[OPGELOST] Printerporbleem Excel

bergj23 · 5 augustus 2009

Ik draai onder Vista, heb een Canonprinter geïnstalleerd, die werkt onder nagenoeg alle programma's, alleen, bij Excel en Acrobat reader krijg ik de melding dat geen printer is geïnstalleerd. Ook het opnieuw installeren heeft geen resultaat.

Voorheen wewrkte alles wel, ik heb een e-card.exe (virus?) ontvangen, waarna de problemen ontstaan zijn. Ook het herinstalleren van Office 2003 heeft geen resultaat gehad.

stegisoft · 5 augustus 2009

Dit is nodig.

Download

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Dubbelklik op HJTInstall.exe

Klik op "Do a systemscan and save a logfile".

Zet hier dat logje aan je volgende bericht.

Bij Vista moet je eerst met rechterknopmuis klikken op Hijackthis en run as administrator.

bergj23 · 5 augustus 2009

Dit is nodig.
Download

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Dubbelklik op HJTInstall.exe

Klik op "Do a systemscan and save a logfile".

Zet hier dat logje aan je volgende bericht.

Bij Vista moet je eerst met rechterknopmuis klikken op Hijackthis en run as administrator.

Wat bedoel je met "Zet hier dat logje aan je volgende bericht."?

bergj23 · 5 augustus 2009

Wat bedoel je met "Zet hier dat logje aan je volgende bericht."?

OK, maar waar doe ik dat dan?

stegisoft · 5 augustus 2009

Als je HJTInstall start dan krijgt je op einde een logje.

Kopieer die tekst en plak het hier gewoon zoals je schrijft.

bergj23 · 5 augustus 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:47:36, on 5-8-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Roxio\Media Experience\DMXLauncher.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

G:\Software\Office12\GrooveMonitor.exe

C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe

C:\Program Files\Norton Save and Restore\Agent\VProTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Netpresenter\NetPlay.exe

G:\Software\Office12\ONENOTEM.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Software\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Software\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe

O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Netpresenter Player.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\Software\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Software\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Software\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0DB82A48-E0A0-4439-89E2-354E2031DF19}: NameServer = 195.121.1.34,195.121.1.66

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Software\Office12\GrooveSystemServices.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 11225 bytes

stegisoft · 5 augustus 2009

Ik zelf kijk uw log niet na want dat doet Kape.

Ik zal hem verwittigen.

kape · 6 augustus 2009

Dit logje ziet er prima uit. Voor alle zekerheid (en om alle malware te kunnen uitsluiten) gaan we nog even wat dieper kijken :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

bergj23 · 6 augustus 2009

Bij deze het resultaat:

ComboFix 09-08-04.04 - Hans 06-08-2009 8:49.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.869 [GMT 2:00]

Gestart vanuit: c:\users\Hans\Downloads\ComboFix.exe

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Hans\AppData\Local\Temp\ppcrlui_4980_2

c:\windows\Installer\8a6ad0.msi

c:\windows\Installer\af846.msi

c:\windows\system32\autorun.ini

P:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-06 to 2009-08-06 ))))))))))))))))))))))))))))))

.

2009-08-06 06:57 . 2009-08-06 06:57 -------- d-----w- c:\users\Hans\AppData\Local\temp

2009-08-06 06:57 . 2009-08-06 06:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-05 13:55 . 2009-08-05 13:55 -------- d-----w- c:\windows\system32\ca-ES

2009-08-05 13:55 . 2009-08-05 13:55 -------- d-----w- c:\windows\system32\eu-ES

2009-08-05 13:55 . 2009-08-05 13:55 -------- d-----w- c:\windows\system32\vi-VN

2009-08-05 10:42 . 2009-08-05 10:42 -------- d-----w- c:\windows\system32\EventProviders

2009-08-05 10:39 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2009-08-05 10:39 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll

2009-08-05 10:37 . 2009-04-11 06:33 926184 ----a-w- c:\windows\system32\winresume.exe

2009-08-05 10:36 . 2009-04-11 06:28 33280 ----a-w- c:\windows\system32\wscapi.dll

2009-08-05 10:35 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll

2009-08-05 10:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll

2009-08-05 10:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2009-08-05 10:34 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

2009-08-03 12:22 . 2009-08-03 14:01 -------- d-----w- c:\program files\NOS

2009-08-03 10:16 . 2004-01-14 01:10 163840 ----a-w- c:\windows\BJPSUNST.EXE

2009-08-03 10:15 . 2009-08-03 10:15 -------- d-sh--w- c:\windows\system32\%APPDATA%

2009-08-03 10:05 . 2004-04-23 05:00 7680 ----a-w- c:\windows\system32\CNMVS64.DLL

2009-08-03 10:05 . 2004-04-23 05:00 116736 ----a-w- c:\windows\system32\CNMLM64.DLL

2009-08-03 10:04 . 2004-03-11 16:06 86016 ----a-r- c:\windows\system32\CNMCP64.exe

2009-07-31 19:42 . 2009-07-31 19:42 -------- d-----w- c:\program files\CanonBJ

2009-07-31 18:31 . 2009-07-31 18:31 -------- d--h--w- C:\BJPrinter

2009-07-31 15:53 . 2009-07-31 15:53 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2009-07-26 09:32 . 2009-07-26 09:32 -------- d-sh--w- c:\users\Hans\%APPDATA%

2009-07-24 06:25 . 2009-07-24 16:55 -------- d-sh--w- c:\users\Hans\AppData\Roaming\lowsec

2009-07-15 09:23 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys

2009-07-15 09:23 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys

2009-07-15 09:23 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys

2009-07-15 09:10 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-15 09:10 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll

2009-07-15 09:10 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-15 09:10 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-15 09:10 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-07-15 09:10 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-06 06:46 . 2006-11-02 16:11 714616 ----a-w- c:\windows\system32\perfh013.dat

2009-08-06 06:46 . 2006-11-02 16:11 148342 ----a-w- c:\windows\system32\perfc013.dat

2009-08-05 21:47 . 2007-12-24 18:27 12 ----a-w- c:\windows\bthservsdp.dat

2009-08-05 19:45 . 2008-02-14 09:37 -------- d-----w- c:\program files\Java

2009-08-05 13:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-08-05 13:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-08-05 13:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-08-05 13:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-08-05 13:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-08-05 13:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-08-05 13:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-08-05 13:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-08-05 12:53 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont

2009-08-05 11:22 . 2008-06-02 07:44 -------- d-----w- c:\program files\Trend Micro

2009-08-05 10:01 . 2009-05-22 17:21 1109 ----a-w- c:\users\Hans\AppData\Roaming\Genie-Soft\GBMLite8Lacie\Jobs\Bestanden\00000000\maindata.sys

2009-08-03 14:03 . 2007-12-21 20:27 130824 ----a-w- c:\users\Hans\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-03 12:25 . 2008-02-13 08:42 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-01 19:13 . 2008-03-20 14:53 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-01 06:47 . 2008-01-19 17:17 -------- d-----w- c:\program files\Davilex

2009-08-01 06:47 . 2009-07-03 06:59 -------- d-----w- c:\program files\CCleaner

2009-07-31 20:18 . 2009-01-05 11:34 -------- d-----w- c:\users\Hans\AppData\Roaming\Belastingdienst

2009-07-31 17:02 . 2007-12-25 18:32 -------- d-----w- c:\program files\Canon

2009-07-29 06:34 . 2007-12-25 18:30 -------- d-----w- c:\program files\Common Files\Canon

2009-07-25 03:23 . 2008-12-27 14:30 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-24 10:02 . 2009-05-22 16:39 1109 ----a-w- c:\users\Hans\AppData\Roaming\Genie-Soft\GBMLite8Lacie\Jobs\Standaard\00000000\maindata.sys

2009-07-21 21:52 . 2009-08-01 07:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-08-01 07:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-08-01 07:00 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-08-01 07:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-06 11:36 . 2007-12-25 18:44 -------- d-----w- c:\users\Hans\AppData\Roaming\ZoomBrowser EX

2009-07-06 11:36 . 2009-05-11 19:34 -------- d-----w- c:\users\Hans\AppData\Roaming\CameraWindowDC

2009-07-01 10:23 . 2007-07-11 05:59 -------- d-----w- c:\program files\Microsoft Works

2009-05-22 09:31 . 2007-12-28 18:16 1109 ----a-w- c:\users\Hans\AppData\Roaming\Genie-Soft\GBMPro8\Jobs\Standaard wekelijks\00000000\maindata.sys

2009-05-20 10:30 . 2007-12-29 09:51 1109 ----a-w- c:\users\Hans\AppData\Roaming\Genie-Soft\GBMPro8\Jobs\Bestanden\00000000\maindata.sys

2006-07-25 10:56 . 2008-10-14 20:11 485 ----a-r- c:\program files\register.reg

2005-10-18 10:26 . 2008-10-14 20:01 1469528 ------w- c:\program files\MapSource_Lang.dll

2005-09-28 13:01 . 2008-10-14 20:01 44734 ---h--w- c:\program files\MapSource.GID

2005-08-11 11:51 . 2008-10-14 20:01 3620864 ------w- c:\program files\UnlockWizard.exe

2005-08-11 11:32 . 2008-10-14 20:01 663552 ------w- c:\program files\UnlockWizard_Lang.dll

2005-07-27 04:54 . 2008-10-14 20:01 11558 ------w- c:\program files\LICENSE

2005-07-27 04:54 . 2008-10-14 20:01 100 ------w- c:\program files\NOTICE

2004-11-02 11:15 . 2008-10-14 20:01 122880 ------r- c:\program files\CondMgr.dll

2001-01-29 18:37 . 2008-10-14 20:01 0 ------w- c:\program files\MapSource.FTS

2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-03 232184]

"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2007-01-22 109304]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-30 995528]

"GrooveMonitor"="g:\software\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]

"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2008-05-07 2037088]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-5 421888]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-11 535336]

Netpresenter Player.lnk - c:\windows\Installer\{416FE982-1ABE-431C-881D-2E34EBAB5836}\Icon98829F5E.exe [2008-11-13 115200]

c:\users\Hans\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - g:\software\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:09,92,ef,31,d5,15,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D614CFEC-0147-4106-93AD-0DC25080660B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E6A9108F-A5ED-4CF8-B9AB-722E6A36B18C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6FF25C91-E45D-46AF-972B-2017F35BED39}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{9F89A648-A1D7-4963-AA40-7524308DCC0D}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{EF181FE3-2F0D-40E0-A3E9-7869CBEF9BEF}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{55DEB7D3-1DAC-43B7-B9F9-2DECD448687E}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{89F7EF6C-FEAC-46F0-BF1A-A15E8E1D8057}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{E7DCAC40-1DE8-47DC-B85D-94AA2FDF4F31}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{13BC733B-B303-46A2-85EE-4242C4B67143}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{E11BCC4D-8569-4834-9B40-99A28C8B761D}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{0859C125-57A6-4BDF-AC0F-3754398D0C28}"= TCP:6004|g:\software\Office12\outlook.exe:Microsoft Office Outlook

"{1873DC67-ECC3-48A1-958C-C5DC900E2687}"= UDP:g:\software\Office12\GROOVE.EXE:Microsoft Office Groove

"{F870E9E8-E2C6-4652-A7CE-F83FB82BB7ED}"= TCP:g:\software\Office12\GROOVE.EXE:Microsoft Office Groove

"{422B3659-9A5C-4B5E-A5DF-B97F5341138C}"= UDP:g:\software\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B15216B6-37F8-47DC-BE65-D39AEB59DBF5}"= TCP:g:\software\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6DB38258-6EBD-4747-BA30-9B73EF22AF7D}"= UDP:g:\mailstore home\MailStoreLocal.exe:MailStore Home

"{0896D716-7057-4EEA-AD7A-8F7448A1C104}"= TCP:g:\mailstore home\MailStoreLocal.exe:MailStore Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DisabledInterfaces"= {9163A3BC-2D53-47A8-9938-B17091534DB9}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption

"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [30-10-2008 19:23 145424]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [11-7-2007 8:30 269448]

R2 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [28-3-2007 20:42 3425632]

R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [15-7-2009 11:23 36368]

R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [30-10-2008 19:23 256528]

R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\System32\drivers\WMP54Gv41x86.sys [12-3-2007 11:00 286208]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [11-7-2007 16:12 46592]

S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [30-10-2008 19:23 50192]

S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [30-10-2008 19:33 497008]

S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [30-10-2008 19:33 677128]

S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [11-7-2007 16:12 454520]

S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [23-12-2007 20:25 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-08-05 c:\windows\Tasks\GBM - Bestanden-Volledig.job

- c:\program files\LaCie\Genie Backup Assistant\GBM8.exe [2009-05-22 02:21]

2009-08-03 c:\windows\Tasks\GBM - Foto's-Volledig.job

- c:\program files\LaCie\Genie Backup Assistant\GBM8.exe [2009-05-22 02:21]

2009-08-02 c:\windows\Tasks\GBM - Standaard-Volledig.job

- c:\program files\LaCie\Genie Backup Assistant\GBM8.exe [2009-05-22 02:21]

2009-08-06 c:\windows\Tasks\User_Feed_Synchronization-{06CF9D4E-86C3-4C68-84CA-34760E599F09}.job

- c:\windows\system32\msfeedssync.exe [2009-08-01 20:13]

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

mStart Page = hxxp://nl.intl.acer.yahoo.com

IE: E&xport to Microsoft Excel - g:\software\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {0DB82A48-E0A0-4439-89E2-354E2031DF19} = 195.121.1.34,195.121.1.66

FF - ProfilePath - c:\users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\fd6fi583.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?sourceid=navclient-ff&ie=UTF-8&rlz=1B2GGFB_nlNL254&hl=nl&refresh=1|iGoogle

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-06 08:57

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\TEMP\TMP0000007C3E72AF5CDFA85CBB 524288 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)