sofianmaster

19 februari 2010

Nou ja, ik ga eens een HJT-Logje maken en misschien lost dat het wel op.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:09:00, on 19/02/2010

Platform: Windows Vista SP3 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Windows\ffpext\ffpsrv.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell / MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: LogMeIn Hamachi.lnk = C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://www.fiaa.eu/OPLauncher.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12480 bytes

19 februari 2010

Werkt zonder enkel probleem

19 februari 2010

Al bedankt voor je reactie, maar als ik op de explorer.exe druk dan komt er ee nieuw scherm naar mijn documenten

18 februari 2010

Goeiendag allemaal

Ik heb al zo'n ongeveer 2 maanden een nieuwe pc. Het enige probleem hierbij is als ik configuratiescherm open staat er dan explorer.exe werkt niet meer. Kunnen jullie mij hierbij helpen?

(Deze error kwam ook al van toen ik de computer net kreeg)

7 januari 2010

Vroeger alleen bij sommige games(pes 2010, Crossfire). Nu altijd. Zelfs als ik een video bekijk op youtube komt er een BSOD. Maar ik wil iets anders vragen. Vandaag krijg ik een nieuwe pc en ik wil graag deze computer(met dell restore manager) terug krijgen naar de fabrieksinstellingen. Zou deze BSOD dan hersteld zijn of niet?

Dank u

5 januari 2010

Na een paar weken testen heb ik ondervonden dat de BSOD nog steeds voorkomt.

26 december 2009

Ik heb systeemherstel uitgevoerd tot 5 dagen geleden(heb toen veel drivers van Dell gedownload). De 2de BSOD is verdwenen, alleen de 1ste komt nog vaak voor

26 december 2009

neen, jammer genoeg nog steeds de BSOD. Ik heb het programma ook opnieuw geïnstalleerd maar zonder succes

25 december 2009

DirectX versie: 11 wat eigenlijk vreemd is. Ik had nl. DirectX 10

24 december 2009

Merk: Dell

Type: PP29L

Serie nr: 07146

Misschien heb je deze codes ook nodig:

ServiceTag: FR39M3J

Express Code: 342-898-091-83

P/N: HT588 A00

Alvast bedankt

24 december 2009

Ik heb een intel xD en het probleem is dat ik een laptop heb. M.a.w de videokaart is geïntegreerd op het moederbord.

24 december 2009

Bij apparaatbeheer zie ik niet wat ik zou moeten verwijderen. Ik heb hier nog een afbeelding. Misschien zie je wat ik moet verwijderen

24 december 2009

Mijn vriend speelt dit spel al heel lang zonder problemen. En zoals je me nu vertelt is het wel degelijk de videokaart. Het kan aan de update liggen. Weet je misschien hoe ik de update van de videokaart kan verwijderen?

24 december 2009

Ik begrijp niet helemaal hoe je die memtest moet runnen. Ook heb ik sinds vandaag een andere BSOD.

Microsoft ® Windows Debugger Version 6.11.0001.404 X86

Loading Dump File [C:\Windows\Minidump\Mini122409-02.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*DownstreamStore*Symbol information

Executable search path is:

Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Built by: 6002.18082.x86fre.vistasp2_gdr.090803-2339

Machine Name:

Kernel base = 0x8244e000 PsLoadedModuleList = 0x82565c70

Debug session time: Thu Dec 24 11:13:55.704 2009 (GMT+1)

System Uptime: 0 days 0:09:29.465

Loading Kernel Symbols

...............................................................

................................................................

Loading User Symbols

Loading unloaded module list

......

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {8a3e2c50, ff, 0, c4845167}

Unable to load image \??\C:\Windows\system32\XDva317.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for XDva317.sys

*** ERROR: Module load completed but symbols could not be loaded for XDva317.sys

Probably caused by : XDva317.sys ( XDva317+8167 )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 8a3e2c50, memory referenced

Arg2: 000000ff, IRQL

Arg3: 00000000, value 0 = read operation, 1 = write operation

Arg4: c4845167, address which referenced memory

Debugging Details:

------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from 82585868

Unable to read MiSystemVaType memory at 82565420

8a3e2c50

CURRENT_IRQL: 0

FAULTING_IP:

XDva317+8167

c4845167 ?? ???

ADDITIONAL_DEBUG_TEXT: The trap occurred when interrupts are disabled on the target.

BUGCHECK_STR: DISABLED_INTERRUPT_FAULT

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME: crossfire.exe

TRAP_FRAME: b5692620 -- (.trap 0xffffffffb5692620)

ErrCode = 00000000

eax=85801f50 ebx=c4848790 ecx=8a3e2c50 edx=8a3e2c50 esi=00000050 edi=b5692714

eip=c4845167 esp=b5692694 ebp=b56926d0 iopl=0 nv up di pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010046

XDva317+0x8167:

c4845167 ?? ???

Resetting default scope

LAST_CONTROL_TRANSFER: from c4845167 to 8249bfb9

STACK_TEXT:

b5692620 c4845167 badb0d00 8a3e2c50 00000060 nt!KiTrap0E+0x2e1

WARNING: Stack unwind information not available. Following frames may be wrong.

b5692690 b5692714 c484a00c 9625c000 b5692cf0 XDva317+0x8167

b56926d0 c4843ed1 82585b00 82585b40 c484a00c 0xb5692714

b56926f8 c484564d b5692738 b5692714 d8492e58 XDva317+0x6ed1

b56928e4 c483e075 d8492e58 000001a8 d8492e58 XDva317+0x864d

b5692bd0 c484011a d8076f68 c77e9358 00000001 XDva317+0x1075

b5692c0c 827306be d5846448 d8076f68 c77e9358 XDva317+0x311a

b5692c30 8249292d d8076fd8 d8076f68 d5846448 nt!IovCallDriver+0x23f

b5692c44 826946a1 c77e9358 d8076f68 d8076fd8 nt!IofCallDriver+0x1b

b5692c64 82694e46 d5846448 c77e9358 0012cb00 nt!IopSynchronousServiceTail+0x1d9

b5692d00 82695f10 d5846448 d8076f68 00000000 nt!IopXxxControlFile+0x6b7

b5692d34 82498c7a 000005a0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a

b5692d34 773d5e74 000005a0 00000000 00000000 nt!KiFastCallEntry+0x12a

0012cb7c 00000000 00000000 00000000 00000000 0x773d5e74

STACK_COMMAND: kb

FOLLOWUP_IP:

XDva317+8167

c4845167 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: XDva317+8167

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: XDva317

IMAGE_NAME: XDva317.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b18ac6d

FAILURE_BUCKET_ID: DISABLED_INTERRUPT_FAULT_VRF_XDva317+8167

BUCKET_ID: DISABLED_INTERRUPT_FAULT_VRF_XDva317+8167

Followup: MachineOwner

---------- Post toegevoegd om 11:26 ---------- Vorige post was om 11:25 ----------

Wat ik nog vergeten te melden ben is dat deze 2 BSOD's maar in één spel voorkomen nl. Crossfire

23 december 2009

Ik heb een Intel GM965 Express Chipset Family. En de videokaart is up-to-date.

22 december 2009

Goeiedag allemaal,

Ik heb regelmatig last van BSOD's en dankzij Dell's hulp heb ik iets met Windows Debugger kunnen maken. Na het probleem gezien te hebben(dxgkrnl) zat ik opeens vast. Wat zou ik nu moeten doen?

Hier is nog het dump filetje.

Loading Dump File [C:\Windows\Minidump\Mini122209-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*DownstreamStore*Symbol information

Executable search path is:

Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Built by: 6002.18082.x86fre.vistasp2_gdr.090803-2339

Machine Name:

Kernel base = 0x82444000 PsLoadedModuleList = 0x8255bc70

Debug session time: Tue Dec 22 19:14:16.658 2009 (GMT+1)

System Uptime: 0 days 9:59:19.617

Loading Kernel Symbols

...............................................................

................................................................

.

Loading User Symbols

Loading unloaded module list

......

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {4, 2, 1, 8e66f8ce}

Unable to load image \SystemRoot\System32\drivers\dxgkrnl.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for dxgkrnl.sys

*** ERROR: Module load completed but symbols could not be loaded for dxgkrnl.sys

Probably caused by : dxgkrnl.sys ( dxgkrnl+198ce )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000004, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: 8e66f8ce, address which referenced memory

Debugging Details:

------------------

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 8257b868

Unable to read MiSystemVaType memory at 8255b420

00000004

CURRENT_IRQL: 2

FAULTING_IP:

dxgkrnl+198ce

8e66f8ce ?? ???

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: dwm.exe

TRAP_FRAME: 9766a6ec -- (.trap 0xffffffff9766a6ec)

ErrCode = 00000002

eax=00000000 ebx=919c18b8 ecx=b3121850 edx=8553f334 esi=00000000 edi=84d42008

eip=8e66f8ce esp=9766a760 ebp=9766a770 iopl=0 nv up ei ng nz na pe cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287

dxgkrnl+0x198ce:

8e66f8ce ?? ???

Resetting default scope

LAST_CONTROL_TRANSFER: from 8e66f8ce to 82491fb9

STACK_TEXT:

9766a6ec 8e66f8ce badb0d00 8553f334 919c1800 nt!KiTrap0E+0x2e1

WARNING: Stack unwind information not available. Following frames may be wrong.

