-
Items
7 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door geertje1983
-
-
in feite is er nog niets verbeterd. eigenlijk zelfs eerder verslechterd.
voordat ik wow ga spelen, wil ik eerst curse opstarten om mijn addons te updaten, maar het duurt nu onwijs lang voordat curse opgestart is.
dus wat nu?
-
ComboFix 11-04-23.01 - geertje 23-04-2011 23:34:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.2069 [GMT 2:00]
Gestart vanuit: c:\users\geertje\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5744\Downloads\162088e9-0b41-471a-947d-e6bfb7774266.dll
c:\programdata\PCDr\5744\Downloads\26671a7e-758b-4293-8191-e6b81368d7ac.dll
c:\programdata\PCDr\5744\Downloads\2da1393a-9d2c-436b-a660-c3dd133e9836.dll
c:\programdata\PCDr\5744\Downloads\3060b7ae-c612-4b71-be9a-0721727ba831.dll
c:\programdata\PCDr\5744\Downloads\38db339b-86cf-40c4-86da-57495513b374.dll
c:\programdata\PCDr\5744\Downloads\3abc4f65-3752-4824-83cd-674c30d9f41c.dll
c:\programdata\PCDr\5744\Downloads\4128ef4c-5308-415e-947b-b523a115be2d.dll
c:\programdata\PCDr\5744\Downloads\48edbc2f-6595-43d2-a911-c3713e9b499f.dll
c:\programdata\PCDr\5744\Downloads\4b07fd4d-6cb2-4166-8e08-7e3d0fb96a24.dll
c:\programdata\PCDr\5744\Downloads\5f66a5f6-96e8-487a-b1da-d49f4e9f0813.dll
c:\programdata\PCDr\5744\Downloads\61963b16-da7a-4faf-ba6b-14eb102d0df8.dll
c:\programdata\PCDr\5744\Downloads\654e4133-96c6-421b-9240-26a29538de3f.dll
c:\programdata\PCDr\5744\Downloads\69bf7709-6da5-40eb-b648-3731ebda143c.dll
c:\programdata\PCDr\5744\Downloads\69df3b5e-bee6-4786-8070-a683635a81cd.dll
c:\programdata\PCDr\5744\Downloads\70b66070-48fe-4fad-ac33-5f17042d5ee7.dll
c:\programdata\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll
c:\programdata\PCDr\5744\Downloads\890823c6-b297-4c5e-8839-80468e0508dc.dll
c:\programdata\PCDr\5744\Downloads\920b4bdb-56cb-44d8-b977-2de6535367f0.dll
c:\programdata\PCDr\5744\Downloads\94c1bf6e-ecf1-4c5d-ad15-1b8540879958.dll
c:\programdata\PCDr\5744\Downloads\a12cd2ff-9e6d-4d89-a010-63188cb6a861.dll
c:\programdata\PCDr\5744\Downloads\a2f393bb-92a1-4fda-a382-66896efa06dd.dll
c:\programdata\PCDr\5744\Downloads\b0ad9f03-890a-4558-bcd7-38c10ea44def.dll
c:\programdata\PCDr\5744\Downloads\c6bcc260-2097-4f4f-a0c3-098183f01ac5.dll
c:\programdata\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll
c:\programdata\PCDr\5744\Downloads\db760e79-da96-4a2b-a687-8256c6e72fb6.dll
c:\programdata\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll
c:\programdata\PCDr\5744\Downloads\f6b10855-5837-4857-9c20-c7b6a6dc2589.dll
c:\windows\Fonts\Eurosymb.TTF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-23 to 2011-04-23 ))))))))))))))))))))))))))))))
.
.
2011-04-23 21:39 . 2011-04-23 21:39 -------- d-----w- c:\users\geertje\AppData\Local\temp
2011-04-23 11:07 . 2011-04-23 11:08 -------- d-----w- c:\users\geertje\AppData\Local\{3ED83FF4-E4DC-44F7-B38E-FC56DF7C9AD6}
2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\users\geertje\AppData\Roaming\Malwarebytes
2011-04-22 22:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\programdata\Malwarebytes
2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 22:01 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 12:10 . 2011-04-22 13:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-22 12:10 . 2011-04-22 12:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-22 11:56 . 2011-04-22 11:56 388096 ----a-r- c:\users\geertje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-22 11:56 . 2011-04-22 11:56 -------- d-----w- c:\program files\Trend Micro
2011-04-22 10:32 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC904EE1-B0AF-4D12-9B0B-3342D57F9B64}\mpengine.dll
2011-04-22 10:29 . 2011-04-22 10:30 -------- d-----w- c:\users\geertje\AppData\Local\{332469B8-CE34-49E4-BBE3-9FBBFFE51F11}
2011-04-21 22:11 . 2011-04-21 22:11 -------- d-----w- c:\users\geertje\AppData\Local\{0904F79F-A67B-4DDA-8C2A-AB05EB5F4A51}
2011-04-21 10:10 . 2011-04-21 10:11 -------- d-----w- c:\users\geertje\AppData\Local\{0FDB8381-B1CB-49F7-AF01-DB8594F690F2}
2011-04-20 16:37 . 2011-04-20 16:37 -------- d-----w- c:\users\geertje\AppData\Local\ElevatedDiagnostics
2011-04-20 16:36 . 2011-04-20 16:36 -------- d-----w- c:\program files\Microsoft ATS
2011-04-20 10:52 . 2011-04-20 10:52 -------- d-----w- c:\users\geertje\AppData\Roaming\Unity
2011-04-19 20:56 . 2011-04-19 20:57 -------- d-----w- c:\users\geertje\AppData\Local\{BC2B9717-7286-46E0-9381-05173635FCDB}
2011-04-19 19:21 . 2011-04-19 19:21 -------- d-----w- c:\users\geertje\AppData\Local\Unity
2011-04-19 08:40 . 2011-04-19 08:41 -------- d-----w- c:\users\geertje\AppData\Local\{35E25983-60D1-446D-843B-A4ACFA849A96}
2011-04-18 20:40 . 2011-04-18 20:40 -------- d-----w- c:\users\geertje\AppData\Local\{E5DCA1AF-4836-4CD1-804A-68E5EA0CB06B}
2011-04-18 08:39 . 2011-04-18 08:39 -------- d-----w- c:\users\geertje\AppData\Local\{35421345-D70F-4501-9A97-828EBAE710BB}
2011-04-17 07:46 . 2011-04-17 07:47 -------- d-----w- c:\users\geertje\AppData\Local\{3663E81A-E563-498B-A961-4318C99C7796}
2011-04-16 19:10 . 2011-04-16 19:10 -------- d-----w- c:\users\geertje\AppData\Local\{B2EECEB8-DAA0-4027-B45E-13939DAB6D24}
2011-04-15 23:27 . 2011-04-15 23:27 -------- d-----w- c:\users\geertje\AppData\Local\{8CDF2C7F-9B2D-4A5F-BFE9-37E924F76132}
2011-04-15 10:53 . 2011-04-15 10:53 -------- d-----w- c:\users\geertje\AppData\Local\{EFB2C5E3-1AF2-4DD2-921A-3107BC1B1C06}
2011-04-14 11:20 . 2011-04-14 11:20 -------- d-----w- c:\users\geertje\AppData\Local\{BACC3B7D-6D64-4CBD-8772-DE44522B4550}
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 11:38 . 2011-04-13 11:38 -------- d-----w- c:\users\geertje\AppData\Local\{85026AE4-BE84-4774-8E74-773388DAFBB1}
2011-04-12 22:51 . 2011-04-12 22:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-04-12 22:51 . 2011-04-13 12:23 -------- d-----w- c:\program files\Real
2011-04-12 11:21 . 2011-04-12 11:21 -------- d-----w- c:\users\geertje\AppData\Local\{E37394C7-A1DD-439A-9284-DB786A5853C2}
2011-04-12 11:03 . 2011-04-12 11:03 -------- d-----w- c:\users\geertje\AppData\Roaming\ScanToPDF_4
2011-04-12 10:29 . 2011-04-12 10:29 -------- d-----w- c:\program files\O Imaging Corporation
2011-04-11 23:21 . 2011-04-11 23:21 -------- d-----w- c:\users\geertje\AppData\Local\{9A81434D-25B2-479C-A441-31E49EA21737}
2011-04-11 10:52 . 2011-04-11 10:53 -------- d-----w- c:\users\geertje\AppData\Local\{76790B06-B4C4-4287-8F5B-1F714F16A7D4}
2011-04-10 10:22 . 2011-04-10 10:22 -------- d-----w- c:\users\geertje\AppData\Local\{4FC66EDD-513D-4A79-BFE8-CA22ADD42CF2}
2011-04-09 21:25 . 2011-04-10 20:04 -------- d-----w- c:\program files\Fiddler2
2011-04-09 20:43 . 2011-04-09 20:43 -------- d-----w- c:\users\geertje\AppData\Local\{064FB34E-87E4-43F9-9E4F-8E51ACC8DE1E}
2011-04-09 08:42 . 2011-04-09 08:42 -------- d-----w- c:\users\geertje\AppData\Local\{F6407CC1-BC60-438F-90F4-E3F8A5329402}
2011-04-08 11:21 . 2011-04-08 11:21 -------- d-----w- c:\users\geertje\AppData\Local\{980E8CAC-EB5B-4C13-A47D-25AEBD7D3CE4}
2011-04-07 08:53 . 2011-04-07 20:54 -------- d-----w- c:\users\geertje\AppData\Local\{0FD0BA6A-35C2-4B07-AEC1-DBA2EF82838C}
2011-04-06 12:31 . 2011-04-06 12:31 -------- d-----w- c:\users\geertje\AppData\Local\{233E8C5A-16FB-4A4B-B6EE-042881E63F6C}
2011-04-05 19:22 . 2011-04-05 19:22 -------- d-----w- c:\users\geertje\AppData\Roaming\Printer's Apprentice
2011-04-05 19:22 . 2011-04-05 19:22 -------- d-----w- c:\programdata\Printer's Apprentice
2011-04-05 19:21 . 2011-04-05 19:21 -------- d-----w- c:\users\geertje\AppData\Local\Caphyon
2011-04-05 18:38 . 2011-04-05 18:38 -------- d-----w- c:\users\geertje\AppData\Local\{1E479293-B171-4440-B33E-6E0E656231F0}
2011-04-05 18:35 . 2011-04-05 18:36 -------- d-----w- c:\program files\Windows Live
2011-03-27 14:55 . 2011-03-27 14:55 -------- d-----w- c:\programdata\Electronic Arts
2011-03-27 14:55 . 2011-03-27 14:55 -------- d-----w- c:\programdata\EA Core
2011-03-27 14:53 . 2010-11-23 01:09 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2011-03-27 14:53 . 2011-03-27 14:53 -------- d-----w- c:\program files\Microsoft WSE
2011-03-27 13:10 . 2011-03-27 13:10 -------- d-----w- c:\users\geertje\AppData\Roaming\NVIDIA
2011-03-25 14:22 . 2011-04-10 20:05 -------- d-----w- c:\users\geertje\AppData\Local\Conduit
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 22:51 . 2009-01-14 22:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-12 22:51 . 2009-01-14 22:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-05 18:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-19 10:49 . 2010-11-20 23:19 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-22 14:13 . 2011-03-23 09:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:29 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-12-23 12:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 18:03 . 2011-04-20 09:22 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-08-28 11:57 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/06 14:52];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-08-28 11:57 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-10 09:47]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 10:41]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 10:41]
.
2011-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
IE: E&xporteren naar Microsoft Excel
FF - ProfilePath - c:\users\geertje\AppData\Roaming\Mozilla\Firefox\Profiles\fikj3f8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp|Google
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{69D1A568-FFDF-4EF5-8919-7003582E0EE8} - (no file)
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-23 23:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-04-23 23:46:58
ComboFix-quarantined-files.txt 2011-04-23 21:46
.
Pre-Run: 141.495.980.032 bytes beschikbaar
Post-Run: 142.467.256.320 bytes beschikbaar
.
- - End Of File - - C093E6326AE0271DC2AC0ADCAF6DC321
-
ja de problemen lijken onveranderd
-
Malwarebytes' Anti-Malware 1.50.1.1100
Databaseversie: 6422
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
23-4-2011 0:13:43
mbam-log-2011-04-23 (00-13-43).txt
Scantype: Snelle scan
Objecten gescand: 155972
Verstreken tijd: 7 minuut/minuten, 49 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
---------- Post toegevoegd om 00:29 ---------- Vorige post was om 00:29 ----------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:27:39, on 23-4-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden | Facebook
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 5327 bytes
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:03, on 22-4-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden | Facebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 6143 bytes
-
hoi
ik heb een dell xps m1730, ik heb m nu 2 jaar en hij is enorm langzaam geworden.
ik heb gekeken naar procesmanager en wat me opvalt is dat wanneer ik een internetbrowser open heb staan me cpu 98% gebruikt.
plus dat wanneer ik me spelletje world of warcraft speel, de van continu aanslaat en evengoed me toetsenbord onwijs heet is.
help?
alvast bedankt geertje
dell laptop langzaam en warm
in Archief Windows Algemeen
Geplaatst:
okee dit gedeelte had ik even gemist, dus deze stap alsnog gedaan en hier dus het logbestandje:
---------- Post toegevoegd om 01:15 ---------- Vorige post was om 01:00 ----------
ComboFix 11-04-26.02 - geertje 27-04-2011 1:01.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.2039 [GMT 2:00]
Gestart vanuit: c:\users\geertje\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-26 to 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 23:07 . 2011-04-26 23:07 -------- d-----w- c:\users\geertje\AppData\Local\temp
2011-04-26 23:07 . 2011-04-26 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 16:27 . 2011-04-26 16:28 -------- d-----w- c:\users\geertje\AppData\Local\{412DACDA-1BE3-4BA1-9E48-C6C7491EF800}
2011-04-25 20:52 . 2011-04-25 20:52 -------- d-----w- c:\users\geertje\AppData\Local\{4E60E316-DA45-40CC-81A4-7DA21589CBA1}
2011-04-25 08:51 . 2011-04-25 08:51 -------- d-----w- c:\users\geertje\AppData\Local\{301CA1F8-A5DE-4F6C-A06A-E498ABCE9F57}
2011-04-24 12:08 . 2011-04-24 12:09 -------- d-----w- c:\users\geertje\AppData\Local\{88D39B5A-E349-43C1-B5C9-65AB7D9E4B73}
2011-04-23 21:58 . 2011-04-23 21:58 -------- d-----w- c:\windows\Sun
2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\users\geertje\AppData\Roaming\Malwarebytes
2011-04-22 22:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\programdata\Malwarebytes
2011-04-22 22:01 . 2011-04-22 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 22:01 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 12:10 . 2011-04-22 13:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-22 12:10 . 2011-04-22 12:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-22 11:56 . 2011-04-22 11:56 388096 ----a-r- c:\users\geertje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-22 11:56 . 2011-04-22 11:56 -------- d-----w- c:\program files\Trend Micro
2011-04-22 10:32 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC904EE1-B0AF-4D12-9B0B-3342D57F9B64}\mpengine.dll
2011-04-20 16:37 . 2011-04-20 16:37 -------- d-----w- c:\users\geertje\AppData\Local\ElevatedDiagnostics
2011-04-20 16:36 . 2011-04-20 16:36 -------- d-----w- c:\program files\Microsoft ATS
2011-04-20 10:52 . 2011-04-20 10:52 -------- d-----w- c:\users\geertje\AppData\Roaming\Unity
2011-04-19 19:21 . 2011-04-24 12:07 -------- d-----w- c:\users\geertje\AppData\Local\Unity
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-12 22:51 . 2011-04-12 22:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-04-12 22:51 . 2011-04-13 12:23 -------- d-----w- c:\program files\Real
2011-04-12 11:03 . 2011-04-12 11:03 -------- d-----w- c:\users\geertje\AppData\Roaming\ScanToPDF_4
2011-04-12 10:29 . 2011-04-12 10:29 -------- d-----w- c:\program files\O Imaging Corporation
2011-04-09 21:25 . 2011-04-10 20:04 -------- d-----w- c:\program files\Fiddler2
2011-04-05 19:22 . 2011-04-05 19:22 -------- d-----w- c:\users\geertje\AppData\Roaming\Printer's Apprentice
2011-04-05 19:22 . 2011-04-05 19:22 -------- d-----w- c:\programdata\Printer's Apprentice
2011-04-05 19:21 . 2011-04-05 19:21 -------- d-----w- c:\users\geertje\AppData\Local\Caphyon
2011-04-05 18:35 . 2011-04-05 18:36 -------- d-----w- c:\program files\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 22:51 . 2009-01-14 22:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-12 22:51 . 2009-01-14 22:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-05 18:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-19 10:49 . 2010-11-20 23:19 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-22 14:13 . 2011-03-23 09:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:29 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-12-23 12:48 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-08-28 11:57 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/06 14:52];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-08-28 11:57 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-10 09:47]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 10:41]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 10:41]
.
2011-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
IE: E&xporteren naar Microsoft Excel
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-27 01:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-04-27 01:08:27
ComboFix-quarantined-files.txt 2011-04-26 23:08
ComboFix2.txt 2011-04-26 22:46
ComboFix3.txt 2011-04-23 21:46
.
Pre-Run: 145.565.863.936 bytes beschikbaar
Post-Run: 145.532.203.008 bytes beschikbaar
.
- - End Of File - - 87C1364B7032CF02C981A66D01C039EA