\ra3_1.0.game"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9068:TCP"= 9068:TCP:BitComet 9068 TCP

"9068:UDP"= 9068:UDP:BitComet 9068 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6-1-2008 13:16 715248]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 8:23 108792]

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6-12-2007 22:03 660768]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6-7-2011 15:45 38144]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11-9-2009 8:24 735960]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [20-9-2002 19:29 53248]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23-12-2008 17:35 50704]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14-9-2008 17:32 10496]

R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [16-10-2003 2:15 364320]

S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [30-12-2006 20:45 15104]

S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [20-9-2002 19:27 77824]

S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20-9-2002 19:41 77824]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [27-5-2009 14:53 223232]

S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [9-7-2009 12:51 7888]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt --> k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4-9-2009 18:56 1527900]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4-9-2008 19:32 47360]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6-7-2011 15:45 332928]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [4-1-2009 18:08 98488]

S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [25-3-2011 15:42 384752]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append Link Target to Existing PDF

IE: Download All Files by HiDownload

IE: Download by HiDownload

TCP: DhcpNameServer = 192.168.178.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Adrie\Application Data\Mozilla\Firefox\Profiles\x7qbfdgj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: accessibility.typeaheadfind.flashBar - 0

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1339045178

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1339045178

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1339045178

FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1338454994

FF - user.js: app.update.lastUpdateTime.restart-nag-timer - 1225570569

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1339045179

FF - user.js: browser.anchor_color - #0000FF

FF - user.js: browser.display.background_color - #C0C0C0

FF - user.js: browser.display.use_system_colors - true

FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\Adrie\\Mijn documenten\\Mijn afbeeldingen

FF - user.js: browser.download.manager.alertOnEXEOpen - true

FF - user.js: browser.download.save_converter_index - 0

FF - user.js: browser.fixup.alternate.enabled - false

FF - user.js: browser.history_expire_days - 20

FF - user.js: browser.migration.version - 1

FF - user.js: browser.places.importBookmarksHTML - false

FF - user.js: browser.places.importDefaults - false

FF - user.js: browser.places.leftPaneFolderId - -1

FF - user.js: browser.places.migratePostDataAnnotations - false

FF - user.js: browser.places.smartBookmarksVersion - 1

FF - user.js: browser.places.updateRecentTagsUri - false

FF - user.js: browser.preferences.advanced.selectedTabIndex - 0

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.search.defaultenginename - Google

FF - user.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage - hxxp://www.startpagina.nl

FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.0.14

FF - user.js: browser.visited_color - #800080

FF - user.js: distribution.google-cjk.bookmarksProcessed - true

FF - user.js: extensions.enabledItems - {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - user.js: extensions.lastAppVersion - 3.0.14

FF - user.js: extensions.mozilla.metrics.event-count - 0

FF - user.js: extensions.update.notifyUser - false

FF - user.js: flashgot.custom.Retriever.maxLinks - 10

FF - user.js: flashgot.defaultDM - BitComet

FF - user.js: flashgot.detect.cache - (Interne downloadbeheerder),HiDownload,BitComet

FF - user.js: flashgot.dmchoice - false

FF - user.js: flashgot.version - 1.1.8.7

FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)

FF - user.js: google.toolbar.auto_page_translate.rules.blacklist - nl

FF - user.js: google.toolbar.auto_page_translate.rules.whitelist -

FF - user.js: google.toolbar.button_option.cached.gtbCountrySearch - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbCountrySearch\ tooltip=\gtbMultilineTooltip\ label=\Nederland\ fullText=\Nederland\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbFeelingLucky - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbFeelingLucky\ tooltip=\gtbMultilineTooltip\ label=\Ik doe een gok\ fullText=\Ik doe een gok\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchBlogs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBlogs\ tooltip=\gtbMultilineTooltip\ label=\Zoeken in blogs met Google\ fullText=\Zoeken in blogs met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAYBJREFUeNqUkjtOA0EMhr1LRDYUtCCliKiQ4AB0CIkLQIkENHCgiAMgIeAAiANQ86iQoEcUqSkSsrvjMX7MLLME8bBi2Zkdf/49MxkRwcndMU0QYeLYMXH97yH9Ng756PAmA7Z8eHtEpfdQewIkc07NQSKZg0X+cQaweLopATpClaKKKyry4Dh3lMJmgaKaFBMA8rFmFaKkUjWmyPk2DIMS5P1o9QLwSnVBQYUJiMRJYwS5ZFQDODRA8CpRImNFNRKjItcCoAGwAVAzTonfQHSfqVbAmBUQRABwFyuKSspUUVAosHAEpkBOFQGaGWvdLOdBbUBy3dE6ktpVQjNGPNB0lAiSNbEizzVm+f4a7e6t6gMZTafwVjuFSKflogvzeWY3odfqG+mP16+A509ZJvLnDtZ1fWNnwJBSFfR7BdxfvYD0kZ72Aj+l08WzPmUFRFu53KZ3ljtY6MEDF0sH+MXyrwv9XvfPxTO2dLZFciYU3jvnP+5P1ZucfxRHwIcAAwAX2fYcgJ+EGwAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchBooks - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchBooks\ tooltip=\gtbMultilineTooltip\ label=\Zoeken naar boeken met Google\ fullText=\Zoeken naar boeken met Google\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAiNJREFUeNp0kztvE0EUhc/Ya5uEFCsiiJQiwjJIiAaLAkSFRUPrAgpqfgBQUSL/gkBBDRJFCpB4SBFNikAVCRE5giISTmQkjCP8iNfG6915MjO7fuKMdKTdO3O/e+beXXJzSxXWs/U8gAda57VKWk+v5lY7mFi7B7/N3hOt4iBkL299WHsfPMY20QB1xhG4d7aDC6fo8LxJfmZA8ftDU4AL6W5WM3jxLYUjL0BYWiGO2W3zJJ7Xl5HLUNx2e7i4SN242hWtgpTK/dpI4tX+Asq1EIzqQioiO8OSSgf2+2l895ZxbWmAG66PS0u0uNdO4u2hg51fCjTwIQVGyRYgRPQuJWCeOQc+Nxew8amOQesYK+kuFnOXIZiwRZScykeCMWhLWiySAXANCrwuglYDYevIwodSk9nGAWVR0EiYQyICKGNHMhDJpwByHsB4MhvDQyYXgoMIaiE2Fmt2OSxuqJoBKE5BeADi0Cgu/rc/vkIMUEOAqcRDENbXgMAC51WfuoKauQaoD0J7IKnIwUnLCX3dKCc1auQY0Eci9EAyBGpepm6uHWN752PHr/20I6TxKBmPHUg2t6r0/oAe7Np/JaGblfV/fCn9LW+BHjfsCE+yrPwuWHUPvF4p6SllTYyMdu+8Nn/besJdLTpreSTLG0CzgnNuGvL6fdQqh5C95jt95hHe3K1Gn7+aAIxBBQvig7y5ZzqVQEBOl+PE7SlHGvBPgAEAhIhYJbvKryMAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchCalendar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchCalendar\ tooltip=\gtbMultilineTooltip\ label=\Google Agenda\ fullText=\Google Agenda\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAldJREFUeNp8U01oU0EQ/t4zeU00iWLxr2nFXlSohyCkrTcv6kH0VAVPiiBeBfHmoUfBn4NHEQTxZKugN0FQNFiEgBfbElQkmor2x6bv2TQvb3fH2d2X0ODPwDCbt/N9M9/sxCEipK4pgpIgdsiIXYBky5xJcBQhR+uImiB2df+YAzbXgElBfXsLURqH+l4Gf4Ax0tE6LVdAlQeglQ/myjnzxCS5ujKUwoa5F1CLM5xQhSbUboiYRHeJxg9QUIW39tkSky2SMG1zcqZ4Ef37D+JnuoAgVIbUkJO9zw2OonfPdiyG29DyQ1tEExjNXCmQPfCTh4CWYCDPQAPj7nQMGoAv8ka/BVObQMStKgz1ClwoNJHPCLypEm6VWAaTjfYrDPc5mHynUFtSdtgdCXraZmAKp/f+wtHdLdQbLVwa8fCFk7NJhauHHUjpYuojobYgbGexuUYCPxVxvPEqwsjtOm5yVJyUz0hMfQowUa7zb9sNccdt/bYD/c7xtH1KoHo5Z6au/dl0gJl5F5PTCZw4oCyYSdYbdxB2LcqpO1XcLS2ZiueKPXaZ2IWUJra1dwgoCjvbdmQwgu/uwMRsmjUr7Mooc0ci4lnrTe0GxxLC+EUUzhaSGB5wjURd8d7rBT7omTlQ9CfYbKR7/iW11za/cRXFnWvIplw8n13FXCNnNGc9iX2b66isbOElcztgejjmJBB6INc3BLW6g9pyyr6z2sTfIpOoQeX5rd2VKW0l9PmP4Q2NQbaXY92W/cuSSQ/N94/4dJyJGDRw8sr/EX+xr0+vm7/zbwEGAAc7ldeFiLAmAAAAAElFTkSuQmCC\ hassend=\true\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton>

FF - user.js: google.toolbar.button_option.cached.gtbSearchDocs - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchDocs\ tooltip=\gtbMultilineTooltip\ label=\Google Documenten\ fullText=\Google Documenten\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAfxJREFUeNqEU8tOFEEUPcXMIII6gisxkogkGk0gceUs3bHgB4wkfAD/IIlbl/yBBj/ApTEhIS5MXBAzhhiBlTIsZoQZm+7pqdf1VlV3T08YY3Vu30pVnXNPnaoSRIS8vW6CzhRwJkP0uD93BVi7Dazfh8jXCRG6DlvNB7cPQJK5tAWMyxwp95s9oMLzFQI9XwokDpiTTOQEkQaOv+3jYPc94iSBZLDKwqlppcC7IwzlZq0gcHK/f97F8dcvqHZb6JugYMDRVYGgTJJvvSA450X1Rw3MP1xBdOMOYiaIWZUj6rGcVn9IslNSUnjgZFYfNCCXgFMG/WHCCyaQ2uBXfIFuPIGalRwKkzrBUfsWbTXqQuRSnn0EObmpq8wRMUGfHTVawqoBrB74bFTIc5NAe/OxKBR0BmwYBYLEhMrWKAbKLGvOGpRFx+2vvIWODEeorYW1AUweJD0JcSbNY26c5y95kEieIMuTHMZwVr6S9SCZKZFeBUqnWRAYmWLqpIna+QmixaewlZqv5mVrlSlhY7jI2HtgZR/Xfuyh3mpiWbTZqDSYlxs4BjyqgAG9hSdYnJY4pBnvtjfMar8lXL6EowRXSSKaXcCe8yF2fphgFo0H3pyqjRJc//QG91Y3PMB9/yhYtN8f3vJ/GaL8nO++ePkf2LD93Hnln+NfAQYAumFzRInKlVsAAAAASUVORK5CYII=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchGroups - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchGroups\ tooltip=\gtbMultilineTooltip\ label=\Google Discussiegroepen\ fullText=\Google Discussiegroepen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchImages - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchImages\ tooltip=\gtbMultilineTooltip\ label=\Google Afbeeldingen\ fullText=\Google Afbeeldingen\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchLocal - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchLocal\ tooltip=\gtbMultilineTooltip\ label=\Google Maps\ fullText=\Google Maps\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchNews - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchNews\ tooltip=\gtbMultilineTooltip\ label=\Google Nieuws\ fullText=\Google Nieuws\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbGadgetButtonWithSeparateMenu\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchPhotos - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchPhotos\ tooltip=\gtbMultilineTooltip\ label=\Picasa Webalbums\ fullText=\Picasa Webalbums\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAt9JREFUeNpcU01ME0EU/rbdtvzTghWKFCPhRyQShaiRHz2YeECTwsnEgx48wQkTMJwkHIwHOaAXPBhvJkZjQAU5eCLBkyYmBYuJRiihECgtULptd2d3xzdbStCXvMzs5H0/782shCORTsXcnPMRnWkD+C90XR3nJh8tP167mzujWki5j0w63sM0dVLspcVvMKKbYEuL4P5a8NaLQFmZVSdB6vVW1k/9Q3AITnJoW8twvH4GlspAVzJglGrnNfh6KqHKzWCSVwB7K3yNU4LAlla23QLM4xyxl2vYeW9D6spdGDYZpm6CGyZJAQ4WROn+Y8j6CiRJmtyIhNxC3CZ6Fpv42wipaqSoIT5fAPN6H4yiEpjMADeJiG1AyiyhZHc4NwALZzMMfSC9kIQaI8tUbBiGRbL50wbnENX4TmRd6FHKCOxqEPLeG9hlhzVo2ZrBugLGmKVkUDH3SzgWqIBcXIjC4YfgUQIbnykZKUvQk6tAadaILAaRXlNIncE0qdk6O6punYTT6SSXpFxQgMIaP3gkH1wrBkw7SpxhJA5uzyYm5KhxkQMdyoV8fOlqIrDDAgvywzXtgZmspPRhR20lp3rWQWI/Aaffhc3LxRh1n4MzrOB2jUq0/ICAW60lHR2QmFPcADL5TTBT6SzBysofNJ85i/FYNULbHC0uDV9jQUyvzyFFA02Ssz2dIanRbbA8NLh8eFTRiuVwGLV1RBBc+IH6ugYMnOKYX8+jFlWE9sKYi4ag6AYSOhFoDEwjOVXCvfNXIUYlcB2d3bD19Q1J7yYn0e7leNW2g2pysE+gjYyKLVWlfrPgIjMPT1vuoLvxEj7OfILAWU9b9ChiYuIJ7w0E6G1zfN/+jee/ZrGqxFDl8KC9/DS6/W3wFnnwYXrGAlO9WLPvQMTBocUWuHkDL7rui9dm3YKqaaQ6e1h39C+VxVRzLhQl5RkcHNnNER0NARwbG3UfuEV//wPLwV8BBgAilqQLWMIqvAAAAABJRU5ErkJggg==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchScholar - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchScholar\ tooltip=\gtbMultilineTooltip\ label=\Wetenschap\ fullText=\Wetenschap\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////4yMjP9OV1r/PktM/7W1tf////////////////////////////////////////////////////////////////8hJCj/ZL72/1Oezf9ra2v/////////////////////////////////////////////////////////////////SkpK/1Oi1f9Dhqz/lJSU/////////////////97e3v/39/f//////////////////////////////////////4yMjP9Lkrz/MmqM/+fn5////////////56Zl/+QQTD/bktF/8bHxv////////////////////////////////+cnJz/Q4a0/ylVa//Nzc3/kIyM/3dHPv/eXDn//2xC//9sQv+tTDH/hGRb/5eXl/+1tbX/3t7e////////////ra2t/0OGrP9LboT/lC8h/95UMf/3XDn//2xC//9sQv//bEL//2xC//dgOf/GRDH/czAh/5SUlP///////////97e3v9Afpj/X3mH/3ssGP/nUDH/91g5/7VMMf+cQCn/nDsp/61IKf/3WDH/71Ax/0oYEP/n5+f////////////39/f/GDhS/21vcv8wHxf/nDMh/5wzIf/eTDH//1Q5//9UOf/nTDH/pTch/4wrGP9EJh//////////////////jIyM/zFJWv9SLCn/zkQx//9UOf//VDn//1Q5//9UOf//VDn//1Q5//9UOf//VDn/pTMh/0w3Mf+xsLH//v7+/z4fF//GQCn/xkxC/71QSv+cREL/pURC/3swMf9rJBj/vUAp//9UOf//VDn//1Q5//9UOf//UDn/ShgQ/zAzMP/v7+//jIyM/2ZBN/+MKyH/70wx//9UOf//VDn/xkAp/85EMf//VDn//1Q5/95IMf97KBj/Nh8Y/4SGhP/n5+f/////////////////xsbG/1dVUv9wJx//xkAp//9QOf/GOyn/cyQY/1IzMP9zc3P/xsbG////////////////////////////////////////////5+fn/4SEhP82LCn/e3t7/97e3v//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchSite - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchSite\ tooltip=\gtbMultilineTooltip\ label=\Site doorzoeken\ fullText=\Site doorzoeken\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbSearchVideo - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchVideo\ tooltip=\gtbMultilineTooltip\ label=\Google Video\ fullText=\Google Video\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAghJREFUeNpsksFrE0EUxr83M7ubpkK0tLYB9VArUolHvfUgvXn3Ih79Q/wL/AMURNSrQs8eBEF67E3sIbSUpralIDQsscnOjO/NzCZd6ZKXmd2d7zff93bIe4/tr8f+sF/i90GJvKXRe7QAbQhyfdsaYH93iLVeBxtPu+HZqKzw4fUu3n/fJPr8tu/zQoUX5bDCYL+EQNcedKaQnR9n2Ps1xK3VeTx+cjM8G/+1+PJuD3p9+cWrG4sFslxBQNoonByOcHo0wlK3BaUJ3TvtAO//PMf5nzFu370W1t172AE9v//Ri7g9b1BfsngydijmNObaevr8ZDAK7hYWWxw1ujbLvdWwuxG7RHDWoc3iauK5XCiBTXgsVuL87ILHIb/juZEFznlMSACA57nc20rKwVq+ryu986kcuzFC1JyTYr/YIuJCFohYNqgh9j8Q+Bcd2CZActYCcVKJEx5d1QQpRdGBUhKfmoDaRTWDXAbJuoy/2hUA34hxGRJANkaSMxKaL52k8EVijBowbaaNO4Z+iAP+OnI25MTm0YFlQNxd/n0dw/mmi+REcou44DJZikDpE14JSBDvEGznRRRnWTpI7oLzKhfVwKwPLkIEJhGlYSIOtpMYrDVHfgvr158F0QwQR4mmpUxdKkSQzTS73j7+BBJhb+XlTJ2aQampYc4TcUFoXjsHb+ifAAMAoBeO3DWt6ZQAAAAASUVORK5CYII=\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton>

FF - user.js: google.toolbar.button_option.cached.gtbSearchWebhistory - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbSearchWebhistory\ tooltip=\gtbMultilineTooltip\ label=\Webgeschiedenis\ fullText=\Webgeschiedenis\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml\ tooltip=\gtbMultilineTooltip\ label=\Gmail\ fullText=\Gmail\ image=\data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg42v84ONr/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+np/n/ODja/zg42v84ONr/ODja/+Li////////////////////////////////////////////////////////4uL//zg42v84ONr/ODja/zg42v+np/n/4uL/////////////////////////////////////////////4uL//6en+f84ONr/ODja/zg42v84ONr/4uL//6en+f/i4v////////////+BgfL/gYHy////////////4uL//6en+f/i4v//ODja/zg42v84ONr/ODja///////i4v//p6f5/7a2//+BgfL/Wlrp/1pa6f+BgfL/trb//6en+f/i4v///////zg42v84ONr/ODja/zg42v///////////7a2//+BgfL/Wlrp/zg42v84ONr/Wlrp/4GB8v+2tv////////////84ONr/ODja/zg42v84ONr///////////+BgfL/Wlrp/zg42v+2tv//trb//zg42v9aWun/gYHy////////////ODja/zg42v84ONr/ODja//////+BgfL/Wlrp/zg42v+2tv////////////+2tv//ODja/1pa6f+BgfL//////zg42v84ONr/ODja/zg42v+BgfL/Wlrp/zg42v+2tv///////////////////////7a2//84ONr/Wlrp/4GB8v84ONr/ODja/zg42v84ONr/ODja/zg42v+2tv//////////////////////////////////trb//zg42v84ONr/ODja/zg42v84ONr/ODja/zg42v+BgfL/p6f5/6en+f+np/n/p6f5/6en+f+np/n/p6f5/6en+f+BgfL/ODja/zg42v84ONr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AAD//wAA//8AAA==\ hassearch=\true\ type=\menu-button\ class=\gtb-custombutton gtbHelperIcon gtbButtonWithSeparateMenu\><menupopup class=\gtbButtonFeedMenupopup\/></toolbarbutton>

FF - user.js: google.toolbar.button_option.cached.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml\ tooltip=\gtbMultilineTooltip\ label=\Knoppenlijstj\ fullText=\Knoppenlijstj\ image=\data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAcNJREFUeNpsU7tOAzEQXF8uCgLCQ+IHkICa74ACISEaOh4SNeIXqGmgA0o+AAlqhBDiG6CkoQHEI+Tu/FhmbcdJjlia2+TsnZ0d7ykaWMzs49Y98XtFJHgDPiqmtw2lZE+FkM5ngwSyuf9IbMBje8B7B7QvuzyY3FtZ/UWB02UECpNGdM5JORq1Mq5tdAxR1waiArGSXBAwWxrVbi6P3QdmqfiLMz8m4DcSVVYkGGJraezslZ0uyOnSd+wfm3fg5lBJEoTkG8nfmugLZmitkV8iqfKJnsD/Bw6XVS5O29hrEVV0ogpjLCqbCI1WEJ0NYBdakGtyQsDBOFHRRWULyc5UHmz0MAl+90xNBCaqMJIoFaxI1yFGJDXOJTPz6aajT5A0ieGopR9fuS/bJ0NFA5XHc4eZQKU8o5lWHq6xON2jSSqprQqgosyWwSSPfgsZa5oGwUwrJDevjsPwyX0ure6kYXhZPwomeakmSDdBzcLtSZL+dH2u0hz07lQWromT07Fn55Jp/2Y5q8/3/ATTbG5pKjM01UBsMs2NNWhhtjV0DqppJOPiyjabtQOqj3jsWT3fXAyNsxo134Oe1Huuf85/AgwABNSAmdF/QsEAAAAASUVORK5CYII=\ type=\menu\ class=\gtb-custombutton gtbHelperIcon gtbWholeMenuGadgetButton\/>