9766a75c b31216d0 00000000 919c1c66 919c1b00 dxgkrnl+0x198ce

9766a770 8e6e8a9f 919c1c64 b3121850 b3121858 0xb31216d0

9766a7f0 8e6e629a 919c1c64 00000001 c4725210 dxgkrnl+0x92a9f

9766a818 8e699059 b31216d0 9766aa30 c4725210 dxgkrnl+0x9029a

9766a9b0 8e69b088 00000000 c000ff40 00000000 dxgkrnl+0x43059

9766aba4 8e69bbf9 ac06ec58 00000000 1901efcb dxgkrnl+0x45088

9766ad58 8248ec7a 004d0027 01b3f5d0 775e5e74 dxgkrnl+0x45bf9

9766ad58 775e5e74 004d0027 01b3f5d0 775e5e74 nt!KiFastCallEntry+0x12a

01b3f5d0 00000000 00000000 00000000 00000000 0x775e5e74

STACK_COMMAND: kb

FOLLOWUP_IP:

dxgkrnl+198ce

8e66f8ce ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: dxgkrnl+198ce

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dxgkrnl

IMAGE_NAME: dxgkrnl.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4abc1c72

FAILURE_BUCKET_ID: 0xD1_dxgkrnl+198ce

BUCKET_ID: 0xD1_dxgkrnl+198ce

Followup: MachineOwner

---------

29 november 2009

Dit is het logje

Results of screen317's Security Check version 0.99.1

Windows Vista Service Pack 2 (UAC is enabled)

``````````````````````````````

Antivirus/Firewall Check:

avast! Antivirus

Antivirus up to date! (On Access scanning disabled!)

``````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

HijackThis 2.0.2

CCleaner

Eusing Free Registry Cleaner

Java 6 Update 17

Adobe Flash Player 10

Adobe Reader 9.2

Adobe Reader 9.2 - Nederlands

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe is disabled!

``````````````````````````````

DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

29 november 2009

Combofix

ComboFix 09-11-28.04 - Sofian 29/11/2009 14:39.10.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2037.899 [GMT 1:00]

Gestart vanuit: c:\users\Sofian\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Sofian\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1351 [VPS 091121-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Lavasoft Ad-Watch Live! Anti-virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

SP: avast! antivirus 4.8.1351 [VPS 091121-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\SDE9B2FEC(285).tmp"

"c:\windows\SDE9B2FEC(559).tmp"

"c:\windows\SDE9B2FEC.tmp"

"c:\windows\svcadmin.exe"

"c:\windows\System32\658BC72326.sys"

"c:\windows\system32\GameMon.des"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\LOG.TXT

c:\windows\SDE9B2FEC(285).tmp

c:\windows\SDE9B2FEC(559).tmp

c:\windows\SDE9B2FEC.tmp

c:\windows\svcadmin.exe

c:\windows\System32\658BC72326.sys

c:\windows\system32\GameMon.des

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npggsvc

-------\Service_Anyplace Control Security

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-28 to 2009-11-29 ))))))))))))))))))))))))))))))

.

2009-11-29 14:01 . 2009-11-29 14:01 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-11-29 14:01 . 2009-11-29 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-11-28 16:52 . 2009-11-29 14:08 4096 d-----w- c:\users\Sofian\AppData\Local\temp

2009-11-28 12:49 . 2009-11-26 16:41 52224 ----a-w- c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2009-11-28 12:49 . 2009-11-26 16:41 114688 ----a-w- c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\npmozax.dll

2009-11-27 19:21 . 2009-11-27 19:21 -------- d-----w- c:\users\Sofian\AppData\Roaming\Paquet Builder

2009-11-27 19:21 . 2009-11-27 19:21 4096 d-----w- c:\program files\Paquet Builder

2009-11-27 19:15 . 2009-11-27 19:15 4096 d-----w- c:\program files\7-Zip

2009-11-26 20:56 . 2009-11-26 20:56 4096 d-----w- c:\program files\gBurner

2009-11-25 17:51 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 17:50 . 2009-11-25 17:50 -------- d-----w- c:\program files\MSXML 4.0

2009-11-25 12:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 12:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-24 18:42 . 2009-11-24 18:42 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll

2009-11-24 18:42 . 2009-11-24 18:42 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll

2009-11-24 18:42 . 2009-11-24 18:42 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll

2009-11-24 18:42 . 2009-11-24 18:42 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll

2009-11-23 17:45 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2009-11-23 17:45 . 2009-11-23 17:46 4096 d-----w- c:\program files\PDFCreator

2009-11-23 17:45 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2009-11-23 15:13 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-22 20:40 . 2009-11-22 20:40 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-22 20:35 . 2009-11-22 20:35 -------- d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests

2009-11-22 19:49 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2009-11-22 19:49 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-11-22 19:49 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-11-22 19:47 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-22 19:47 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-22 19:47 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-22 19:19 . 2009-11-22 19:20 -------- d-----w- c:\windows\system32\ca-ES

2009-11-22 19:19 . 2009-11-22 19:20 -------- d-----w- c:\windows\system32\eu-ES

2009-11-22 19:19 . 2009-11-22 19:20 -------- d-----w- c:\windows\system32\vi-VN

2009-11-22 17:54 . 2009-11-22 17:54 -------- d-----w- c:\windows\system32\EventProviders

2009-11-22 12:56 . 2009-04-11 06:28 289792 ----a-w- c:\windows\system32\spinstall.exe

2009-11-22 12:55 . 2009-04-11 06:28 1143296 ----a-w- c:\windows\system32\wercon.exe

2009-11-22 12:54 . 2009-04-11 06:28 177664 ----a-w- c:\windows\system32\WSDMon.dll

2009-11-22 12:53 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll

2009-11-22 12:53 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2009-11-22 12:52 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

2009-11-22 11:26 . 2009-11-22 21:30 20480 d-----w- c:\program files\Eusing Free Registry Cleaner

2009-11-21 19:05 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2009-11-21 18:25 . 2009-11-21 18:25 -------- dc----w- C:\PerfLogs

2009-11-21 17:36 . 2008-01-18 22:36 6656 ----a-w- c:\windows\system32\sdspres.dll

2009-11-21 17:36 . 2008-01-18 22:33 193024 ----a-w- c:\windows\system32\recdisc.exe

2009-11-21 17:35 . 2008-01-18 22:36 28160 ----a-w- c:\windows\system32\sxproxy.dll

2009-11-21 17:25 . 2008-01-18 22:42 94776 ----a-w- c:\windows\system32\MigAutoPlay.exe

2009-11-21 17:24 . 2008-01-18 22:38 155704 ----a-w- c:\windows\system32\dssenh.dll

2009-11-21 17:23 . 2008-01-18 22:33 96768 ----a-w- c:\windows\system32\wininit.exe

2009-11-21 16:59 . 2009-11-21 16:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2009-11-21 15:05 . 2009-11-21 15:05 61440 ----a-w- c:\windows\system32\winipsec.dll

2009-11-21 15:05 . 2009-11-21 15:05 272896 ----a-w- c:\windows\system32\polstore.dll

2009-11-21 15:01 . 2009-11-21 15:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-11-21 15:01 . 2009-11-21 15:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-11-21 15:01 . 2009-11-21 15:01 17920 ----a-w- c:\windows\system32\netevent.dll

2009-11-21 15:01 . 2009-11-21 15:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-11-21 15:01 . 2009-11-21 15:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-11-21 15:01 . 2009-11-21 15:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-11-21 15:01 . 2009-11-21 15:01 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-11-21 15:01 . 2009-11-21 15:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-11-21 15:01 . 2009-11-21 15:01 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-11-21 15:01 . 2009-11-21 15:01 10240 ----a-w- c:\windows\system32\finger.exe

2009-11-21 15:01 . 2009-11-21 15:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-11-21 14:58 . 2009-11-21 14:58 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-11-21 14:58 . 2009-11-21 14:58 68096 ----a-w- c:\windows\system32\wlanhlp.dll

2009-11-21 14:58 . 2009-11-21 14:58 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-11-21 14:58 . 2009-11-21 14:58 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-11-21 14:58 . 2009-11-21 14:58 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-11-21 14:58 . 2009-11-21 14:58 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-11-21 14:54 . 2009-11-21 14:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-11-21 14:54 . 2009-11-21 14:54 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-11-21 14:54 . 2009-11-21 14:54 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-11-21 14:54 . 2009-11-21 14:54 23552 ----a-w- c:\windows\system32\lpk.dll

2009-11-21 14:54 . 2009-11-21 14:54 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-11-21 14:54 . 2009-11-21 14:54 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-11-21 14:52 . 2009-11-21 14:52 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-11-21 14:51 . 2009-11-21 14:51 9728 ----a-w- c:\windows\system32\infoctrs.dll

2009-11-21 14:51 . 2009-11-21 14:51 16384 ----a-w- c:\windows\system32\infoadmn.dll

2009-11-21 14:45 . 2009-11-21 14:45 98816 ----a-w- c:\windows\system32\mfps.dll

2009-11-21 14:45 . 2009-11-21 14:45 53248 ----a-w- c:\windows\system32\rrinstaller.exe

2009-11-21 14:45 . 2009-11-21 14:45 2868224 ----a-w- c:\windows\system32\mf.dll

2009-11-21 14:45 . 2009-11-21 14:45 24576 ----a-w- c:\windows\system32\mfpmp.exe

2009-11-21 14:45 . 2009-11-21 14:45 2048 ----a-w- c:\windows\system32\mferror.dll

2009-11-21 14:38 . 2009-11-21 14:38 71680 ----a-w- c:\windows\system32\atl.dll

2009-11-21 14:34 . 2009-11-21 14:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-11-21 14:34 . 2009-11-21 14:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-11-21 14:33 . 2009-11-21 14:33 36864 ----a-w- c:\windows\system32\mqise.dll

2009-11-21 14:33 . 2009-11-21 14:33 126464 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-11-21 14:32 . 2009-11-21 14:32 917504 ----a-w- c:\windows\system32\mqqm.dll

2009-11-21 14:32 . 2009-11-21 14:32 89600 ----a-w- c:\windows\system32\mqlogmgr.dll

2009-11-21 14:32 . 2009-11-21 14:32 8704 ----a-w- c:\windows\system32\mqsvc.exe

2009-11-21 14:32 . 2009-11-21 14:32 37888 ----a-w- c:\windows\system32\mqbkup.exe

2009-11-21 14:32 . 2009-11-21 14:32 154112 ----a-w- c:\windows\system32\mqtrig.dll

2009-11-21 14:32 . 2009-11-21 14:32 125440 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-11-21 14:29 . 2009-11-21 14:29 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-11-21 14:28 . 2009-11-21 14:28 53248 ----a-w- c:\windows\system32\tsgqec.dll

2009-11-21 14:28 . 2009-11-21 14:28 136192 ----a-w- c:\windows\system32\aaclient.dll

2009-11-21 14:28 . 2009-11-21 14:28 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-11-21 14:27 . 2009-11-21 14:27 2048 ----a-w- c:\windows\system32\msxml3r.dll

2009-11-21 14:15 . 2009-11-21 14:15 623616 ----a-w- c:\windows\system32\localspl.dll

2009-11-21 14:14 . 2009-11-21 14:14 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-11-21 14:14 . 2009-11-21 14:14 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-11-21 14:14 . 2009-11-21 14:14 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-11-21 14:14 . 2009-11-21 14:14 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-11-21 14:14 . 2009-11-21 14:14 31232 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-21 14:14 . 2009-11-21 14:14 12800 ----a-w- c:\windows\system32\msrle32.dll

2009-11-21 14:09 . 2009-11-21 14:09 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-11-21 14:09 . 2009-11-21 14:09 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-11-21 14:09 . 2009-11-21 14:09 9728 ----a-w- c:\windows\system32\lsass.exe

2009-11-21 14:09 . 2009-11-21 14:09 72704 ----a-w- c:\windows\system32\secur32.dll

2009-11-21 14:09 . 2009-11-21 14:09 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-11-21 14:09 . 2009-11-21 14:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2009-11-21 14:09 . 2009-11-21 14:09 270848 ----a-w- c:\windows\system32\schannel.dll

2009-11-21 14:05 . 2009-11-21 14:05 9847296 ----a-w- c:\windows\system32\NlsData000a.dll

2009-11-21 14:05 . 2009-11-21 14:05 2643456 ----a-w- c:\windows\system32\NlsData000c.dll

2009-11-21 14:05 . 2009-11-21 14:05 2342912 ----a-w- c:\windows\system32\NlsData000d.dll

2009-11-21 14:05 . 2009-11-21 14:05 1965056 ----a-w- c:\windows\system32\NlsData000f.dll

2009-11-21 14:05 . 2009-11-21 14:05 4495360 ----a-w- c:\windows\system32\NlsData0416.dll

2009-11-21 14:05 . 2009-11-21 14:05 4495360 ----a-w- c:\windows\system32\NlsData0414.dll

2009-11-21 14:05 . 2009-11-21 14:05 4495360 ----a-w- c:\windows\system32\NlsData0816.dll

2009-11-21 14:05 . 2009-11-21 14:05 1965056 ----a-w- c:\windows\system32\NlsData081a.dll

2009-11-21 14:05 . 2009-11-21 14:05 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll

2009-11-21 14:05 . 2009-11-21 14:05 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll

2009-11-21 14:03 . 2009-11-21 14:03 6656 ----a-w- c:\windows\system32\kbd106n.dll

2009-11-21 13:59 . 2009-11-21 13:59 88576 ----a-w- c:\windows\system32\tlntsess.exe

2009-11-21 13:59 . 2009-11-21 13:59 206848 ----a-w- c:\windows\system32\telnet.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-29 14:02 . 2008-11-30 00:16 8011 ----a-w- c:\windows\bthservsdp.dat

2009-11-28 21:13 . 2008-05-22 20:34 118784 d-----w- c:\users\Sofian\AppData\Roaming\uTorrent

2009-11-27 17:54 . 2009-09-12 16:16 4096 d-----w- c:\users\Sofian\AppData\Roaming\Skype

2009-11-27 17:03 . 2009-02-06 20:48 -------- d-----w- c:\users\Sofian\AppData\Roaming\skypePM

2009-11-25 15:56 . 2006-11-02 16:11 755280 ----a-w- c:\windows\system32\perfh013.dat

2009-11-25 15:56 . 2006-11-02 16:11 162068 ----a-w- c:\windows\system32\perfc013.dat

2009-11-24 18:42 . 2008-12-10 11:32 8192 d-----w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab

2009-11-22 20:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-22 20:40 . 2009-11-22 20:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-22 19:40 . 2009-11-22 19:40 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-11-22 19:20 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar

2009-11-22 19:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-11-22 19:20 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail

2009-11-22 19:20 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery

2009-11-22 19:20 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal

2009-11-22 19:20 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration

2009-11-22 19:20 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender

2009-11-21 19:33 . 2009-01-17 23:25 16384 d-----w- c:\program files\Paint.NET

2009-11-21 19:00 . 2009-02-11 12:20 4096 d-----w- c:\users\Sofian\AppData\Roaming\FileZilla

2009-11-21 18:12 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2009-11-21 18:12 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2009-11-21 17:13 . 2008-11-30 08:40 124064 ----a-w- c:\users\Sofian\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-21 16:59 . 2009-01-23 23:01 24576 d-----w- c:\programdata\Microsoft Help

2009-11-21 14:49 . 2008-04-15 23:40 24576 d-----w- c:\program files\Microsoft Works

2009-11-14 11:47 . 2008-12-14 17:59 -------- d-----w- c:\users\Sofian\AppData\Roaming\Yahoo!

2009-11-13 18:35 . 2008-12-09 21:35 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-11 17:36 . 2008-05-04 09:42 4096 d-----w- c:\users\Sofian\AppData\Roaming\VoipBuster

2009-11-11 14:48 . 2008-04-19 19:38 4096 d-----w- c:\program files\dvdSanta

2009-11-07 17:17 . 2009-03-18 19:12 4096 d-----w- c:\users\Sofian\AppData\Roaming\MessengerDiscovery 2

2009-11-07 17:17 . 2008-06-11 10:58 4096 d-----w- c:\program files\MessengerDiscovery 2

2009-11-07 15:57 . 2008-06-11 11:26 4096 d-----w- c:\program files\Messenger Plus! Live

2009-11-07 15:42 . 2008-04-23 18:53 -------- d-----w- c:\program files\Windows Live

2009-11-06 21:46 . 2009-05-15 18:31 4096 d-----w- c:\program files\Recuva

2009-11-06 21:46 . 2008-07-09 22:13 4096 d-----w- c:\program files\DAEMON Tools Lite

2009-11-06 19:20 . 2008-04-15 23:17 12288 d--h--w- c:\program files\InstallShield Installation Information

2009-11-02 08:48 . 2009-08-21 07:48 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe

2009-11-02 08:48 . 2009-08-21 07:48 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll

2009-11-02 08:48 . 2009-08-21 07:48 168800 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll

2009-11-02 08:48 . 2009-08-21 07:48 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe

2009-11-02 08:48 . 2009-08-21 07:48 349008 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll

2009-11-02 08:48 . 2009-08-21 07:48 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll

2009-11-02 08:48 . 2009-08-21 07:48 84320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll

2009-11-02 08:48 . 2009-08-21 07:48 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll

2009-11-02 08:48 . 2009-08-21 07:48 246640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll

2009-11-02 08:48 . 2009-08-21 07:48 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll

2009-11-02 08:48 . 2009-08-21 07:48 664936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll

2009-11-02 08:47 . 2009-08-21 07:48 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2009-11-02 08:47 . 2009-08-21 07:48 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2009-11-02 08:47 . 2009-08-21 07:48 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2009-11-02 08:47 . 2009-08-21 07:48 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe

2009-11-02 08:47 . 2009-08-21 07:48 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe

2009-11-02 08:47 . 2009-08-21 07:48 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe

2009-11-02 08:46 . 2008-06-24 14:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-02 08:44 . 2009-02-25 16:35 -------- d-----w- c:\programdata\DAEMON Tools Lite

2009-11-01 09:37 . 2009-07-04 17:11 4096 d-----w- c:\program files\Unlocker

2009-10-30 16:07 . 2009-05-24 12:54 4096 d-----w- c:\programdata\TrackMania

2009-10-28 22:17 . 2008-12-27 19:07 1 ----a-w- c:\users\Sofian\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-10-24 17:43 . 2008-04-15 23:36 4096 d-----w- c:\program files\Common Files\Adobe

2009-10-24 13:58 . 2009-10-24 12:26 -------- d-----w- c:\program files\Assassin's Creed

2009-10-24 13:47 . 2009-10-24 13:47 -------- d-----w- c:\users\Sofian\AppData\Roaming\Ubisoft

2009-10-24 13:47 . 2008-11-30 17:10 4096 d-----w- c:\programdata\Ubisoft

2009-10-21 10:43 . 2009-09-28 14:27 -------- d-----w- c:\program files\KONAMI

