soufyenne
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door soufyenne
-
-
hallo ik heb onlangs een nieuwe laptop gekocht hier zijn de gegevens
Naam van besturingssysteem Microsoft Windows 7 Home Premium 64bits
Systeemfabrikant Dell Inc.
Processor Intel® Core i7 CPU Q 740 @ 1.73GHz, 1730 MHz, 4 core('s), 8 logische
Geïnstalleerd fysiek geheugen (RAM) 4,00 GB
beeldscherm 15 inch
Naam ATI Mobility Radeon HD 5650 RAM-geheugen 1,00 GB (1.073.741.824 bytes)
mijn beeldscherm resolutie staan op 1366 x 768 x 60 Hz
het probleem is als ik een spel installeer en afspeel dat mijn resolutie mr max op 1042x768
en ik weet niet hoe dit komt heb gekeken bij opties van het spel,de drivers zijn up to date
en heb gekeken bij instellingen van de software die is bijgeleverd door ati voor de instellingen van het beeldscherm te veranderen maar helaas niets werkt terwijl deze games wel werkten op mijn vaste pc en daar kon ik ook andere resoluties selecteren waaronder 1366x768 maar pc was wel op xp . ook eens gekeken op internet of deze spelen niet kunnen gespeeld worden op windows 7 en er staat dat het normaal perfect zou werken dus ik weet echt niet meer wat ik nog kan doen weet iemand iets? of zelfde probleem gehad ?
-
veel beter merci mag microsoft recovery nu weg? en zo ja hoe doe je dat en wr vr dient da ?
-
ComboFix 11-01-08.04 - user 07-01-2011 14:56:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.493 [GMT 1:00]
Gestart vanuit: d:\documents and settings\user\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documents and settings\user\Bureaublad\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"d:\windows\system32\drivers\hitmanpro35.sys"
"d:\windows\system32\tmp08DCA.FOT"
"d:\windows\system32\tmp2D5F2.FOT"
"d:\windows\system32\tmp705F2.FOT"
"d:\windows\system32\tmpA7ECA.FOT"
"d:\windows\system32\tmpFC3F2.FOT"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\drivers\hitmanpro35.sys
d:\windows\system32\ps2.bat
d:\windows\system32\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_qlnlijy
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-07 to 2011-01-07 ))))))))))))))))))))))))))))))
.
2011-01-06 16:25 . 2011-01-07 13:51 -------- d--h--r- d:\documents and settings\user\Onlangs geopend
2011-01-05 14:57 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B1D701EB-2903-4A90-8007-360AB0B2AA4D}\mpengine.dll
2011-01-04 14:49 . 2011-01-04 14:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-04 14:49 . 2011-01-06 17:23 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-01-03 16:20 . 2011-01-03 16:20 1409 ----a-w- d:\windows\system32\tmpA7ECA.FOT
2011-01-03 16:20 . 2011-01-03 16:20 1409 ----a-w- d:\windows\system32\tmp08DCA.FOT
2011-01-03 16:15 . 2000-01-05 14:19 86016 ----a-w- d:\windows\unvise32qt.exe
2011-01-03 14:30 . 2011-01-03 14:30 388096 ----a-r- d:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 14:30 . 2011-01-03 14:30 -------- d-----w- d:\program files\Trend Micro
2011-01-03 13:16 . 2011-01-03 13:26 -------- d-----w- d:\program files\TweakNow RegCleaner
2011-01-03 13:16 . 2011-01-03 13:26 -------- d-----w- d:\documents and settings\user\Application Data\TweakNow RegCleaner
2011-01-02 22:44 . 2011-01-02 22:44 -------- d--h--r- d:\documents and settings\Gast.COMPUTER\Onlangs geopend
2011-01-01 16:02 . 2011-01-01 16:02 -------- d-----w- d:\documents and settings\user\Application Data\dvdcss
2010-12-27 17:26 . 2010-12-27 17:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Ashampoo
2010-12-23 22:54 . 2010-12-23 22:54 -------- d-----w- d:\program files\Microsoft Silverlight
2010-12-23 18:48 . 2010-12-23 18:48 -------- d-----w- D:\Programmabestanden
2010-12-17 22:43 . 2010-12-17 22:43 -------- d-----w- d:\documents and settings\user\Local Settings\Application Data\Microsoft_Corporation
2010-12-17 22:34 . 2010-12-17 22:34 -------- d-----w- d:\windows\system32\winrm
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- d:\documents and settings\user\Application Data\BSD
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- d:\documents and settings\All Users\Application Data\BSD
2010-12-17 22:07 . 2010-12-08 23:42 2226176 ----a-w- d:\windows\bsdsetup.dll
2010-12-13 22:10 . 2010-12-16 15:32 -------- d-----w- d:\program files\Windows Live Safety Center
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 18:36 . 2009-03-16 20:31 73728 ----a-w- d:\windows\ALCFDRTM.VER
2010-11-29 20:11 . 2010-02-19 20:32 189480 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-29 20:03 . 2009-03-11 13:35 137544 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-11-29 20:03 . 2009-03-11 13:34 189480 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-29 19:37 . 2010-11-29 19:36 138056 ----a-w- d:\documents and settings\user\Application Data\PnkBstrK.sys
2010-11-29 19:36 . 2009-03-11 13:34 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-11-29 17:36 . 2010-11-29 19:35 3360624 ----a-w- d:\windows\system32\pbsvc.exe
2010-11-21 17:08 . 2010-11-21 17:08 1409 ----a-w- d:\windows\system32\tmpFC3F2.FOT
2010-11-21 17:08 . 2010-11-21 17:08 1409 ----a-w- d:\windows\system32\tmp705F2.FOT
2010-11-21 17:08 . 2010-11-21 17:08 1409 ----a-w- d:\windows\system32\tmp2D5F2.FOT
2010-11-18 18:15 . 2009-03-08 14:20 86016 ----a-w- d:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-10-11 16:47 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2009-03-14 22:43 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-11-10 04:33 . 2010-11-14 16:28 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:23 . 2008-05-05 20:32 916480 ----a-w- d:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-05 20:32 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-05 20:32 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-11-05 15:54 . 2009-03-10 21:07 499712 ----a-w- d:\windows\system32\msvcp71.dll
2010-11-05 15:54 . 2009-03-10 21:07 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-11-03 12:27 . 2008-05-05 20:32 385024 ----a-w- d:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- d:\windows\system32\drivers\ndproxy.sys
2010-10-30 15:46 . 2010-10-29 20:59 536666 ----a-w- d:\documents and settings\All Users\Application Data\bdinstall.bin
2010-10-28 13:09 . 2008-04-14 20:30 290048 ----a-w- d:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2008-04-14 20:05 1853440 ----a-w- d:\windows\system32\win32k.sys
2010-10-19 09:41 . 2009-10-02 16:01 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-10-15 18:06 . 2010-05-06 16:30 165232 -c-ha-w- d:\documents and settings\user\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
.
------- Sigcheck -------
[-] 2008-05-05 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-06_18.05.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-07 14:06 . 2011-01-07 14:06 16384 d:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2011-01-06 18:59 . 2010-11-12 17:53 157472 d:\windows\system32\javaws.exe
+ 2011-01-06 18:59 . 2010-11-12 17:53 145184 d:\windows\system32\javaw.exe
- 2010-10-13 12:10 . 2010-09-15 02:50 145184 d:\windows\system32\javaw.exe
+ 2011-01-06 18:59 . 2010-11-12 17:53 145184 d:\windows\system32\java.exe
- 2010-10-13 12:10 . 2010-09-15 02:50 145184 d:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="d:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-26 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 2805248]
"type32"="d:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1758a091a618\0d:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0d:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- d:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"s7oiehsx"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\EPLAN\\Education\\1.9.10\\BIN\\W3u.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"d:\\Program Files\\Steam\\steamapps\\soufyenne_elb\\counter-strike\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\soufyenne_elb\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\youssefel\\counter-strike\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\youssefel\\condition zero\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59113:TCP"= 59113:TCP:Pando Media Booster
"59113:UDP"= 59113:UDP:Pando Media Booster
"23849:TCP"= 23849:TCP:@xpsp2res.dll,-22009
"50578:TCP"= 50578:TCP:@xpsp2res.dll,-22009
"57874:TCP"= 57874:TCP:Pando Media Booster
"57874:UDP"= 57874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:Windows Remote Management
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [14-11-2010 0:04 165584]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [14-11-2010 0:04 17744]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
R3 ndisrd;WinpkFilter Service;d:\windows\system32\drivers\ndisrd.sys [18-7-2010 21:19 20480]
S2 gupdate;Google Updateservice (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [12-5-2010 15:38 136176]
S2 oiwqmhqq;Microsoft USB Universal Host Controller Miniport Monitor;d:\windows\System32\svchost.exe -k netsvcs [14-4-2008 21:33 14336]
S3 AVFSFilter;AVFSFilter;d:\windows\system32\DRIVERS\avfsfilter.sys --> d:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [24-4-2010 19:12 36608]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [14-4-2008 21:33 14336]
S4 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe [7-7-2004 12:17 200769]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oiwqmhqq
.
Inhoud van de 'Gedeelde Taken' map
2011-01-07 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 14:38]
2011-01-07 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 14:38]
2011-01-07 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-Hardlock Device Drivers - d:\windows\system32\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-07 15:06
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
d:\windows\TEMP\TMP0000000A1CA95DABE1F16595 524288 bytes
Scan succesvol afgerond
verborgen bestanden: 1
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-606747145-1580436667-1606980848-1004\Software\SecuROM\License information*]
"datasecu"=hex:86,f2,6b,b0,5a,6e,be,3d,52,dd,c1,0f,d6,38,3c,a9,1c,74,20,04,8c,
3c,62,78,fe,3d,9a,61,1a,8c,36,7f,0e,56,b2,48,c8,48,f2,35,80,7f,54,00,0f,de,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(560)
d:\windows\system32\nview.dll
d:\windows\system32\NVWRSNL.DLL
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\msi.dll
d:\windows\system32\nvwddi.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\program files\Alwil Software\Avast5\AvastSvc.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\windows\SOUNDMAN.EXE
d:\windows\ALCWZRD.EXE
d:\windows\system32\rundll32.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2011-01-07 15:12:47 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-07 14:12
ComboFix2.txt 2011-01-06 18:09
Pre-Run: 153.637.834.752 bytes beschikbaar
Post-Run: 153.586.126.848 bytes beschikbaar
- - End Of File - - 1371C0192E3FDA757123EC70A0BD51E7
hijacklog:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:16:06, on 7-1-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ALCWZRD.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - D:\WINDOWS\AUTOLO~1\AL2DLL.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [intelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - http://secure.gopetslive.com/dev/GoPetsWeb.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7888 bytes
-
ComboFix 11-01-07.02 - user 06-01-2011 18:55:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.556 [GMT 1:00]
Gestart vanuit: d:\documents and settings\user\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
d:\documents and settings\user\.COMMgr
d:\documents and settings\user\Application Data\Desktopicon
d:\documents and settings\user\Application Data\Desktopicon\config.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-06 to 2011-01-06 ))))))))))))))))))))))))))))))
.
2011-01-06 16:25 . 2011-01-06 16:25 -------- d--h--r- d:\documents and settings\user\Onlangs geopend
2011-01-05 14:57 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B1D701EB-2903-4A90-8007-360AB0B2AA4D}\mpengine.dll
2011-01-04 14:49 . 2011-01-04 14:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-04 14:49 . 2011-01-06 17:23 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-01-03 16:20 . 2011-01-03 16:20 1409 ----a-w- d:\windows\system32\tmpA7ECA.FOT
2011-01-03 16:20 . 2011-01-03 16:20 1409 ----a-w- d:\windows\system32\tmp08DCA.FOT
2011-01-03 16:15 . 2000-01-05 14:19 86016 ----a-w- d:\windows\unvise32qt.exe
2011-01-03 14:30 . 2011-01-03 14:30 388096 ----a-r- d:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 14:30 . 2011-01-03 14:30 -------- d-----w- d:\program files\Trend Micro
2011-01-03 13:16 . 2011-01-03 13:26 -------- d-----w- d:\program files\TweakNow RegCleaner
2011-01-03 13:16 . 2011-01-03 13:26 -------- d-----w- d:\documents and settings\user\Application Data\TweakNow RegCleaner
2011-01-02 22:44 . 2011-01-02 22:44 -------- d--h--r- d:\documents and settings\Gast.COMPUTER\Onlangs geopend
2011-01-01 16:02 . 2011-01-01 16:02 -------- d-----w- d:\documents and settings\user\Application Data\dvdcss
2010-12-27 17:26 . 2010-12-27 17:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Ashampoo
2010-12-23 22:54 . 2010-12-23 22:54 -------- d-----w- d:\program files\Microsoft Silverlight
2010-12-23 18:48 . 2010-12-23 18:48 -------- d-----w- D:\Programmabestanden
2010-12-17 22:43 . 2010-12-17 22:43 -------- d-----w- d:\documents and settings\user\Local Settings\Application Data\Microsoft_Corporation
2010-12-17 22:34 . 2010-12-17 22:34 -------- d-----w- d:\windows\system32\winrm
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- d:\documents and settings\user\Application Data\BSD
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- d:\documents and settings\All Users\Application Data\BSD
2010-12-17 22:07 . 2010-12-08 23:42 2226176 ----a-w- d:\windows\bsdsetup.dll
2010-12-13 22:10 . 2010-12-16 15:32 -------- d-----w- d:\program files\Windows Live Safety Center
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 18:15 . 2010-09-05 11:55 16968 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 18:36 . 2009-03-16 20:31 73728 ----a-w- d:\windows\ALCFDRTM.VER
2010-11-29 20:11 . 2010-02-19 20:32 189480 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-29 20:03 . 2009-03-11 13:35 137544 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-11-29 20:03 . 2009-03-11 13:34 189480 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-29 19:37 . 2010-11-29 19:36 138056 ----a-w- d:\documents and settings\user\Application Data\PnkBstrK.sys
2010-11-29 19:36 . 2009-03-11 13:34 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-11-29 17:36 . 2010-11-29 19:35 3360624 ----a-w- d:\windows\system32\pbsvc.exe
2010-11-21 17:08 . 2010-11-21 17:08 1409 ----a-w- d:\windows\system32\tmpFC3F2.FOT
2010-11-21 17:08 . 2010-11-21 17:08 1409 ----a-w- d:\windows\system32\tmp705F2.FOT
2010-11-21 17:08 . 2010-11-21 17:08 1409 ----a-w- d:\windows\system32\tmp2D5F2.FOT
2010-11-18 18:15 . 2009-03-08 14:20 86016 ----a-w- d:\windows\system32\isign32.dll
2010-11-10 04:33 . 2010-11-14 16:28 6273872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:23 . 2008-05-05 20:32 916480 ----a-w- d:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-05 20:32 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-05 20:32 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-11-05 15:54 . 2009-03-10 21:07 499712 ----a-w- d:\windows\system32\msvcp71.dll
2010-11-05 15:54 . 2009-03-10 21:07 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-11-03 12:27 . 2008-05-05 20:32 385024 ----a-w- d:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 22:27 40960 ----a-w- d:\windows\system32\drivers\ndproxy.sys
2010-10-30 15:46 . 2010-10-29 20:59 536666 ----a-w- d:\documents and settings\All Users\Application Data\bdinstall.bin
2010-10-28 13:09 . 2008-04-14 20:30 290048 ----a-w- d:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2008-04-14 20:05 1853440 ----a-w- d:\windows\system32\win32k.sys
2010-10-19 09:41 . 2009-10-02 16:01 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-10-15 18:06 . 2010-05-06 16:30 165232 -c-ha-w- d:\documents and settings\user\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
.
------- Sigcheck -------
[-] 2008-05-05 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="d:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-26 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 2805248]
"type32"="d:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1758a091a618\0d:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0d:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- d:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"s7oiehsx"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\EPLAN\\Education\\1.9.10\\BIN\\W3u.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"d:\\Program Files\\Steam\\steamapps\\soufyenne_elb\\counter-strike\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\soufyenne_elb\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\youssefel\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\youssefel\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59113:TCP"= 59113:TCP:Pando Media Booster
"59113:UDP"= 59113:UDP:Pando Media Booster
"23849:TCP"= 23849:TCP:@xpsp2res.dll,-22009
"50578:TCP"= 50578:TCP:@xpsp2res.dll,-22009
"57874:TCP"= 57874:TCP:Pando Media Booster
"57874:UDP"= 57874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:Windows Remote Management
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [14-11-2010 0:04 165584]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [14-11-2010 0:04 17744]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
R3 ndisrd;WinpkFilter Service;d:\windows\system32\drivers\ndisrd.sys [18-7-2010 21:19 20480]
S0 qlnlijy;qlnlijy; [x]
S2 gupdate;Google Updateservice (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [12-5-2010 15:38 136176]
S2 oiwqmhqq;Microsoft USB Universal Host Controller Miniport Monitor;d:\windows\System32\svchost.exe -k netsvcs [14-4-2008 21:33 14336]
S3 AVFSFilter;AVFSFilter;d:\windows\system32\DRIVERS\avfsfilter.sys --> d:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [24-4-2010 19:12 36608]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [14-4-2008 21:33 14336]
S4 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe [7-7-2004 12:17 200769]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oiwqmhqq
.
Inhoud van de 'Gedeelde Taken' map
2011-01-06 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 14:38]
2011-01-06 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 14:38]
2011-01-06 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NPSStartup - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-06 19:05
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-606747145-1580436667-1606980848-1004\Software\SecuROM\License information*]
"datasecu"=hex:86,f2,6b,b0,5a,6e,be,3d,52,dd,c1,0f,d6,38,3c,a9,1c,74,20,04,8c,
3c,62,78,fe,3d,9a,61,1a,8c,36,7f,0e,56,b2,48,c8,48,f2,35,80,7f,54,00,0f,de,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2011-01-06 19:09:24
ComboFix-quarantined-files.txt 2011-01-06 18:09
Pre-Run: 153.689.346.048 bytes beschikbaar
Post-Run: 153.739.325.440 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 13B9A62A6931201C204260E0B93071C7
mag ik combofix nu verwijderen ?
-
mijn pc is al een stukje sneller.Maar eigelijk nog steeds een beetje te traag. het is wel beter als voor heen maar heeft niet echt zijn oude snelheid terug. ik denk dat diet zeker ook nie mogelijk is tot ik pc laat formateren? toch bedankt vr u tijd
-
moet ik deze echt verwijderen ? is dit niet een belangerijk procces ?
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
dit is het nieuwe logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:59, on 4-1-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ALCWZRD.EXE
D:\WINDOWS\ALCMTR.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - D:\WINDOWS\AUTOLO~1\AL2DLL.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [intelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - http://secure.gopetslive.com/dev/GoPetsWeb.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 8489 bytes
dit is het logje van malwarebyte
Malwarebytes' Anti-Malware 1.50.1.1100
Databaseversie: 5470
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4-1-2011 15:58:45
mbam-log-2011-01-04 (15-58-45).txt
Scantype: Snelle scan
Objecten gescand: 154286
Verstreken tijd: 7 minuut/minuten, 29 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 3
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
d:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
d:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
d:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
d:\documents and settings\user\application data\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.
d:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
d:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
d:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
-
dit is het logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:30, on 3-1-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ALCWZRD.EXE
D:\WINDOWS\ALCMTR.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Steam\steam.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {3DE17B15-0AFF-4397-B581-28B674706F3B} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - D:\WINDOWS\AUTOLO~1\AL2DLL.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [intelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - http://secure.gopetslive.com/dev/GoPetsWeb.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 9038 bytes
alvast bedankt
-
mijn pc is erg traag en loopt vaak ook vast en weet niet waarop heb met avast laten scannen die die vindt niets heb ook ccleaner gebruikt op register schoon te maken en onodige bestanden te verwijderen maar pc blijft traag ik heb van allerlij pc slow fighters programmas geprobeerd end anti spywhare programmas maar geen een bied resultaat. en heb ook een andere vraag maar is nie egt belangerijk maar wanneer ik mijn pc opstart start hij eerst in sand by modus (of zo iets) pas wanneer een knop op de toetsenbord ingedrukt houd start hij pas op en dit is zo pas wanneer ik mij een nieuwe draadloze muis en toetsenbord kocht en heb geinstalleert heeft dit hiermee iets te maken. ik heb er over gedacht gwn naar iemand te brengen die er iets van weet en te laten formateren maar een vriend heeft mij eerst dit aangeraden
problemen met resolutie vna games
in Archief Andere software
Geplaatst:
kdenk dat aant spel zelf ligt dat hij mss windows 7 niet goed ondersteund keb mij een resentere spel gekocht gta 4 en werkt nu perfect en resolutie is ook goed dus ligt vast aan de game zelf