FF - user.js: google.toolbar.button_option.cached.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - <toolbarbutton xmlns=\hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\ id=\gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml\ tooltip=\gtbMultilineTooltip\ label=\Google Earth\ fullText=\Google Earth\ image=\data:image/x-icon;base64,R0lGODlhEAAQAPfDAA40ViRReM7q/c7h8hA6XxM/ZjpUbDpVbgUrTB88VqSuuBJNgQw5YRVOgS+BwlNpfQ8yUhhJdRxMdgkvUqy7ytHd59Xe5Nfe5UZjfiZoojlad0FhfvD095umsSNln32SpU9meytzsCJzummCmCZmnUqp7CBWh7S+x6S+1RY8X3SJm0FedzqGxp2tupams2d5iRYzTRRYlD6V1i54uKSwuxw7V2F1hkRbb4merx5SgImaqU1tih08WV638vv7/Mzd66i1wZKjsiJAWwcpRwc3YwAkSDJijEODvG+ZvszU3AYqSqS1xNHo94Cqzm6p2hpFbDuX2yiByV1/nVN0kVOGsmOBmwYpSCJai2at41mv6nWv4B1ioSRnoqvM6O/y9dzs+dzi6DRcfjWS1xMzUCdqpVBpgCpyrypspn6QnxVQhg8zVF6HrIOVpTxbdx5RfWqJpqu8zC+CxCVkm/Hz9Qo0WSZWgRQ6Wyt5uziR05mxxz1cdx9dlTJzrk5pgDWFyh5Jb5Souc3b5vn6+3ms2TZXdFt3j4mZp0qBswErUFam4aazvoGmxdDb5GuBlR5vt4+hsGCUwiNglhI/aS9kk3mRpp650B1OelBofaexvPX4/JilsGeIpEVccFd+oZ2uvofM9hhBZR5VhxhQgqvA0tHZ36G91wsqR/z8/C9/wCZtrGyFmwsqRihspxE5XKne/TthgqOzwaa0waKywdDi8wkrSltugTVfhHqYtBdQhOfs70llfXKGl+34/pajryx2tT9ffS58vBIvSf///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAMMALAAAAAAQABAAAAj8AIcJFDjq1psqqoAMXDgMxZZUkEoFshBrhSKGSI4McuLH0Zk1jASpQDOwUpNMwoR90SIihhsKwnbREEhlFhNeKYV14bPgTxIfBoblOcQi0SdXAlL+mESE0JwTmDp5uCMjS48SWAYIqxAGkS5DNupEMhMHDxQxUWYs4pBLQxFanAKYIBECmANUvriksSWLVCMhN6ZEaLAnAysycq5YKkCnjY4HtQC92mREFK5QOSQ8AZVCjZVVCobtEOYFjpQAkhgQaAUAwphgAnF4SnnqwhJKhTD0OQCjw8ARsMBs+PWhRRA2lxK8YPhIjx0AExAoGWJKE8OBLsrwqAGiF8OAADs=\ hassearch=\true\ class=\gtb-custombutton gtbHelperIcon gtbSimpleCustomButton\/>

FF - user.js: google.toolbar.button_option.gtbAutoFill - true

FF - user.js: google.toolbar.button_option.gtbBookmarks - true

FF - user.js: google.toolbar.button_option.gtbSearchBookmarks - true

FF - user.js: google.toolbar.button_option.gtbSearchGoogle - true

FF - user.js: google.toolbar.button_option.gtbSidewiki - false

FF - user.js: google.toolbar.button_option.gtbSpellCheck - false

FF - user.js: google.toolbar.button_option.gtbTranslate - true

FF - user.js: google.toolbar.button_option.gtbTranslateMenu - false

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml - true

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml.feedUpdate - 1339045199

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml - true

FF - user.js: google.toolbar.button_option.gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml.feedUpdate - 1339054058

FF - user.js: google.toolbar.button_option.gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml - true

FF - user.js: google.toolbar.component.bundled.dictionaries_config.json - 7.1.20110512

FF - user.js: google.toolbar.component.bundled.share_providers.json - 7.1.20110512

FF - user.js: google.toolbar.component.bundled.suggest_window.html - 7.1.20110512

FF - user.js: google.toolbar.custombuttons.list - gtbSearchImages,gtbCountrySearch,gtbSearchLocal,gtbSearchSite,gtbSearchNews,gtbSearchVideo,gtbSearchWebhistory,gtbFeelingLucky,gtbSearchGroups,gtbSearchBlogs,gtbSearchBooks,gtbSearchCalendar,gtbSearchDocs,gtbSearchPhotos,gtbSearchScholar,gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml,gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml,gtbutoolbar-google-com_MXE8GT6B9RBHXCGLZ06L-xml

FF - user.js: google.toolbar.custombuttons.migrated - true

FF - user.js: google.toolbar.custombuttons.order.migrated.to.v6 - false

FF - user.js: google.toolbar.custombuttons.version - 1

FF - user.js: google.toolbar.done_page_shown - AU_3.1.20081010

FF - user.js: google.toolbar.enhanced_features.week - -1

FF - user.js: google.toolbar.firstrun.done - true

FF - user.js: google.toolbar.google_home - www.google.nl

FF - user.js: google.toolbar.google_home.default - www.google.nl

FF - user.js: google.toolbar.install_id - qeoEXlA1Y819UJ5vx9pOZH7VzwuiGy5koK1eMpyEoHPs

FF - user.js: google.toolbar.install_ping_acked - true

FF - user.js: google.toolbar.last_ping_attempt - 1338967666101

FF - user.js: google.toolbar.never_show_done_page - false

FF - user.js: google.toolbar.opted_into_advanced_features_1 - true

FF - user.js: google.toolbar.rlz - 1B3GGGL_nlNL247NL255

FF - user.js: google.toolbar.safebrowsing.keyupdatetime - 1339130996

FF - user.js: google.toolbar.search-icon - data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97h0f9JeBz/NHoA/z98Av9AfAD/PHsA/0F6AP8AAAAA/vz7/1+33/8Mp+z/FrHw/xWy8f8bs/T/Hqrx/3zE7v////7/t8qp/zF2A/87gwH/P4ID/z59AP8+egD/Q3kA/97s8v8botj/ELn3/wy58f8PtfL/D7Lw/xuz9P8vq+f/8/n///779v9KhR3/OYYA/0GFAv88hgD/QIAC/z17AP/0+/j/N6bM/wC07/8Cxf7/CsP7/wm+9v8Aqur/SrDb//7+/v///P7/VZEl/zSJAP87jQD/PYYA/0OBBf8+fQH///3//9Dp8/84sM7/CrDf/wC14/8CruL/KqnW/9ns8f/8/v//4OjX/z+GDf85kAD/PIwD/z2JAv8+hQD/PoEA/9C7pv/97uv////+/9Xw+v+w3ej/ls/e/+rz9///////+/z6/22mSf8qjQH/OJMA/zuQAP85iwL/PIgA/zyFAP+OSSL/nV44/7J+Vv/AkG7/7trP//7//f/9//7/6/Lr/2uoRv8tjQH/PJYA/zuTAP87kwD/PY8A/z2KAP89hAD/olkn/6RVHP+eSgj/mEgR//Ho3//+/v7/5Ozh/1GaJv8tlAD/OZcC/zuXAv84lAD/O5IC/z2PAf89iwL/OIkA/6hWFf+cTxD/pm9C/76ihP/8/v//+////8nav/8fdwL/NZsA/zeZAP83mgD/PJQB/zyUAf84jwD/PYsB/z6HAf+fXif/1r6s//79///58u//3r+g/+3i2v/+//3/mbiF/yyCAP87mgP/OpgD/zeWAP85lgD/OpEB/z+TAP9ChwH/7eHb/////v/28ej/tWwo/7tUAP+5XQ7/5M+5/////v+bsZn/IHAd/zeVAP89lgP/O5MA/zaJCf8tZTr/DyuK//3////9////0qmC/7lTAP/KZAT/vVgC/8iQWf/+//3///j//ygpx/8GGcL/ESax/xEgtv8FEMz/AALh/wAB1f///f7///z//758O//GXQL/yGYC/8RaAv/Ojlf/+/////////9QU93/BAD0/wAB//8DAP3/AAHz/wAA5f8DAtr///////v7+/+2bCT/yGMA/89mAP/BWQD/0q+D///+/////P7/Rkbg/wEA+f8AA/z/AQH5/wMA8P8AAev/AADf///7/P////7/uINQ/7lXAP/MYwL/vGIO//Lm3P/8/v//1dT2/woM5/8AAP3/AwH+/wAB/f8AAfb/BADs/wAC4P8AAAAA//z7/+LbzP+mXyD/oUwE/9Gshv/8//3/7/H5/zo/w/8AAdX/AgL6/wAA/f8CAP3/AAH2/wAA7v8AAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAA==

FF - user.js: google.toolbar.searchdomaincheck.done - true

FF - user.js: google.toolbar.spell_check.dictionary.words2 -

FF - user.js: google.toolbar.spell_check.lang - nl

FF - user.js: google.toolbar.spell_check.last_lang - nl

FF - user.js: google.toolbar.translate.target_lang - nl

FF - user.js: google.toolbar.translate.updateFlag - true

FF - user.js: google.toolbar.usage_stats.default - false

FF - user.js: intl.accept_languages - nl

FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, ISO-8859-9, UTF-8, ISO-8859-15

FF - user.js: metrics.event-count - 0

FF - user.js: microsoft.CLR.auto_install - false

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.http.proxy.version - 1.0

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false

FF - user.js: pref.browser.homepage.disable_button.current_page - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: spellchecker.dictionary - nl

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1339166194

FF - user.js: urlclassifier.tableversion.goog-black-enchash - 1.62997

FF - user.js: urlclassifier.tableversion.goog-black-url - 1.25401

FF - user.js: urlclassifier.tableversion.goog-white-domain - 1.493

FF - user.js: urlclassifier.tableversion.goog-white-url - 1.371

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-23 15:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CtrlVol = c:\program files\Launch Manager\CtrlVol.exe???????@?`??????w???w???????w???w;??w?r@????? ???????????????d???????????????????????4????????$?w???????????sI??s???s@????????????a?wx??st???????B-?s???????????????s???s?????n?w????Y??sL;??D??s??@??4@?X;?????????

LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????\??? ??|h??|????a??|Nj?w?j?w????????0??? ???????????????d??????|????????p????u@????????????????s???????s???sx??s@?????????????}|h??st??????????s?????????????????C?sc"?sx??s??????:~??@?N'?s?;???4@? ;?????????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\k:\program files\everest\EVEREST Corporate + Ultimate Edition\kerneld.wnt"

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-484882791-4059793202-3278696200-1007\Software\SecuROM\License information*]

"datasecu"=hex:02,bd,4e,ee,17,04,52,9b,f9,e0,34,2e,47,f2,ac,2b,be,74,fc,78,f1,

0f,68,25,1f,74,40,11,98,ab,a4,9b,a0,e2,aa,62,4b,e1,0d,6a,c8,ae,af,6e,45,70,\

"rkeysecu"=hex:67,68,7a,37,96,63,29,84,de,3d,d0,37,0e,0f,6d,63

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1516)

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Browser MOUSE\MOUDL32A.DLL

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\PRISMSTA.EXE

c:\progra~1\MI3AA1~1\rapimgr.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-23 15:32:23 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-23 13:32

ComboFix2.txt 2012-06-23 11:36

.

Pre-Run: 5.903.589.376 bytes beschikbaar

Post-Run: 5.891.608.576 bytes beschikbaar

.

- - End Of File - - C8FAFD7A9CCA32FEF51D0322B87D6F65

[kape]

En hoe staat het nu met de snelheid ?

[frank12444]

En hoe staat het nu met de snelheid ?

het gaat hardstikke goed! hij is weer supersnel, een enkele keer hapert hij nog, maar dat is meestal op vrij grote sites als meteotines en startpagina maar dat is ook wel het enigste, en als het zo blijft zijn we zeer tevreden!

nogmaals hardstikke bedankt voor uw supersnelle en profesionele hulp!

[kape]

Dat is al mooi ... maar er zit me nog iets dwars in je logje van Combofix. In het onderdeel "Bijkomende Scan" zit een massa code, die mij onbekend voorkomt en waarvan ik het nut niet inzie. Dat zou eventueel nog invloed kunnen hebben op de werking van de PC. Vermoedelijk gaat het hier om code voor Google Toolbar en andere extensies en plugins van Firefox. Nu zou ik die eigenlijk nog willen laten verwijderen van de PC, maar weet niet meteen wat er mogelijke gevolgen van kunnen zijn. Nog niet eerder voorgehad in dergelijke logjes. Schijnbaar zou dit een gevaarloze operatie moeten zijn, maar het is uiteraard jouw PC. De beslissing om deze "gok" te wagen, wil ik zelf niet nemen. Dat laat ik liever aan jou als eigenaar over. Wat denk je ... doen of niet ? Voor we de actie ondernemen kunnen we uiteraard eerst een herstelpunt instellen, zodat je - bij eventuele problemen - terug zou kunnen naar die situatie (al denk ik niet dat dit noodzakelijk gaat zijn, maar je weet maar nooit).

[clarkie]

Dag frank12444,

Het gaat blijkbaar terug goed met de snelheid, maar op de vraag in bericht 9 is nog geen antwoord gekomen.