2009-10-21 09:17 . 2009-10-21 09:17 -------- d-----w- c:\programdata\KONAMI

2009-10-20 17:29 . 2009-05-30 09:59 -------- d-----w- c:\program files\Hamachi

2009-10-20 17:21 . 2008-06-18 14:05 4096 d-----w- c:\users\Sofian\AppData\Roaming\Hamachi

2009-10-20 16:26 . 2008-10-28 20:10 8192 d-----w- c:\program files\PES 2009

2009-10-18 13:08 . 2008-11-22 17:43 4096 d-----w- c:\program files\SystemRequirementsLab

2009-10-18 13:07 . 2009-10-18 13:07 138240 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-10-18 13:07 . 2009-10-18 13:07 138240 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-10-18 13:07 . 2009-10-18 13:07 138240 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-10-18 13:07 . 2009-10-18 13:07 138240 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2009-10-11 11:50 . 2009-10-11 11:50 -------- d-----w- c:\program files\Loquendo

2009-10-10 11:22 . 2009-10-10 11:20 -------- d-----w- c:\users\Sofian\AppData\Roaming\ISP Monitor

2009-10-10 11:20 . 2009-10-10 11:20 4096 d-----w- c:\program files\ISP Monitor

2009-10-10 11:20 . 2009-10-10 11:20 737280 ----a-w- c:\windows\iun6002.exe

2009-10-06 19:56 . 2008-04-15 23:36 4096 d-----w- c:\program files\Google

2009-10-05 14:32 . 2009-10-05 14:30 -------- d-----w- c:\programdata\DriverScanner

2009-10-05 14:30 . 2009-10-05 14:29 4096 dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

2009-10-05 14:30 . 2008-11-29 09:39 -------- d-----w- c:\program files\Uniblue

2009-10-05 14:30 . 2008-10-25 07:43 -------- d-----w- c:\users\Sofian\AppData\Roaming\Uniblue

2009-10-04 20:25 . 2008-04-30 13:05 8192 d-----w- c:\users\Sofian\AppData\Roaming\LimeWire

2009-10-04 18:07 . 2009-10-04 18:07 4096 d-----w- c:\program files\Auto Clicker

2009-10-03 21:19 . 2009-10-03 21:11 -------- d-----w- c:\program files\Foxit Software

2009-10-03 11:19 . 2009-03-27 18:44 4096 d-----w- c:\program files\LimeWire

2009-10-01 01:02 . 2009-11-22 19:48 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02 . 2009-11-22 19:48 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02 . 2009-11-22 19:48 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02 . 2009-11-22 19:48 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02 . 2009-11-22 19:48 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01 . 2009-11-22 19:48 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01 . 2009-11-22 19:48 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01 . 2009-11-22 19:48 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01 . 2009-11-22 19:48 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01 . 2009-11-22 19:48 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01 . 2009-11-22 19:48 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01 . 2009-11-22 19:48 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-09-25 18:37 . 2009-09-25 18:37 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_6_0_d_ind.dll

2009-09-25 18:37 . 2009-09-25 18:37 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_6_0_c_ind.dll

2009-09-25 18:37 . 2009-09-25 18:37 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_6_0_b_ind.dll

2009-09-25 18:37 . 2009-09-25 18:37 247296 ----a-w- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_6_0_a_ind.dll

2008-04-15 23:28 . 2008-04-15 23:28 76 --sha-w- c:\windows\CT4CET.bin

2008-04-19 11:13 . 2008-04-19 11:13 76 --sha-w- c:\windows\CT5PRET.BIN

2008-12-11 21:38 . 2008-12-11 11:43 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2008-12-11 21:38 . 2008-12-11 11:43 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

2009-01-20 20:04 . 2008-11-28 16:46 3036 --sha-w- c:\windows\System32\KGyGaAvL.sys

2007-02-26 18:59 . 2007-02-26 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2009-11-12 9094448]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]

"Google Update"="c:\users\Sofian\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-21 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe dvcStatusMinimize" [X]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2007-02-24 132680]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-11 101136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-16 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:7e,c7,31,9a,a9,6b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-991331777-2378318461-4560006-1000]

"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/08/2009 8:49 64160]

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5/07/2006 13:46 63352]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/03/2009 9:53 114768]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [16/04/2008 0:08 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [28/03/2009 9:53 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28/03/2009 9:52 53328]

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CamthWDM.sys [30/11/2008 0:59 941784]

R2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [28/06/2007 14:05 131072]

R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [5/09/2009 15:53 48896]

R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [22/06/2009 18:56 233472]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]

R2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [22/08/2007 23:55 36864]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1028432]

R2 litsgt;litsgt;c:\windows\System32\drivers\litsgt.sys [14/02/2009 17:48 137344]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 10:18 202016]

R2 tansgt;tansgt;c:\windows\System32\drivers\tansgt.sys [14/02/2009 17:48 12032]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [22/06/2009 18:56 36608]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [30/11/2008 0:59 111616]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [15/04/2009 13:13 84832]

S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [30/11/2008 0:59 17536]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/11/2009 18:23 21504]

S3 WMSvc;Web Management-service;c:\windows\System32\inetsrv\WMSvc.exe [2/11/2006 13:36 10752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

bthsvcs REG_MULTI_SZ BthServ

getPlusHelper REG_MULTI_SZ getPlusHelper

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:47]

2009-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-991331777-2378318461-4560006-1000Core.job

- c:\users\Sofian\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 11:41]

2009-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-991331777-2378318461-4560006-1000UA.job

- c:\users\Sofian\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 11:41]

2009-11-29 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2007-10-16 09:20]

2008-12-12 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2007-10-16 09:20]

2009-11-29 c:\windows\Tasks\User_Feed_Synchronization-{D130A10C-2448-4567-A8B2-044877608ACE}.job

- c:\windows\system32\msfeedssync.exe [2009-11-21 03:41]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.games-fusion.net/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab

FF - ProfilePath - c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL -

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - component: c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - plugin: c:\progra~1\SONYON~1\npsoe.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll

FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\users\Sofian\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

FF - user.js: network.proxy.http_port - 0

FF - user.js: network.proxy.ssl -

FF - user.js: network.proxy.ssl_port - 0

FF - user.js: network.proxy.ftp -

FF - user.js: network.proxy.ftp_port - 0

FF - user.js: network.proxy.gopher -

FF - user.js: network.proxy.gopher_port - 0

FF - user.js: network.proxy.socks_version - 5

FF - user.js: network.proxy.socks -

FF - user.js: network.proxy.socks_port - 0

FF - user.js: nglayout.initialpaint.delay - 100

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.interval - 100000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 4

FF - user.js: network.http.max-persistent-connections-per-server - 2

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-11-29 15:08

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\TEMP\TMP000000550DE33B0EDFD09582 524288 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spwi.sys hal.dll >>UNKNOWN [0x853E7938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x887d1d24

\Driver\ACPI -> acpi.sys @ 0x87fc1d68

\Driver\atapi -> 0x854311f8

\Driver\iaStor -> iastor.sys @ 0x880ce6d0

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5484)

c:\windows\system32\btncopy.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\windows\system32\WLANExt.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\CISVC.EXE

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PSIService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\STacSV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\windows\ehome\ehmsas.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

.

**************************************************************************

.

Voltooingstijd: 2009-11-29 15:23 - machine werd herstart

ComboFix-quarantined-files.txt 2009-11-29 14:23

ComboFix2.txt 2009-11-28 17:16

Pre-Run: 6.983.782.400 bytes beschikbaar

Post-Run: 6.133.956.608 bytes beschikbaar

- - End Of File - - 0880057D05E679314D3B07482D11E6AC

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:27:19, on 29/11/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Folder Guard Pro\FGKey.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\Explorer.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Games Fusion - PC Cheats, Saved Games, Trailers, Demos and Patches

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sofian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O15 - Trusted IP range: http://192.168.0.1

O15 - ESC Trusted IP range: http://192.168.0.1

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258806103935

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258907798795

O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://www.fiaa.eu/OPLauncher.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12709 bytes

Ik denk dat het heeft geholpen, mijn computer is nu trug even snel als vroeger

28 november 2009

ComboFix 09-11-27.07 - Sofian 28/11/2009 17:29.9.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2037.1026 [GMT 1:00]

Gestart vanuit: c:\users\Sofian\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091121-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Lavasoft Ad-Watch Live! Anti-virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

SP: avast! antivirus 4.8.1351 [VPS 091121-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-2815755638-1480285660-2120787009-500

c:\$recycle.bin\S-1-5-21-991331777-2378318461-4560006-500

C:\LOG.TXT

c:\users\Sofian\AppData\Roaming\.#

c:\users\Sofian\AppData\Roaming\Desktopicon

c:\users\Sofian\AppData\Roaming\Desktopicon\eBay.ico

c:\users\Sofian\AppData\Roaming\Desktopicon\eBayShortcuts.exe

c:\users\Sofian\AppData\Roaming\Desktopicon\uninst.exe

c:\users\Sofian\AppData\Roaming\inst.exe

c:\windows\slog.dll

c:\windows\system32\gatherWirelessInfo.vbs

c:\windows\system32\NTSVc.ocx

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Boonty Games

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-28 to 2009-11-28 ))))))))))))))))))))))))))))))

.

2009-11-28 16:52 . 2009-11-28 16:59 4096 d-----w- c:\users\Sofian\AppData\Local\temp

2009-11-28 16:52 . 2009-11-28 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp