PC langzaam + virusscanner uit?

vlindermeisje 12 februari 2012, 09:13

Sinds ongeveer een week heb ik problemen met mijn laptop met Windows 7. Hij is, niet continu maar wel zeer regelmatig, ontzettend langzaam. Op deze momenten wordt er 100% CPU gebruikt óf tegen de 100% physical memory. Tegerlijktijd krijg ik af en toe de melding van Windows dat Avast doorgeeft dat Avast uitgeschakeld staat terwijl deze op dat moment niet uitgeschakeld staat en af en toe ook dat Windows Defender uitgeschakeld is.
Ik heb verscheidene zaken geprobeerd maar het lukt mij niet om de oorzaak te vinden:
1) full scan gedraaid met Avast; geen malware
2) full scan gedraaid met MBAM; geen malware, zie scanresultaten hieronder
3) Avast opnieuw geinstalleerd (vanwege melding)
4) Online scan gedraaid (ESET); geen malware
Ik meen geen vreemde zaken te hebben gedaan maar ben bang, vooral vanwege de melding met mijn virusscanner dat ik wellicht toch last heb van malware. Ik heb niet kunnen ontdekken wat de verschillen zijn tussen de momenten waarop de laptop traag is en niet. In- en uitschakelen van de netwerkverbinding lijkt weinig tot geen verschil te maken.
Kan iemand naar mijn HiJackthis-log kijken of een andere tip geven waarmee ik verder kan onderzoeken wat er aan de hand is?
MBAM
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.07.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
naam:: naam-LAPTOP [administrator]
7-2-2012 6:51:01
mbam-log-2012-02-07 (06-51-01).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462637
Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HIJackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:20, on 12-2-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12272 bytes

Antwoord niet gevonden? Stel hier je vraag:

Abraham54 12 februari 2012, 14:00

Hallo vlindermeisje, dan moeten we maar dieper gaan kijken in jouw Windows.
Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
[color=#0000FF:17a22886c5][list:17a22886c5][*:17a22886c5]Lees telkens elke instruktie eerst goed door.
[*:17a22886c5]De gegeven instrukties gelden alleen jouw Windows.
[*:17a22886c5]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
[*:17a22886c5]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
[*:17a22886c5]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef,
[*:17a22886c5] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
[*:17a22886c5]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
[*:17a22886c5]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
[*:17a22886c5]Ook indien je iets niet begrijpt, meldt dat dan.
[*:17a22886c5]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:17a22886c5][/color:17a22886c5]
[color=#FF0000:17a22886c5]Stap •1•[/color:17a22886c5]
Welk programma: TDSSStarter.exe
Waarvoor/waarom: Rootkitscanner
Moeilijkheidsgraad: geen
Download TDSSStarter naar het bureaublad.
Tijdelijk downloadlink: TDSSStarter
"TDSSSStarter.exe" gebruiken:
[list:17a22886c5][*:17a22886c5] [color=#0000FF:17a22886c5]Sluit nu eerst alle nog openstaande programmavensters![/color:17a22886c5]
[list:17a22886c5][*:17a22886c5][color=#0000FF:17a22886c5]Windows 2000[/color:17a22886c5] en [color=#0000FF:17a22886c5]Windows XP[/color:17a22886c5]: start het tool middels dubbelklik op " TDSSStarter .exe".
[*:17a22886c5][color=#0000FF:17a22886c5]Windows Vista[/color:17a22886c5] en [color=#0000FF:17a22886c5]Windows 7[/color:17a22886c5]: start het tool middels rechtsklik op "TDSSStarter.exe" en dan kiezen voor Als Administrator uitvoeren.[/list:u:17a22886c5]
[*:17a22886c5]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
[*:17a22886c5]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:17a22886c5]
[color=#FF0000:17a22886c5]Stap •2•[/color:17a22886c5]
Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via één van deze locaties:
[list:17a22886c5][*:17a22886c5]Bleepingcomputer
[*:17a22886c5]ForoSpyware
[*:17a22886c5]Geekstogo[/list:u:17a22886c5]
Hier zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
Voor alle duidelijkheid nogmaals: ComboFix dient vanaf het bureaublad gestart te worden.
Opmerkingen:
[list:17a22886c5][*:17a22886c5] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:17a22886c5]
ComboFix opstarten:
[list:17a22886c5][*:17a22886c5] [color=#0000FF:17a22886c5]Sluit nu eerst alle nog openstaande programmavensters![/color:17a22886c5]
[list:17a22886c5][*:17a22886c5][color=#0000FF:17a22886c5]Windows 2000[/color:17a22886c5] en [color=#0000FF:17a22886c5]Windows XP[/color:17a22886c5]: start ComboFix.exe middels dubbelklik op ComboFix.exe.
[*:17a22886c5][color=#0000FF:17a22886c5]Windows Vista[/color:17a22886c5] en [color=#0000FF:17a22886c5]Windows 7[/color:17a22886c5]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor Als Administrator uitvoeren.[/list:u:17a22886c5][/list:u:17a22886c5]
ComboFix is opgestart:
[list:17a22886c5][*:17a22886c5]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:17a22886c5]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
[*:17a22886c5]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:17a22886c5]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
[*:17a22886c5]Post de inhoud van dit logbestand in je volgende bericht.
[*:17a22886c5]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:17a22886c5]
Belangrijke opmerking:
[list:17a22886c5][*:17a22886c5][color=Red:17a22886c5]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:17a22886c5]
[*:17a22886c5]Illegal operation attempted on a registery key that has been marked for deletion.
[*:17a22886c5][color=Red:17a22886c5]Start dan de computer opnieuw op.[/color:17a22886c5][/list:u:17a22886c5]
[color=#FF0000:17a22886c5]Stap •3•[/color:17a22886c5]
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
[list:17a22886c5][*:17a22886c5] TDSSKStarter-log
[*:17a22886c5] ComboFix.txt-log
[/list:u:17a22886c5]

vlindermeisje 12 februari 2012, 15:34

Hoi Abraham54, bedankt voor je reactie en je hulp.
Ik heb de stappen uitgevoerd:
stap 1
14:31:14.0637 2560 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
14:31:14.0637 2560 ============================================================
14:31:14.0637 2560 Current date / time: 2012/02/12 14:31:14.0637
14:31:14.0637 2560 SystemInfo:
14:31:14.0637 2560
14:31:14.0637 2560 OS Version: 6.1.7601 ServicePack: 1.0
14:31:14.0637 2560 Product type: Workstation
14:31:14.0637 2560 ComputerName: vlindermeisje-LAPTOP
14:31:14.0652 2560 UserName: vlindermeisje
14:31:14.0652 2560 Windows directory: C:\Windows
14:31:14.0652 2560 System windows directory: C:\Windows
14:31:14.0652 2560 Running under WOW64
14:31:14.0652 2560 Processor architecture: Intel x64
14:31:14.0652 2560 Number of processors: 4
14:31:14.0652 2560 Page size: 0x1000
14:31:14.0652 2560 Boot type: Normal boot
14:31:14.0652 2560 ============================================================
14:31:17.0133 2560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:17.0164 2560 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:31:17.0179 2560 \Device\Harddisk0\DR0:
14:31:17.0179 2560 MBR used
14:31:17.0179 2560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:31:17.0179 2560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
14:31:17.0179 2560 \Device\Harddisk1\DR1:
14:31:17.0179 2560 MBR used
14:31:17.0179 2560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
14:31:17.0601 2560 Initialize success
14:31:17.0601 2560 ============================================================
14:31:17.0647 4960 ============================================================
14:31:17.0647 4960 Scan started
14:31:17.0647 4960 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
14:31:17.0647 4960 ============================================================
14:31:22.0639 4960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:31:24.0106 4960 1394ohci - ok
14:31:24.0574 4960 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:31:25.0557 4960 Accelerometer - ok
14:31:26.0134 4960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:31:26.0290 4960 ACPI - ok
14:31:26.0680 4960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:31:26.0851 4960 AcpiPmi - ok
14:31:27.0413 4960 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
14:31:27.0444 4960 adfs - ok
14:31:28.0271 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:31:28.0411 4960 adp94xx - ok
14:31:29.0020 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:31:29.0051 4960 adpahci - ok
14:31:29.0457 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:31:29.0503 4960 adpu320 - ok
14:31:30.0143 4960 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:31:30.0424 4960 AFD - ok
14:31:30.0814 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:31:30.0845 4960 agp440 - ok
14:31:31.0531 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:31:31.0563 4960 aliide - ok
14:31:31.0875 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:31:31.0906 4960 amdide - ok
14:31:32.0218 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:31:32.0374 4960 AmdK8 - ok
14:31:32.0889 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:31:33.0201 4960 AmdPPM - ok
14:31:33.0622 4960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:31:33.0653 4960 amdsata - ok
14:31:34.0199 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:31:34.0324 4960 amdsbs - ok
14:31:35.0057 4960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:31:35.0088 4960 amdxata - ok
14:31:35.0587 4960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:31:35.0728 4960 AppID - ok
14:31:36.0523 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:31:36.0539 4960 arc - ok
14:31:37.0085 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:31:37.0101 4960 arcsas - ok
14:31:37.0912 4960 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
14:31:37.0927 4960 aswFsBlk - ok
14:31:38.0629 4960 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
14:31:38.0645 4960 aswMonFlt - ok
14:31:39.0347 4960 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
14:31:39.0363 4960 aswRdr - ok
14:31:39.0955 4960 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
14:31:40.0065 4960 aswSnx - ok
14:31:40.0470 4960 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
14:31:40.0595 4960 aswSP - ok
14:31:41.0125 4960 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
14:31:41.0141 4960 aswTdi - ok
14:31:41.0687 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:31:41.0968 4960 AsyncMac - ok
14:31:42.0483 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:31:42.0514 4960 atapi - ok
14:31:43.0403 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:31:43.0637 4960 b06bdrv - ok
14:31:43.0996 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:31:44.0214 4960 b57nd60a - ok
14:31:45.0275 4960 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:31:45.0462 4960 BCM43XX - ok
14:31:45.0993 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:31:46.0164 4960 Beep - ok
14:31:46.0476 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:31:46.0554 4960 blbdrive - ok
14:31:47.0053 4960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:31:47.0147 4960 bowser - ok
14:31:47.0553 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:31:47.0662 4960 BrFiltLo - ok
14:31:47.0974 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:31:48.0067 4960 BrFiltUp - ok
14:31:48.0723 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:31:48.0832 4960 Brserid - ok
14:31:49.0378 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:31:49.0503 4960 BrSerWdm - ok
14:31:49.0971 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:31:50.0049 4960 BrUsbMdm - ok
14:31:50.0220 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:31:50.0314 4960 BrUsbSer - ok
14:31:50.0548 4960 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:31:50.0626 4960 BthEnum - ok
14:31:50.0719 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:31:50.0797 4960 BTHMODEM - ok
14:31:50.0985 4960 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:31:51.0125 4960 BthPan - ok
14:31:51.0733 4960 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:31:51.0889 4960 BTHPORT - ok
14:31:52.0295 4960 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:31:52.0482 4960 BTHUSB - ok
14:31:52.0810 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:31:52.0997 4960 cdfs - ok
14:31:53.0496 4960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:31:53.0621 4960 cdrom - ok
14:31:54.0058 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:31:54.0245 4960 circlass - ok
14:31:54.0682 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:31:54.0744 4960 CLFS - ok
14:31:55.0321 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:31:55.0555 4960 CmBatt - ok
14:31:56.0039 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:31:56.0086 4960 cmdide - ok
14:31:56.0460 4960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:31:56.0585 4960 CNG - ok
14:31:57.0100 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:31:57.0131 4960 Compbatt - ok
14:31:57.0615 4960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:31:57.0771 4960 CompositeBus - ok
14:31:58.0348 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:31:58.0363 4960 crcdisk - ok
14:31:59.0081 4960 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:31:59.0237 4960 CSC - ok
14:31:59.0783 4960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:31:59.0939 4960 DfsC - ok
14:32:00.0423 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:32:00.0610 4960 discache - ok
14:32:01.0218 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:32:01.0249 4960 Disk - ok
14:32:01.0749 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:32:01.0889 4960 drmkaud - ok
14:32:02.0419 4960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:32:02.0544 4960 DXGKrnl - ok
14:32:03.0667 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:32:04.0042 4960 ebdrv - ok
14:32:04.0728 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:32:04.0775 4960 elxstor - ok
14:32:05.0446 4960 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
14:32:05.0477 4960 enecir - ok
14:32:05.0945 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:32:06.0195 4960 ErrDev - ok
14:32:07.0162 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:32:07.0411 4960 exfat - ok
14:32:08.0176 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:32:08.0379 4960 fastfat - ok
14:32:09.0143 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:32:09.0252 4960 fdc - ok
14:32:09.0907 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:32:09.0939 4960 FileInfo - ok
14:32:10.0500 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:32:10.0703 4960 Filetrace - ok
14:32:11.0374 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:32:11.0499 4960 flpydisk - ok
14:32:12.0232 4960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:32:12.0372 4960 FltMgr - ok
14:32:12.0934 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:32:12.0965 4960 FsDepends - ok
14:32:13.0230 4960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:32:13.0246 4960 Fs_Rec - ok
14:32:13.0651 4960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:32:13.0683 4960 fvevol - ok
14:32:14.0057 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:32:14.0073 4960 gagp30kx - ok
14:32:14.0665 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:32:14.0743 4960 hcw85cir - ok
14:32:15.0009 4960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:32:15.0149 4960 HdAudAddService - ok
14:32:15.0524 4960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:32:15.0617 4960 HDAudBus - ok
14:32:16.0007 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:32:16.0116 4960 HidBatt - ok
14:32:16.0350 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:32:16.0491 4960 HidBth - ok
14:32:16.0912 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:32:17.0006 4960 HidIr - ok
14:32:17.0286 4960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:32:17.0396 4960 HidUsb - ok
14:32:17.0988 4960 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:32:18.0020 4960 hpdskflt - ok
14:32:18.0628 4960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:32:18.0659 4960 HpSAMD - ok
14:32:19.0080 4960 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
14:32:19.0205 4960 HTCAND64 - ok
14:32:19.0533 4960 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
14:32:19.0564 4960 htcnprot - ok
14:32:19.0907 4960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:32:20.0110 4960 HTTP - ok
14:32:20.0484 4960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:32:20.0516 4960 hwpolicy - ok
14:32:20.0952 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:32:21.0077 4960 i8042prt - ok
14:32:21.0389 4960 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
14:32:21.0420 4960 iaStor - ok
14:32:21.0842 4960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:32:21.0904 4960 iaStorV - ok
14:32:22.0372 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:32:22.0388 4960 iirsp - ok
14:32:22.0622 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:32:22.0637 4960 intelide - ok
14:32:22.0949 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:32:23.0090 4960 intelppm - ok
14:32:23.0464 4960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:32:23.0542 4960 IpFilterDriver - ok
14:32:23.0854 4960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:32:23.0994 4960 IPMIDRV - ok
14:32:24.0322 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:32:24.0587 4960 IPNAT - ok
14:32:25.0008 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:32:25.0149 4960 IRENUM - ok
14:32:25.0773 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:32:25.0788 4960 isapnp - ok
14:32:26.0225 4960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:32:26.0288 4960 iScsiPrt - ok
14:32:26.0631 4960 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
14:32:26.0662 4960 JMCR - ok
14:32:27.0255 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:32:27.0286 4960 kbdclass - ok
14:32:27.0770 4960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:32:27.0832 4960 kbdhid - ok
14:32:28.0253 4960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:32:28.0284 4960 KSecDD - ok
14:32:28.0643 4960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:32:28.0706 4960 KSecPkg - ok
14:32:29.0283 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:32:29.0439 4960 ksthunk - ok
14:32:29.0766 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:32:29.0907 4960 lltdio - ok
14:32:30.0546 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:32:30.0578 4960 LSI_FC - ok
14:32:31.0092 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:32:31.0124 4960 LSI_SAS - ok
14:32:31.0451 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:32:31.0467 4960 LSI_SAS2 - ok
14:32:31.0950 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:32:31.0966 4960 LSI_SCSI - ok
14:32:32.0387 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:32:32.0543 4960 luafv - ok
14:32:33.0120 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:32:33.0152 4960 megasas - ok
14:32:33.0651 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:32:33.0666 4960 MegaSR - ok
14:32:34.0197 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:32:34.0353 4960 Modem - ok
14:32:34.0727 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:32:34.0868 4960 monitor - ok
14:32:35.0304 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:32:35.0320 4960 mouclass - ok
14:32:36.0100 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:32:36.0240 4960 mouhid - ok
14:32:36.0771 4960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:32:36.0786 4960 mountmgr - ok
14:32:37.0114 4960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:32:37.0145 4960 mpio - ok
14:32:37.0691 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:32:37.0785 4960 mpsdrv - ok
14:32:38.0300 4960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:32:38.0409 4960 MRxDAV - ok
14:32:38.0892 4960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:32:38.0986 4960 mrxsmb - ok
14:32:39.0423 4960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:32:39.0797 4960 mrxsmb10 - ok
14:32:40.0593 4960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:32:40.0733 4960 mrxsmb20 - ok
14:32:41.0279 4960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:32:41.0295 4960 msahci - ok
14:32:41.0778 4960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:32:41.0810 4960 msdsm - ok
14:32:42.0324 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:32:42.0465 4960 Msfs - ok
14:32:43.0151 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:32:43.0448 4960 mshidkmdf - ok
14:32:43.0713 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:32:43.0728 4960 msisadrv - ok
14:32:44.0118 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:32:44.0196 4960 MSKSSRV - ok
14:32:44.0742 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:32:44.0805 4960 MSPCLOCK - ok
14:32:45.0320 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:32:45.0507 4960 MSPQM - ok
14:32:46.0037 4960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:32:46.0053 4960 MsRPC - ok
14:32:46.0396 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:32:46.0412 4960 mssmbios - ok
14:32:46.0677 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:32:46.0724 4960 MSTEE - ok
14:32:47.0067 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:32:47.0223 4960 MTConfig - ok
14:32:47.0738 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:32:47.0753 4960 Mup - ok
14:32:48.0393 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:32:48.0502 4960 NativeWifiP - ok
14:32:49.0095 4960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:32:49.0266 4960 NDIS - ok
14:32:49.0532 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:32:49.0703 4960 NdisCap - ok
14:32:49.0953 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:32:50.0078 4960 NdisTapi - ok
14:32:50.0343 4960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:32:50.0530 4960 Ndisuio - ok
14:32:50.0780 4960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:32:50.0842 4960 NdisWan - ok
14:32:51.0248 4960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:32:51.0482 4960 NDProxy - ok
14:32:51.0653 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:32:51.0794 4960 NetBIOS - ok
14:32:52.0215 4960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:32:52.0371 4960 NetBT - ok
14:32:52.0932 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:32:52.0964 4960 nfrd960 - ok
14:32:53.0213 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:32:53.0338 4960 Npfs - ok
14:32:53.0619 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:32:53.0759 4960 nsiproxy - ok
14:32:54.0102 4960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:32:54.0321 4960 Ntfs - ok
14:32:54.0695 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:32:54.0789 4960 Null - ok
14:32:55.0085 4960 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
14:32:55.0101 4960 NVHDA - ok
14:32:59.0157 4960 nvlddmkm (9fc53830053787fad2078f39d3ab68dc) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:32:59.0750 4960 nvlddmkm - ok
14:33:00.0093 4960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:33:00.0140 4960 nvraid - ok
14:33:00.0701 4960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:33:00.0717 4960 nvstor - ok
14:33:01.0310 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:33:01.0356 4960 nv_agp - ok
14:33:01.0590 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:33:03.0790 4960 ohci1394 - ok
14:33:04.0227 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:33:04.0258 4960 Parport - ok
14:33:04.0648 4960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:33:04.0679 4960 partmgr - ok
14:33:05.0288 4960 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
14:33:05.0303 4960 pavboot - ok
14:33:05.0896 4960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:33:05.0927 4960 pci - ok
14:33:06.0458 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:33:06.0473 4960 pciide - ok
14:33:06.0848 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:33:06.0863 4960 pcmcia - ok
14:33:07.0409 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:33:07.0440 4960 pcw - ok
14:33:08.0002 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:33:08.0158 4960 PEAUTH - ok
14:33:08.0486 4960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:33:08.0626 4960 PptpMiniport - ok
14:33:08.0938 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:33:09.0016 4960 Processor - ok
14:33:09.0328 4960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:33:09.0468 4960 Psched - ok
14:33:09.0983 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:33:10.0264 4960 ql2300 - ok
14:33:10.0779 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:33:10.0810 4960 ql40xx - ok
14:33:10.0841 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:33:10.0982 4960 QWAVEdrv - ok
14:33:11.0356 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:33:11.0434 4960 RasAcd - ok
14:33:12.0120 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:33:12.0198 4960 RasAgileVpn - ok
14:33:12.0573 4960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:33:12.0744 4960 Rasl2tp - ok
14:33:13.0041 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:33:13.0166 4960 RasPppoe - ok
14:33:14.0070 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:33:14.0148 4960 RasSstp - ok
14:33:14.0570 4960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:33:14.0757 4960 rdbss - ok
14:33:15.0084 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:33:15.0240 4960 rdpbus - ok
14:33:15.0490 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:33:15.0630 4960 RDPCDD - ok
14:33:15.0818 4960 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:33:15.0974 4960 RDPDR - ok
14:33:16.0566 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:33:16.0613 4960 RDPENCDD - ok
14:33:16.0988 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:33:17.0050 4960 RDPREFMP - ok
14:33:17.0378 4960 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:33:25.0068 4960 RdpVideoMiniport - ok
14:33:25.0318 4960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:33:25.0396 4960 RDPWD - ok
14:33:26.0238 4960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:33:26.0270 4960 rdyboost - ok
14:33:27.0221 4960 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:33:27.0408 4960 RFCOMM - ok
14:33:28.0079 4960 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:33:28.0251 4960 RimUsb - ok
14:33:29.0140 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:33:29.0296 4960 rspndr - ok
14:33:29.0733 4960 RSUSBSTOR - ok
14:33:30.0950 4960 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:33:31.0246 4960 RTL8167 - ok
14:33:32.0073 4960 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:33:32.0322 4960 s3cap - ok
14:33:32.0790 4960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:33:32.0822 4960 sbp2port - ok
14:33:33.0711 4960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:33:33.0914 4960 scfilter - ok
14:33:34.0460 4960 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:33:34.0616 4960 sdbus - ok
14:33:35.0006 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:33:35.0130 4960 secdrv - ok
14:33:35.0583 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:33:35.0630 4960 Serenum - ok
14:33:36.0051 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:33:36.0082 4960 Serial - ok
14:33:36.0566 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:33:36.0597 4960 sermouse - ok
14:33:36.0753 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:33:36.0940 4960 sffdisk - ok
14:33:37.0424 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:33:37.0611 4960 sffp_mmc - ok
14:33:38.0874 4960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:33:39.0842 4960 sffp_sd - ok
14:33:40.0341 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:33:40.0372 4960 sfloppy - ok
14:33:40.0809 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:33:40.0824 4960 SiSRaid2 - ok
14:33:41.0152 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:33:41.0183 4960 SiSRaid4 - ok
14:33:41.0776 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:33:41.0870 4960 Smb - ok
14:33:42.0353 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:33:42.0384 4960 spldr - ok
14:33:42.0540 4960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:33:42.0650 4960 srv - ok
14:33:42.0790 4960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:33:42.0868 4960 srv2 - ok
14:33:42.0977 4960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:33:43.0336 4960 srvnet - ok
14:33:43.0866 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:33:43.0882 4960 stexstor - ok
14:33:44.0397 4960 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
14:33:44.0615 4960 STHDA - ok
14:33:45.0005 4960 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:33:45.0036 4960 storflt - ok
14:33:45.0177 4960 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:33:46.0737 4960 storvsc - ok
14:33:47.0111 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:33:47.0127 4960 swenum - ok
14:33:47.0454 4960 Synth3dVsc - ok
14:33:48.0156 4960 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
14:33:48.0250 4960 SynTP - ok
14:33:49.0311 4960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:33:49.0467 4960 Tcpip - ok
14:33:49.0716 4960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:33:49.0779 4960 TCPIP6 - ok
14:33:50.0216 4960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:33:50.0387 4960 tcpipreg - ok
14:33:50.0668 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:33:50.0840 4960 TDPIPE - ok
14:33:51.0370 4960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:33:51.0432 4960 TDTCP - ok
14:33:52.0025 4960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:33:52.0134 4960 tdx - ok
14:33:52.0353 4960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:33:52.0384 4960 TermDD - ok
14:33:52.0540 4960 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
14:33:52.0665 4960 truecrypt - ok
14:33:53.0070 4960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:33:53.0195 4960 tssecsrv - ok
14:33:53.0304 4960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:33:53.0429 4960 TsUsbFlt - ok
14:33:53.0445 4960 tsusbhub - ok
14:33:53.0648 4960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:33:53.0772 4960 tunnel - ok
14:33:53.0882 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:33:53.0913 4960 uagp35 - ok
14:33:54.0116 4960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:33:54.0209 4960 udfs - ok
14:33:54.0350 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:33:54.0365 4960 uliagpkx - ok
14:33:54.0662 4960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:33:54.0802 4960 umbus - ok
14:33:55.0052 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:33:55.0083 4960 UmPass - ok
14:33:55.0676 4960 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:33:55.0832 4960 usbaudio - ok
14:33:56.0768 4960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:33:56.0970 4960 usbccgp - ok
14:33:58.0312 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:33:58.0452 4960 usbcir - ok
14:33:58.0764 4960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:33:58.0936 4960 usbehci - ok
14:33:59.0295 4960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:33:59.0466 4960 usbhub - ok
14:33:59.0716 4960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:33:59.0747 4960 usbohci - ok
14:34:00.0090 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:34:00.0215 4960 usbprint - ok
14:34:00.0761 4960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:34:00.0917 4960 USBSTOR - ok
14:34:01.0510 4960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:34:01.0572 4960 usbuhci - ok
14:34:01.0806 4960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:34:01.0900 4960 usbvideo - ok
14:34:01.0947 4960 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
14:34:02.0056 4960 usb_rndisx - ok
14:34:02.0430 4960 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:34:02.0462 4960 VBoxNetAdp - ok
14:34:02.0633 4960 VBoxNetFlt - ok
14:34:02.0883 4960 VBoxUSB (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys
14:34:02.0898 4960 VBoxUSB - ok
14:34:03.0476 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:34:03.0491 4960 vdrvroot - ok
14:34:03.0772 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:34:03.0912 4960 vga - ok
14:34:04.0053 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:34:04.0224 4960 VgaSave - ok
14:34:04.0864 4960 VGPU - ok
14:34:05.0145 4960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:34:05.0176 4960 vhdmp - ok
14:34:05.0441 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:34:05.0457 4960 viaide - ok
14:34:05.0691 4960 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:34:05.0722 4960 vmbus - ok
14:34:06.0143 4960 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:34:06.0393 4960 VMBusHID - ok
14:34:06.0845 4960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:34:06.0876 4960 volmgr - ok
14:34:07.0173 4960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:34:07.0360 4960 volmgrx - ok
14:34:07.0719 4960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:34:07.0766 4960 volsnap - ok
14:34:08.0280 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:34:08.0327 4960 vsmraid - ok
14:34:08.0920 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:34:09.0092 4960 vwifibus - ok
14:34:09.0622 4960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:34:09.0965 4960 vwififlt - ok
14:34:10.0293 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:34:10.0418 4960 WacomPen - ok
14:34:10.0621 4960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:34:11.0510 4960 WANARP - ok
14:34:11.0666 4960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:34:11.0728 4960 Wanarpv6 - ok
14:34:12.0196 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:34:12.0227 4960 Wd - ok
14:34:12.0508 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:34:12.0571 4960 Wdf01000 - ok
14:34:12.0976 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:34:16.0783 4960 WfpLwf - ok
14:34:17.0095 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:34:17.0126 4960 WIMMount - ok
14:34:17.0672 4960 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
14:34:17.0859 4960 WINUSB - ok
14:34:18.0467 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:34:18.0608 4960 WmiAcpi - ok
14:34:19.0013 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:34:19.0216 4960 ws2ifsl - ok
14:34:19.0731 4960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:34:20.0183 4960 WudfPf - ok
14:34:20.0480 4960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:34:20.0558 4960 WUDFRd - ok
14:34:20.0636 4960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:34:20.0932 4960 \Device\Harddisk0\DR0 - ok
14:34:20.0932 4960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:34:21.0556 4960 \Device\Harddisk1\DR1 - ok
14:34:21.0572 4960 Boot (0x1200) (191c58afcbcc48a0877afcf304945e65) \Device\Harddisk0\DR0\Partition0
14:34:21.0572 4960 \Device\Harddisk0\DR0\Partition0 - ok
14:34:21.0587 4960 Boot (0x1200) (d49058e2d2b9cc411d9d7edcee4aada4) \Device\Harddisk0\DR0\Partition1
14:34:21.0587 4960 \Device\Harddisk0\DR0\Partition1 - ok
14:34:21.0587 4960 Boot (0x1200) (0d62821303dfbe6b60a7014e59e09559) \Device\Harddisk1\DR1\Partition0
14:34:21.0587 4960 \Device\Harddisk1\DR1\Partition0 - ok
14:34:21.0587 4960 ============================================================
14:34:21.0587 4960 Scan finished
14:34:21.0587 4960 ============================================================
14:34:23.0943 3576 Deinitialize success

==============================================
Last Created System Restore Point
==============================================
No restore point in system.
==============================================
EOF
Stap 2
ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 15:04:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.247 [GMT 1:00]
Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 13:30 . 2012-02-12 13:34 -------- d-----w- C:\TDSSStarter
2012-02-12 09:12 . 2012-02-12 09:12 -------- d-----w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics
2012-02-12 09:11 . 2012-02-12 09:11 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Diagnostics
2012-02-11 05:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll
2012-02-06 20:05 . 2012-02-06 20:05 -------- d-----w- c:\windows\system32\appmgmt
2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\ESET
2012-02-06 19:26 . 2012-02-06 19:26 388096 ----a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 19:26 . 2012-02-06 19:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-05 17:48 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-05 17:48 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 17:47 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-05 17:47 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-05 17:47 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-05 17:47 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-05 08:34 . 2012-02-05 08:34 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes
2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 08:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 14:17 . 2012-02-03 14:17 -------- d-----w- c:\users\vlindermeisje\Logitech
2012-02-03 14:16 . 2012-02-03 14:17 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Logitech
2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2012-02-03 14:15 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-03 14:15 . 2012-02-03 14:15 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-03 14:15 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-03 14:15 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-03 14:15 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-03 14:15 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-03 14:15 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-02-03 14:15 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-03 14:15 . 2012-02-03 14:15 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-01-28 10:20 . 2012-01-28 10:20 -------- d-----w- c:\users\vlindermeisje\VirtualBox VMs
2012-01-28 10:19 . 2012-02-04 16:53 -------- d-----w- c:\users\vlindermeisje\.VirtualBox
2012-01-28 10:18 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-01-28 10:18 . 2012-02-05 16:05 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-28 10:18 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-01-27 19:25 . 2012-01-27 20:23 -------- d-----w- C:\android_root
2012-01-27 18:18 . 2012-01-27 18:23 -------- d-----w- c:\users\vlindermeisje\.android
2012-01-27 18:17 . 2012-01-27 18:17 -------- d-----w- c:\program files (x86)\Android
2012-01-27 18:16 . 2012-02-05 16:05 -------- d-----w- c:\program files\Oracle
2012-01-27 18:15 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-27 18:15 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 18:13 . 2012-01-27 18:15 -------- d-----w- c:\program files\Java
2012-01-27 18:13 . 2012-02-06 18:41 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Htc
2012-01-27 18:13 . 2012-01-27 18:14 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\HTC
2012-01-27 18:10 . 2012-01-27 18:10 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations
2012-01-27 18:09 . 2012-01-27 18:09 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-01-27 18:09 . 2012-01-27 18:12 -------- d-----w- c:\program files (x86)\HTC
2012-01-21 19:04 . 2012-01-25 17:54 -------- d-----w- c:\users\vlindermeisje\.freemind
2012-01-21 19:04 . 2012-01-21 19:04 -------- d-----w- c:\program files (x86)\FreeMind
2012-01-19 12:46 . 2012-01-19 12:46 -------- d-----w- c:\program files (x86)\KeyTweak
2012-01-15 12:07 . 2012-02-12 07:47 -------- d-----r- c:\users\vlindermeisje\Dropbox
2012-01-15 12:05 . 2012-02-12 07:47 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-11-05 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 16:02 . 2012-01-04 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 12:45 . 2011-12-19 12:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-12-16 21:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-14 22:26 . 2011-12-14 22:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-14 22:26 . 2011-12-14 22:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-14 22:26 . 2011-12-14 22:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-14 22:26 . 2011-12-14 22:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-14 22:26 . 2011-12-14 22:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-14 22:26 . 2011-12-14 22:26 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-14 22:26 . 2011-12-14 22:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-14 22:26 . 2011-12-14 22:26 448512 ----a-w- c:\windows\system32\html.iec
2011-12-14 22:26 . 2011-12-14 22:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-14 22:26 . 2011-12-14 22:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-14 22:26 . 2011-12-14 22:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-14 22:26 . 2011-12-14 22:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 22:26 . 2011-12-14 22:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-14 22:26 . 2011-12-14 22:26 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 22:26 . 2011-12-14 22:26 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-14 22:26 . 2011-12-14 22:26 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 22:26 . 2011-12-14 22:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-14 22:26 . 2011-12-14 22:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-14 22:26 . 2011-12-14 22:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-14 22:26 . 2011-12-14 22:26 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-14 22:26 . 2011-12-14 22:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-14 22:26 . 2011-12-14 22:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-14 22:26 . 2011-12-14 22:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 22:26 . 2011-12-14 22:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-14 22:26 . 2011-12-14 22:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 22:26 . 2011-12-14 22:26 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 22:26 . 2011-12-14 22:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-14 22:26 . 2011-12-14 22:26 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-14 22:26 . 2011-12-14 22:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-14 22:26 . 2011-12-14 22:26 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-14 22:26 . 2011-12-14 22:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 22:26 . 2011-12-14 22:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-14 22:26 . 2011-12-14 22:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-14 22:26 . 2011-12-14 22:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-07 21:49 . 2011-12-07 21:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-11-05 13:23 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 04:52 . 2011-12-14 18:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 10:09 . 2011-12-10 18:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-11-19 14:58 . 2012-01-11 14:17 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 14:17 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-12 19:50 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-12 19:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-12 19:50 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 14:17 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-12 19:50 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-12 19:50 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-12 19:50 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-12 19:50 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-12 19:50 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-12 19:50 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-12 19:50 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 14:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-12 19:50 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-12 19:50 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-12 19:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-12 19:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 53620504
*Deregistered* - 53620504
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
.
2012-02-01 c:\windows\Tasks\SyncBack Monthly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-11 c:\windows\Tasks\SyncBack Nightly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-05 c:\windows\Tasks\SyncBack Weekly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil

Abraham54 12 februari 2012, 15:40

Het log van ComboFix is niet compleet!
Maar doe nu eerst het volgende:
Welk programma: "aswMBR.exe'
Waarvoor/waarom: MBR-Rootkitscanner
Moeilijkheidsgraad: geen
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
Download aswMBR.exe hier.
aswMBR.exe gebruiken:
[list:87c5b3fca9][*:87c5b3fca9]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
[*:87c5b3fca9]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor Als Administrator uitvoeren.[/list:u:87c5b3fca9]
[list:87c5b3fca9][*:87c5b3fca9] Klik in het volgende venster op "Nee"[/list:u:87c5b3fca9]


[list:87c5b3fca9][*:87c5b3fca9] Klik nu in het zwarte scherm op de knop Scan
[*:87c5b3fca9] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop Save log[/list:u:87c5b3fca9]

[list:87c5b3fca9][*:87c5b3fca9] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
[*:87c5b3fca9] Tevens vindt je nu op het bureaublad ook het bestand MBR.dat!
[*:87c5b3fca9] MBR.dat is een backupbestand, bewaar dat dus voorlopig.
[*:87c5b3fca9] Ook op het bureaublad staat een kladbloktekst-document genaamd aswMBR.txt[*:87c5b3fca9] Post de inhoud van aswMBR.txt in jouw volgende bericht.[/list:u:87c5b3fca9]
N.B.: zorg er voor dat externe HD's/USB-sticks eerst worden verwijderd.

vlindermeisje 12 februari 2012, 16:04

Ik zie het. Ik zal 'm nogmaals plaatsen. Heb eerst aswMBR.exe gedraaid:
aswMBR:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 15:45:47
-----------------------------
15:45:47.905 OS Version: Windows x64 6.1.7601 Service Pack 1
15:45:47.905 Number of processors: 4 586 0x2502
15:45:47.905 ComputerName: vlindermeisje-LAPTOP UserName: vlindermeisje
15:45:54.098 Initialize success
15:45:55.643 AVAST engine defs: 12021200
15:46:06.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:46:06.001 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
15:46:06.017 Disk 0 MBR read successfully
15:46:06.017 Disk 0 MBR scan
15:46:06.048 Disk 0 Windows 7 default MBR code
15:46:06.063 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:46:06.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
15:46:06.079 Service scanning
15:46:10.353 Modules scanning
15:46:10.353 Disk 0 trace - called modules:
15:46:10.385 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
15:46:10.385 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800583f060]
15:46:10.400 3 CLASSPNP.SYS[fffff88001b6b43f] -> nt!IofCallDriver -> [0xfffffa80056d9b10]
15:46:10.416 5 hpdskflt.sys[fffff88001b12189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a14050]
15:46:11.711 AVAST engine scan C:\Windows
15:46:15.158 AVAST engine scan C:\Windows\system32
15:49:45.072 AVAST engine scan C:\Windows\system32\drivers
15:50:00.360 AVAST engine scan C:\Users\vlindermeisje
15:59:09.668 AVAST engine scan C:\ProgramData
15:59:49.979 Scan finished successfully
16:00:51.693 Disk 0 MBR has been saved successfully to "C:\Users\vlindermeisje\Desktop\MBR.dat"
16:00:51.708 The log file has been saved successfully to "C:\Users\vlindermeisje\Desktop\aswMBR.txt"
combofix poging 2:
ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 15:04:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.247 [GMT 1:00]
Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 13:30 . 2012-02-12 13:34 -------- d-----w- C:\TDSSStarter
2012-02-12 09:12 . 2012-02-12 09:12 -------- d-----w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics
2012-02-12 09:11 . 2012-02-12 09:11 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Diagnostics
2012-02-11 05:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll
2012-02-06 20:05 . 2012-02-06 20:05 -------- d-----w- c:\windows\system32\appmgmt
2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\ESET
2012-02-06 19:26 . 2012-02-06 19:26 388096 ----a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 19:26 . 2012-02-06 19:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-05 17:48 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-05 17:48 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 17:47 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-05 17:47 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-05 17:47 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-05 17:47 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-05 08:34 . 2012-02-05 08:34 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes
2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 08:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 14:17 . 2012-02-03 14:17 -------- d-----w- c:\users\vlindermeisje\Logitech
2012-02-03 14:16 . 2012-02-03 14:17 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Logitech
2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2012-02-03 14:15 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-03 14:15 . 2012-02-03 14:15 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-03 14:15 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-03 14:15 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-03 14:15 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-03 14:15 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-03 14:15 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-02-03 14:15 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-03 14:15 . 2012-02-03 14:15 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-01-28 10:20 . 2012-01-28 10:20 -------- d-----w- c:\users\vlindermeisje\VirtualBox VMs
2012-01-28 10:19 . 2012-02-04 16:53 -------- d-----w- c:\users\vlindermeisje\.VirtualBox
2012-01-28 10:18 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-01-28 10:18 . 2012-02-05 16:05 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-28 10:18 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-01-27 19:25 . 2012-01-27 20:23 -------- d-----w- C:\android_root
2012-01-27 18:18 . 2012-01-27 18:23 -------- d-----w- c:\users\vlindermeisje\.android
2012-01-27 18:17 . 2012-01-27 18:17 -------- d-----w- c:\program files (x86)\Android
2012-01-27 18:16 . 2012-02-05 16:05 -------- d-----w- c:\program files\Oracle
2012-01-27 18:15 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-27 18:15 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 18:13 . 2012-01-27 18:15 -------- d-----w- c:\program files\Java
2012-01-27 18:13 . 2012-02-06 18:41 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Htc
2012-01-27 18:13 . 2012-01-27 18:14 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\HTC
2012-01-27 18:10 . 2012-01-27 18:10 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations
2012-01-27 18:09 . 2012-01-27 18:09 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-01-27 18:09 . 2012-01-27 18:12 -------- d-----w- c:\program files (x86)\HTC
2012-01-21 19:04 . 2012-01-25 17:54 -------- d-----w- c:\users\vlindermeisje\.freemind
2012-01-21 19:04 . 2012-01-21 19:04 -------- d-----w- c:\program files (x86)\FreeMind
2012-01-19 12:46 . 2012-01-19 12:46 -------- d-----w- c:\program files (x86)\KeyTweak
2012-01-15 12:07 . 2012-02-12 07:47 -------- d-----r- c:\users\vlindermeisje\Dropbox
2012-01-15 12:05 . 2012-02-12 07:47 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-11-05 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 16:02 . 2012-01-04 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 12:45 . 2011-12-19 12:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-12-16 21:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-14 22:26 . 2011-12-14 22:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-14 22:26 . 2011-12-14 22:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-14 22:26 . 2011-12-14 22:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-14 22:26 . 2011-12-14 22:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-14 22:26 . 2011-12-14 22:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-14 22:26 . 2011-12-14 22:26 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-14 22:26 . 2011-12-14 22:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-14 22:26 . 2011-12-14 22:26 448512 ----a-w- c:\windows\system32\html.iec
2011-12-14 22:26 . 2011-12-14 22:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-14 22:26 . 2011-12-14 22:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-14 22:26 . 2011-12-14 22:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-14 22:26 . 2011-12-14 22:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 22:26 . 2011-12-14 22:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-14 22:26 . 2011-12-14 22:26 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 22:26 . 2011-12-14 22:26 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-14 22:26 . 2011-12-14 22:26 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 22:26 . 2011-12-14 22:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-14 22:26 . 2011-12-14 22:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-14 22:26 . 2011-12-14 22:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-14 22:26 . 2011-12-14 22:26 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-14 22:26 . 2011-12-14 22:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-14 22:26 . 2011-12-14 22:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-14 22:26 . 2011-12-14 22:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 22:26 . 2011-12-14 22:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-14 22:26 . 2011-12-14 22:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 22:26 . 2011-12-14 22:26 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 22:26 . 2011-12-14 22:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-14 22:26 . 2011-12-14 22:26 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-14 22:26 . 2011-12-14 22:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-14 22:26 . 2011-12-14 22:26 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-14 22:26 . 2011-12-14 22:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 22:26 . 2011-12-14 22:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-14 22:26 . 2011-12-14 22:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-14 22:26 . 2011-12-14 22:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-07 21:49 . 2011-12-07 21:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-11-05 13:23 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 04:52 . 2011-12-14 18:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 10:09 . 2011-12-10 18:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-11-19 14:58 . 2012-01-11 14:17 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 14:17 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-12 19:50 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-12 19:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-12 19:50 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 14:17 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-12 19:50 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-12 19:50 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-12 19:50 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-12 19:50 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-12 19:50 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-12 19:50 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-12 19:50 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 14:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-12 19:50 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-12 19:50 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-12 19:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-12 19:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 53620504
*Deregistered* - 53620504
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
.
2012-02-01 c:\windows\Tasks\SyncBack Monthly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-11 c:\windows\Tasks\SyncBack Nightly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-05 c:\windows\Tasks\SyncBack Weekly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-02-12 15:21:18
ComboFix-quarantined-files.txt 2012-02-12 14:21
.
Pre-Run: 11.856.023.552 bytes free
Post-Run: 11.786.752.000 bytes free
.
- - End Of File - - 066145A7AA612E3BB173F290FA2C75B8

Abraham54 12 februari 2012, 16:16

Er is nog een onderdeel van een vorige Panda installatie in jouw Windows.
Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster
[color=#0000FF:65aff76428]ClearJavaCache::
File::
c:\windows\system32\drivers\pavboot64.sys
Driver::
pavboot64[/color:65aff76428]

Sla dit kladblokbestand op je bureaublad op als CFScript.txt.
[color=#FF0000:65aff76428]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:65aff76428]
Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt
Belangrijke opmerking:
[list:65aff76428][*:65aff76428][color=#FF0000:65aff76428]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:65aff76428]
[*:65aff76428][color=#0000FF:65aff76428]Illegal operation attempted on a registery key that has been marked for deletion.[/color:65aff76428]
[*:65aff76428][color=#FF0000:65aff76428]Start dan de computer opnieuw op.[/color:65aff76428][/list:u:65aff76428]

vlindermeisje 12 februari 2012, 17:00

Ik heb dat gedaan. Ik snap alleen niet wat je bedoelt met het posten via de kleurcodeerder. Hier de log:
ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 16:22:52.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.2365 [GMT 1:00]
Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\vlindermeisje\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\pavboot64.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\pavboot64.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_pavboot
-------\Service_pavboot
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 13:30 . 2012-02-12 13:34 -------- d-----w- C:\TDSSStarter
2012-02-12 09:12 . 2012-02-12 09:12 -------- d-----w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics
2012-02-12 09:11 . 2012-02-12 09:11 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Diagnostics
2012-02-11 05:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll
2012-02-06 20:05 . 2012-02-06 20:05 -------- d-----w- c:\windows\system32\appmgmt
2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\ESET
2012-02-06 19:26 . 2012-02-06 19:26 388096 ----a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 19:26 . 2012-02-06 19:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-05 17:48 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-05 17:48 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 17:47 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-05 17:47 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-05 17:47 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-05 17:47 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-05 08:34 . 2012-02-05 08:34 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes
2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 08:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 14:17 . 2012-02-03 14:17 -------- d-----w- c:\users\vlindermeisje\Logitech
2012-02-03 14:16 . 2012-02-03 14:17 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Logitech
2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2012-02-03 14:15 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-03 14:15 . 2012-02-03 14:15 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-03 14:15 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-03 14:15 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-03 14:15 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-03 14:15 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-03 14:15 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-02-03 14:15 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-03 14:15 . 2012-02-03 14:15 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-01-28 10:20 . 2012-01-28 10:20 -------- d-----w- c:\users\vlindermeisje\VirtualBox VMs
2012-01-28 10:19 . 2012-02-04 16:53 -------- d-----w- c:\users\vlindermeisje\.VirtualBox
2012-01-28 10:18 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-01-28 10:18 . 2012-02-05 16:05 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-28 10:18 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-01-27 19:25 . 2012-01-27 20:23 -------- d-----w- C:\android_root
2012-01-27 18:18 . 2012-01-27 18:23 -------- d-----w- c:\users\vlindermeisje\.android
2012-01-27 18:17 . 2012-01-27 18:17 -------- d-----w- c:\program files (x86)\Android
2012-01-27 18:16 . 2012-02-05 16:05 -------- d-----w- c:\program files\Oracle
2012-01-27 18:15 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-27 18:15 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 18:13 . 2012-01-27 18:15 -------- d-----w- c:\program files\Java
2012-01-27 18:13 . 2012-02-06 18:41 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Htc
2012-01-27 18:13 . 2012-01-27 18:14 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\HTC
2012-01-27 18:10 . 2012-01-27 18:10 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations
2012-01-27 18:09 . 2012-01-27 18:09 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-01-27 18:09 . 2012-01-27 18:12 -------- d-----w- c:\program files (x86)\HTC
2012-01-21 19:04 . 2012-01-25 17:54 -------- d-----w- c:\users\vlindermeisje\.freemind
2012-01-21 19:04 . 2012-01-21 19:04 -------- d-----w- c:\program files (x86)\FreeMind
2012-01-19 12:46 . 2012-01-19 12:46 -------- d-----w- c:\program files (x86)\KeyTweak
2012-01-15 12:07 . 2012-02-12 07:47 -------- d-----r- c:\users\vlindermeisje\Dropbox
2012-01-15 12:05 . 2012-02-12 07:47 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2011-11-05 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 16:02 . 2012-01-04 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 12:45 . 2011-12-19 12:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-12-16 21:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-14 22:26 . 2011-12-14 22:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-14 22:26 . 2011-12-14 22:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-14 22:26 . 2011-12-14 22:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-14 22:26 . 2011-12-14 22:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-14 22:26 . 2011-12-14 22:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-14 22:26 . 2011-12-14 22:26 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-14 22:26 . 2011-12-14 22:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-14 22:26 . 2011-12-14 22:26 448512 ----a-w- c:\windows\system32\html.iec
2011-12-14 22:26 . 2011-12-14 22:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-14 22:26 . 2011-12-14 22:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-14 22:26 . 2011-12-14 22:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-14 22:26 . 2011-12-14 22:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 22:26 . 2011-12-14 22:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-14 22:26 . 2011-12-14 22:26 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 22:26 . 2011-12-14 22:26 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-14 22:26 . 2011-12-14 22:26 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 22:26 . 2011-12-14 22:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-14 22:26 . 2011-12-14 22:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-14 22:26 . 2011-12-14 22:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-14 22:26 . 2011-12-14 22:26 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-14 22:26 . 2011-12-14 22:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-14 22:26 . 2011-12-14 22:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-14 22:26 . 2011-12-14 22:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 22:26 . 2011-12-14 22:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-14 22:26 . 2011-12-14 22:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 22:26 . 2011-12-14 22:26 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 22:26 . 2011-12-14 22:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-14 22:26 . 2011-12-14 22:26 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-14 22:26 . 2011-12-14 22:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-14 22:26 . 2011-12-14 22:26 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-14 22:26 . 2011-12-14 22:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 22:26 . 2011-12-14 22:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-14 22:26 . 2011-12-14 22:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-14 22:26 . 2011-12-14 22:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-07 21:49 . 2011-12-07 21:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-11-05 13:23 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 04:52 . 2011-12-14 18:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 10:09 . 2011-12-10 18:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-11-19 14:58 . 2012-01-11 14:17 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 14:17 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-12 19:50 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-12 19:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-12 19:50 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 14:17 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-12 19:50 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-12 19:50 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-12 19:50 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-12 19:50 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-12 19:50 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-12 19:50 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-12 19:50 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 14:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-12 19:50 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-12 19:50 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-12 19:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-12 19:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_14.17.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-12 15:34 33706 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-05 13:30 . 2012-02-12 15:34 8662 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1447412775-543404776-4026076476-1000_UserData.bin
- 2012-02-12 07:46 . 2012-02-12 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-12 15:32 . 2012-02-12 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-12 07:46 . 2012-02-12 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-12 15:32 . 2012-02-12 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-11 21:07 480184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-12 15:31 480184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-05 14:59 . 2012-02-12 15:31 33839820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1447412775-543404776-4026076476-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
.
2012-02-01 c:\windows\Tasks\SyncBack Monthly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-11 c:\windows\Tasks\SyncBack Nightly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
2012-02-05 c:\windows\Tasks\SyncBack Weekly.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896]
"combofix"="c:\combofix\CF29422.3XE" [2010-11-20 345088]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-12 16:48:35 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-12 15:48
ComboFix2.txt 2012-02-12 14:21
.
Pre-Run: 11.831.844.864 bytes free
Post-Run: 11.630.362.624 bytes free
.
- - End Of File - - 0EBA08F9DC28C32FA252D84CF9B531A3

Abraham54 12 februari 2012, 18:03

Hoe heeft jouw Windows op de laatste ComboFixscan gereageerd?

vlindermeisje 12 februari 2012, 19:58

Geen echte verandering. Virusscanner wordt op dit moment wel herkend door Windows (maar hiervoor ook af en toe dus weet nog niet of dat is opgelost). Hij blijft echter (ongeveer 75% van de tijd) ontzettend traag. Op dit moment is hij ook erg traag en zit op de 94 tot 99% physical memory use.

Abraham54 12 februari 2012, 20:30

Dan gaan we naar de volgende stap:
Download de [color=#FF0000:979c725642]Emsisoft Emergency Kit[/color:979c725642] naar het bureaublad en pak het ZIP bestand uit.
[list:979c725642]
[*:979c725642] Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
[*:979c725642] Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"

[*:979c725642] Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
[*:979c725642] Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
[*:979c725642] Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
[*:979c725642] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
Opmerking:
Als u deze melding ziet.
C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
[*:979c725642] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"

[*:979c725642] Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
[*:979c725642] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
[*:979c725642] Herstart nu de computer.[/list:u:979c725642]

vlindermeisje 13 februari 2012, 20:52

Hier is de log:
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 12-2-2012 20:44:50
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 12-2-2012 20:45:23
C:\Users\vlindermeisje\Documents\Backups\Desktop\B&w\Black And White - Keygen.exe Ontdekt: Riskware.Keygen.BlackAnd.White!IK
Gescand
Bestanden: 1150982
Sporen: 404391
Cookies: 147
Processen: 59
Gevonden
Bestanden: 1
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 13-2-2012 0:23:10
Scantijd: 3:37:47

vlindermeisje 13 februari 2012, 21:06

Heb zojuist weer melding gekregen dat virusscanner en Windows Defender zijn uitgeschakeld. Ook dat is dus nog steeds aanwezig.

Abraham54 13 februari 2012, 21:47

Dat je in ieder geval een keygen hebt gebruikt, zegt al veel over de problemen!
de ESET online scan (Klik).
[list:c29fae96bf]
[*:c29fae96bf]Klik op de knop ESET Online Scanner
[*:c29fae96bf]Zet een vinkje bij YES, I accept the Terms of Use
[*:c29fae96bf]Klik op Start
[*:c29fae96bf]Sta het ActiveX control toe om te installeren.
[*:c29fae96bf]Zet een vinkje bij de volgende opties:
[list:c29fae96bf][*:c29fae96bf]Remove found threats
[*:c29fae96bf]Scan archives[/list:u:c29fae96bf]
[*:c29fae96bf]Klik vervolgens op [color=#0000FF:c29fae96bf]"Advanced Settings"[/color:c29fae96bf]
[list:c29fae96bf][*:c29fae96bf]Scan for potentially unwanted applications
[*:c29fae96bf]Scan for potentially unsafe applications
[*:c29fae96bf]Enable Anti-Stealth technology [/list:u:c29fae96bf]
[*:c29fae96bf]Klik op Start
[*:c29fae96bf]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
[*:c29fae96bf]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
[*:c29fae96bf]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
[*:c29fae96bf]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:c29fae96bf]
[color=#0000FF:c29fae96bf]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/color:c29fae96bf]

vlindermeisje 14 februari 2012, 06:37

Ik denk dat dat wel meevalt. Die keygen is van minstens 2 jaar geleden (wist niet eens dat hij er nog op stond, zal met een back-up mee zijn gegaan) en heb ik op deze installatie (2 maanden oud) niet gebruikt. Ik kan me dus niet voorstellen dat deze spontaan na meer dan 2 jaar opeens problemen oplevert. Maar kan me natuurlijk vergissen. ;-)
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13a10c0234825842bf34666a9b471ed6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-14 12:06:30
# local_time=2012-02-14 01:06:30 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 613509 613509 0 0
# compatibility_mode=5893 16776573 100 94 7529 80796165 0 0
# compatibility_mode=8192 67108863 100 0 612039 612039 0 0
# scanned=273242
# found=0
# cleaned=0
# scan_time=11675

Abraham54 14 februari 2012, 09:57

Hoi vlindermeisje, wat betreft je opmerking over die keygen: ik ben blij dat je deze niet gebruikt gebruikt hebt.
Verwijder dan ook die bestanden met die keygen volledig.
En gebruik verder ook geen keygens, cracks enz., om op die wijze niet bloot te staan aan besmettingen in Windows!
Een opmerking: Windows Defender is niet noodzakelijk bij gebruik van Avast!
[color=#0000FF:50d956f995]Windows Defender deaktiveren[/color:50d956f995]
Daarvoor ga je naar "Start\Uitvoeren" en de opdracht luidt: services.msc.
Klik op de knop OK.
N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.
In het venster Services scroll je naar [color=#0000FF:50d956f995]Windows Defender[/color:50d956f995].
Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd".
Klik nu eerst op de knop Toepassen; vervolgens klik je op de knop Stoppen, wacht even en klik uiteindelijk op OK.
Daarna mag je het venster Services weer sluiten.
Wat betreft Avast. mogelijk is Avast beschadigd.
Installeer Avast dan ook opnieuw; het kan zijn dat je daarvoor eerst Avast moet deïnstalleren.
Downloadlink Avast 6 Free

vlindermeisje 14 februari 2012, 20:34

Deze heb ik inderdaad ondertussen verwijderd, ook van al mijn back-ups. Keygens ben ik inderdaad al een flinke tijd van afgestapt.
Ik heb Windows Defender gedeactiveerd. Avast had ik al opnieuw geinstalleerd voor het plaatsen van dit topic maar ik zal dit voor de zekerheid nogmaals proberen.

Abraham54 15 februari 2012, 11:03

Post maar een nieuw Hijack This-log.

vlindermeisje 16 februari 2012, 20:08

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:05, on 16-2-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12113 bytes

Abraham54 16 februari 2012, 20:30

Ziet er goed uit, alleen Avast webrep mis ik.
Ondervindt jij nog problemen?
Zoja, welke precies?

vlindermeisje 17 februari 2012, 18:56

Nog steeds dezelfde problemen (traag, bijna 100 procent memory-use) en een nieuw probleem. Ik krijg bij het intypen van CTRL-ALT-DEL sinds gisteren de melding: "the logon process was unable to display security and logon options when CTRL + ALT + DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch."
Begin me af te vragen of m'n laptop niet gewoon defect is. Melding nog niet kunnen googlen want ik ben een chkdsk aan het doen en typ dit op een kleine telefoon.

Marc H 17 februari 2012, 19:24

Zet je Torrent client eens uit, en ga eens kijken of je dan nog problemen hebt.
C:\Program Files (x86)\uTorrent\uTorrent.exe

vlindermeisje 17 februari 2012, 20:26

Ook zonder uTorrent heb ik deze problemen.
edit: Ik weet niet of het iets zegt, maar in de veilige modus (waar ik nu in zit) heb ik geen problemen.

Marc H 17 februari 2012, 22:02

Ja, dat zegt zeker wel iets. Als hij in veilige mode goed werkt, is er zo op het eerste gezicht niets kapot in je computer, maar is er een programma actief wat niet goed draait.
kan je eens kijken welke processen veel tijd gebruiken als de computer traag is?
Start taakbeheer, en tabblad processen en dan even processen van alle gebruikers aanzetten, en dan bij beeld "Kolommen selecteren..." kiezen, en dan een vinkje plaatsen voor "Processortijd" en "Geheugen - Piekwerkset".
Je kan door op de kopjes in de tabel sorteren op de verschillende kolommen. Naximaliseer het venster en maak dan twee print screens, een met de kolom processortijd gesorteerd, en een met de kolom Piekwerkset(geheugen) gesorteerd. (beide sorteren met het pijltje naar beneden wijzend).
Je kan beide print screens in mijn dropbox uploaden.

vlindermeisje 17 februari 2012, 22:43

Bedankt, ze staan erin.

Marc H 17 februari 2012, 23:34

Even snel gekeken, maar zie zo 1,2,3 geen dingen die bij mij een lampje doen branden. Processorbelasting is vrij normaal, zo te zien.
Ik zie wel dat je nog heel weinig geheugen vrij hebt, maar dat wist je al.
Gaan we maar eens wat gedetaileerder kijken.
Kan je even RAMmap bij microsoft downloaden: http://technet.microsoft.com/en-us/sysinternals/ff700229
als dat programma is opgestart, kan je de data opslaan als logbestand. Dit bestand kan redelijk groot zijn. graag weer in mijn dropbox.

Abraham54 18 februari 2012, 09:50

Hoi vlindermeisje, mogelijk is iets in jouw Windows net zo hyperaktief zo als ik elders bij iemand heb ontdekt.
Download en ga Process Explorer v15.13 gebruiken!
http://technet.microsoft.com/en-us/sysinternals/bb896653
Zo ziet het er bij mij uit:

In het andere topic was dit proces - wmpnetwk.exe de grote boosdoener - dit is namelijk de Windows Mediaplayer Netwerkservice.

vlindermeisje 18 februari 2012, 12:06

Beste Abraham54 en Marc H,
Ik denk dat ik het probleem heb gevonden, alhoewel ik niet snap hoe dat kan. Ik had een bepaald mkv-bestand op mijn desktop staan. Ik zag in de resource monitor dat dit bestand voortdurend werd gelezen (zonder 'm geopend te hebben). Na het verplaatsen naar een andere map en rebooten functioneert mijn laptop weer normaal. Zodra ik dit mkv-bestand vanuit die map open in VLC krijg ik weer exact dezelfde problemen. Deze blijven bestaan tot ik mijn laptop opnieuw heb opgestart (zelfs als ik VLC weer sluit). Met ander mkv-bestanden van ongeveer dezelfde grootte (16 GB) heb ik dit probleem niet.
Ik weet nog niet met zekerheid of dit het probleem is maar ik heb tot nu toe de hele ochtend nog geen problemen gehad.
Mocht ik alsnog problemen ervaren zal ik jullie stappen uitvoeren (of jullie moeten mij aanraden om dit alsnog te doen). In ieder geval ontzettend bedankt voor al jullie hulp!!

Marc H 18 februari 2012, 12:19

Hee, dat is mooi. :)
Waarschijnlijk is het MKV bestand op een of andere manier corrupt.
Ik zou het zo lekker laten zitten, als blijkt dat het toch nog fout gaat, kunnen we altijd nog verder gaan met troubleshooten.

Abraham54 18 februari 2012, 12:42

Laat dat MKV-bestand maar eens scannen door je antivirus en of MBAM!

Antwoord niet gevonden? Stel hier je vraag: