Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

PC langzaam + virusscanner uit?

Abraham54
28 antwoorden
  • Sinds ongeveer een week heb ik problemen met mijn laptop met Windows 7. Hij is, niet continu maar wel zeer regelmatig, ontzettend langzaam. Op deze momenten wordt er 100% CPU gebruikt óf tegen de 100% physical memory. Tegerlijktijd krijg ik af en toe de melding van Windows dat Avast doorgeeft dat Avast uitgeschakeld staat terwijl deze op dat moment niet uitgeschakeld staat en af en toe ook dat Windows Defender uitgeschakeld is.

    Ik heb verscheidene zaken geprobeerd maar het lukt mij niet om de oorzaak te vinden:
    1) full scan gedraaid met Avast; geen malware
    2) full scan gedraaid met MBAM; geen malware, zie scanresultaten hieronder
    3) Avast opnieuw geinstalleerd (vanwege melding)
    4) Online scan gedraaid (ESET); geen malware

    Ik meen geen vreemde zaken te hebben gedaan maar ben bang, vooral vanwege de melding met mijn virusscanner dat ik wellicht toch last heb van malware. Ik heb niet kunnen ontdekken wat de verschillen zijn tussen de momenten waarop de laptop traag is en niet. In- en uitschakelen van de netwerkverbinding lijkt weinig tot geen verschil te maken.

    Kan iemand naar mijn HiJackthis-log kijken of een andere tip geven waarmee ik verder kan onderzoeken wat er aan de hand is?

    [b:85ffc31e2a]MBAM[/b:85ffc31e2a]
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.07.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    naam:: naam-LAPTOP [administrator]

    7-2-2012 6:51:01
    mbam-log-2012-02-07 (06-51-01).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 462637
    Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    [b:85ffc31e2a]HIJackthis[/b:85ffc31e2a]
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:05:20, on 12-2-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12272 bytes
  • Hallo vlindermeisje, dan moeten we maar dieper gaan kijken in jouw Windows.

    [b:17a22886c5]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:17a22886c5]
    [list:17a22886c5][*:17a22886c5]Lees telkens elke instruktie eerst goed door.
    [*:17a22886c5]De gegeven instrukties gelden alleen jouw Windows.
    [*:17a22886c5]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
    [*:17a22886c5]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
    [*:17a22886c5]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef,
    [*:17a22886c5] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
    [*:17a22886c5]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
    [*:17a22886c5]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
    [*:17a22886c5]Ook indien je iets niet begrijpt, meldt dat dan.
    [*:17a22886c5]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:17a22886c5][/color:17a22886c5]

    [b:17a22886c5]Stap •1•[/b:17a22886c5][/color:17a22886c5]
    [b:17a22886c5]Welk programma[/b:17a22886c5]: [b:17a22886c5]TDSSStarter.exe[/b:17a22886c5]
    [b:17a22886c5]Waarvoor/waarom[/b:17a22886c5]: Rootkitscanner
    [b:17a22886c5]Moeilijkheidsgraad[/b:17a22886c5]: geen
    Download [b:17a22886c5]TDSSStarter[/b:17a22886c5] naar het bureaublad.
    Tijdelijk downloadlink: [b:17a22886c5]TDSSStarter[/b:17a22886c5]

    [b:17a22886c5]"TDSSSStarter.exe" gebruiken[/b:17a22886c5]:
    [list:17a22886c5][*:17a22886c5] [b:17a22886c5]Sluit nu eerst alle nog openstaande programmavensters![/color:17a22886c5][/b:17a22886c5]
    [list:17a22886c5][*:17a22886c5][b:17a22886c5]Windows 2000[/color:17a22886c5][/b:17a22886c5] en [b:17a22886c5]Windows XP[/b:17a22886c5][/color:17a22886c5]: start het tool middels dubbelklik op "[i:17a22886c5] TDSSStarter .exe[/i:17a22886c5]".
    [*:17a22886c5][b:17a22886c5]Windows Vista[/b:17a22886c5][/color:17a22886c5] en [b:17a22886c5]Windows 7[/b:17a22886c5][/color:17a22886c5]: start het tool middels rechtsklik op "[i:17a22886c5]TDSSStarter.exe[/i:17a22886c5]" en dan kiezen voor [i:17a22886c5][b:17a22886c5]Als Administrator uitvoeren[/b:17a22886c5][/i:17a22886c5].[/list:u:17a22886c5]

    [*:17a22886c5]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:17a22886c5]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:17a22886c5]


    [b:17a22886c5]Stap •2•[/b:17a22886c5][/color:17a22886c5]
    [b:17a22886c5]Welk programma[/b:17a22886c5]: ComboFix
    [b:17a22886c5]Waarvoor/waarom[/b:17a22886c5]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:17a22886c5]Moeilijkheidsgraad[/b:17a22886c5]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:17a22886c5]Downloadlokatie[/b:17a22886c5]: Dit programma absoluut naar het bureaublad downloaden!
    [b:17a22886c5]Download ComboFix via één van deze locaties[/b:17a22886c5]:
    [list:17a22886c5][*:17a22886c5][b:17a22886c5]Bleepingcomputer[/b:17a22886c5]
    [*:17a22886c5][b:17a22886c5]ForoSpyware[/b:17a22886c5]
    [*:17a22886c5][b:17a22886c5]Geekstogo[/b:17a22886c5][/list:u:17a22886c5]
    [b:17a22886c5]Hier[/b:17a22886c5] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:17a22886c5]Hier[/b:17a22886c5] en [b:17a22886c5]hier[/b:17a22886c5] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:17a22886c5]Voor alle duidelijkheid nogmaals[/b:17a22886c5]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:17a22886c5]Opmerkingen[/b:17a22886c5]:
    [list:17a22886c5][*:17a22886c5] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:17a22886c5]
    [b:17a22886c5]ComboFix opstarten[/b:17a22886c5]:
    [list:17a22886c5][*:17a22886c5] [b:17a22886c5]Sluit nu eerst alle nog openstaande programmavensters![/color:17a22886c5][/b:17a22886c5]
    [list:17a22886c5][*:17a22886c5][b:17a22886c5]Windows 2000[/color:17a22886c5][/b:17a22886c5] en [b:17a22886c5]Windows XP[/b:17a22886c5][/color:17a22886c5]: start ComboFix.exe middels dubbelklik op ComboFix.exe.
    [*:17a22886c5][b:17a22886c5]Windows Vista[/b:17a22886c5][/color:17a22886c5] en [b:17a22886c5]Windows 7[/b:17a22886c5][/color:17a22886c5]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:17a22886c5][b:17a22886c5]Als Administrator uitvoeren[/b:17a22886c5][/i:17a22886c5].[/list:u:17a22886c5][/list:u:17a22886c5]
    [b:17a22886c5]ComboFix is opgestart[/b:17a22886c5]:
    [list:17a22886c5][*:17a22886c5]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:17a22886c5]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
    [*:17a22886c5]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:17a22886c5]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:17a22886c5]Post de inhoud van dit logbestand in je volgende bericht.
    [*:17a22886c5]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:17a22886c5]
    [b:17a22886c5]Belangrijke opmerking[/b:17a22886c5]:
    [list:17a22886c5][*:17a22886c5][b:17a22886c5]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:17a22886c5][/b:17a22886c5]
    [*:17a22886c5][b:17a22886c5]Illegal operation attempted on a registery key that has been marked for deletion.[/color:17a22886c5][/b:17a22886c5]
    [*:17a22886c5][b:17a22886c5]Start dan de computer opnieuw op.[/color:17a22886c5][/b:17a22886c5][/list:u:17a22886c5]

    [b:17a22886c5]Stap •3•[/b:17a22886c5][/color:17a22886c5]
    [b:17a22886c5]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:17a22886c5]
    [list:17a22886c5][*:17a22886c5] TDSSKStarter-log
    [*:17a22886c5] ComboFix.txt-log
    [/list:u:17a22886c5]
  • Hoi Abraham54, bedankt voor je reactie en je hulp.

    Ik heb de stappen uitgevoerd:

    [b:621797c59f]stap 1[/b:621797c59f]

    14:31:14.0637 2560 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    14:31:14.0637 2560 ============================================================
    14:31:14.0637 2560 Current date / time: 2012/02/12 14:31:14.0637
    14:31:14.0637 2560 SystemInfo:
    14:31:14.0637 2560
    14:31:14.0637 2560 OS Version: 6.1.7601 ServicePack: 1.0
    14:31:14.0637 2560 Product type: Workstation
    14:31:14.0637 2560 ComputerName: vlindermeisje-LAPTOP
    14:31:14.0652 2560 UserName: vlindermeisje
    14:31:14.0652 2560 Windows directory: C:\Windows
    14:31:14.0652 2560 System windows directory: C:\Windows
    14:31:14.0652 2560 Running under WOW64
    14:31:14.0652 2560 Processor architecture: Intel x64
    14:31:14.0652 2560 Number of processors: 4
    14:31:14.0652 2560 Page size: 0x1000
    14:31:14.0652 2560 Boot type: Normal boot
    14:31:14.0652 2560 ============================================================
    14:31:17.0133 2560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:31:17.0164 2560 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    14:31:17.0179 2560 \Device\Harddisk0\DR0:
    14:31:17.0179 2560 MBR used
    14:31:17.0179 2560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    14:31:17.0179 2560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
    14:31:17.0179 2560 \Device\Harddisk1\DR1:
    14:31:17.0179 2560 MBR used
    14:31:17.0179 2560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
    14:31:17.0601 2560 Initialize success
    14:31:17.0601 2560 ============================================================
    14:31:17.0647 4960 ============================================================
    14:31:17.0647 4960 Scan started
    14:31:17.0647 4960 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    14:31:17.0647 4960 ============================================================
    14:31:22.0639 4960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    14:31:24.0106 4960 1394ohci - ok
    14:31:24.0574 4960 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
    14:31:25.0557 4960 Accelerometer - ok
    14:31:26.0134 4960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    14:31:26.0290 4960 ACPI - ok
    14:31:26.0680 4960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    14:31:26.0851 4960 AcpiPmi - ok
    14:31:27.0413 4960 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
    14:31:27.0444 4960 adfs - ok
    14:31:28.0271 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:31:28.0411 4960 adp94xx - ok
    14:31:29.0020 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:31:29.0051 4960 adpahci - ok
    14:31:29.0457 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:31:29.0503 4960 adpu320 - ok
    14:31:30.0143 4960 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    14:31:30.0424 4960 AFD - ok
    14:31:30.0814 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    14:31:30.0845 4960 agp440 - ok
    14:31:31.0531 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    14:31:31.0563 4960 aliide - ok
    14:31:31.0875 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    14:31:31.0906 4960 amdide - ok
    14:31:32.0218 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:31:32.0374 4960 AmdK8 - ok
    14:31:32.0889 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:31:33.0201 4960 AmdPPM - ok
    14:31:33.0622 4960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    14:31:33.0653 4960 amdsata - ok
    14:31:34.0199 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:31:34.0324 4960 amdsbs - ok
    14:31:35.0057 4960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    14:31:35.0088 4960 amdxata - ok
    14:31:35.0587 4960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    14:31:35.0728 4960 AppID - ok
    14:31:36.0523 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:31:36.0539 4960 arc - ok
    14:31:37.0085 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:31:37.0101 4960 arcsas - ok
    14:31:37.0912 4960 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
    14:31:37.0927 4960 aswFsBlk - ok
    14:31:38.0629 4960 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
    14:31:38.0645 4960 aswMonFlt - ok
    14:31:39.0347 4960 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
    14:31:39.0363 4960 aswRdr - ok
    14:31:39.0955 4960 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
    14:31:40.0065 4960 aswSnx - ok
    14:31:40.0470 4960 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
    14:31:40.0595 4960 aswSP - ok
    14:31:41.0125 4960 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
    14:31:41.0141 4960 aswTdi - ok
    14:31:41.0687 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:31:41.0968 4960 AsyncMac - ok
    14:31:42.0483 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    14:31:42.0514 4960 atapi - ok
    14:31:43.0403 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:31:43.0637 4960 b06bdrv - ok
    14:31:43.0996 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:31:44.0214 4960 b57nd60a - ok
    14:31:45.0275 4960 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
    14:31:45.0462 4960 BCM43XX - ok
    14:31:45.0993 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:31:46.0164 4960 Beep - ok
    14:31:46.0476 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:31:46.0554 4960 blbdrive - ok
    14:31:47.0053 4960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    14:31:47.0147 4960 bowser - ok
    14:31:47.0553 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:31:47.0662 4960 BrFiltLo - ok
    14:31:47.0974 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:31:48.0067 4960 BrFiltUp - ok
    14:31:48.0723 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:31:48.0832 4960 Brserid - ok
    14:31:49.0378 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:31:49.0503 4960 BrSerWdm - ok
    14:31:49.0971 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:31:50.0049 4960 BrUsbMdm - ok
    14:31:50.0220 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:31:50.0314 4960 BrUsbSer - ok
    14:31:50.0548 4960 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    14:31:50.0626 4960 BthEnum - ok
    14:31:50.0719 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:31:50.0797 4960 BTHMODEM - ok
    14:31:50.0985 4960 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    14:31:51.0125 4960 BthPan - ok
    14:31:51.0733 4960 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    14:31:51.0889 4960 BTHPORT - ok
    14:31:52.0295 4960 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    14:31:52.0482 4960 BTHUSB - ok
    14:31:52.0810 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:31:52.0997 4960 cdfs - ok
    14:31:53.0496 4960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    14:31:53.0621 4960 cdrom - ok
    14:31:54.0058 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:31:54.0245 4960 circlass - ok
    14:31:54.0682 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:31:54.0744 4960 CLFS - ok
    14:31:55.0321 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:31:55.0555 4960 CmBatt - ok
    14:31:56.0039 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    14:31:56.0086 4960 cmdide - ok
    14:31:56.0460 4960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    14:31:56.0585 4960 CNG - ok
    14:31:57.0100 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:31:57.0131 4960 Compbatt - ok
    14:31:57.0615 4960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    14:31:57.0771 4960 CompositeBus - ok
    14:31:58.0348 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:31:58.0363 4960 crcdisk - ok
    14:31:59.0081 4960 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    14:31:59.0237 4960 CSC - ok
    14:31:59.0783 4960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    14:31:59.0939 4960 DfsC - ok
    14:32:00.0423 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:32:00.0610 4960 discache - ok
    14:32:01.0218 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:32:01.0249 4960 Disk - ok
    14:32:01.0749 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:32:01.0889 4960 drmkaud - ok
    14:32:02.0419 4960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    14:32:02.0544 4960 DXGKrnl - ok
    14:32:03.0667 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:32:04.0042 4960 ebdrv - ok
    14:32:04.0728 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:32:04.0775 4960 elxstor - ok
    14:32:05.0446 4960 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
    14:32:05.0477 4960 enecir - ok
    14:32:05.0945 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    14:32:06.0195 4960 ErrDev - ok
    14:32:07.0162 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:32:07.0411 4960 exfat - ok
    14:32:08.0176 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:32:08.0379 4960 fastfat - ok
    14:32:09.0143 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:32:09.0252 4960 fdc - ok
    14:32:09.0907 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:32:09.0939 4960 FileInfo - ok
    14:32:10.0500 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:32:10.0703 4960 Filetrace - ok
    14:32:11.0374 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:32:11.0499 4960 flpydisk - ok
    14:32:12.0232 4960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    14:32:12.0372 4960 FltMgr - ok
    14:32:12.0934 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:32:12.0965 4960 FsDepends - ok
    14:32:13.0230 4960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    14:32:13.0246 4960 Fs_Rec - ok
    14:32:13.0651 4960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    14:32:13.0683 4960 fvevol - ok
    14:32:14.0057 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:32:14.0073 4960 gagp30kx - ok
    14:32:14.0665 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:32:14.0743 4960 hcw85cir - ok
    14:32:15.0009 4960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    14:32:15.0149 4960 HdAudAddService - ok
    14:32:15.0524 4960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    14:32:15.0617 4960 HDAudBus - ok
    14:32:16.0007 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:32:16.0116 4960 HidBatt - ok
    14:32:16.0350 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:32:16.0491 4960 HidBth - ok
    14:32:16.0912 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:32:17.0006 4960 HidIr - ok
    14:32:17.0286 4960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    14:32:17.0396 4960 HidUsb - ok
    14:32:17.0988 4960 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    14:32:18.0020 4960 hpdskflt - ok
    14:32:18.0628 4960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    14:32:18.0659 4960 HpSAMD - ok
    14:32:19.0080 4960 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    14:32:19.0205 4960 HTCAND64 - ok
    14:32:19.0533 4960 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
    14:32:19.0564 4960 htcnprot - ok
    14:32:19.0907 4960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    14:32:20.0110 4960 HTTP - ok
    14:32:20.0484 4960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    14:32:20.0516 4960 hwpolicy - ok
    14:32:20.0952 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    14:32:21.0077 4960 i8042prt - ok
    14:32:21.0389 4960 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
    14:32:21.0420 4960 iaStor - ok
    14:32:21.0842 4960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    14:32:21.0904 4960 iaStorV - ok
    14:32:22.0372 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:32:22.0388 4960 iirsp - ok
    14:32:22.0622 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    14:32:22.0637 4960 intelide - ok
    14:32:22.0949 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:32:23.0090 4960 intelppm - ok
    14:32:23.0464 4960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:32:23.0542 4960 IpFilterDriver - ok
    14:32:23.0854 4960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    14:32:23.0994 4960 IPMIDRV - ok
    14:32:24.0322 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:32:24.0587 4960 IPNAT - ok
    14:32:25.0008 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:32:25.0149 4960 IRENUM - ok
    14:32:25.0773 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    14:32:25.0788 4960 isapnp - ok
    14:32:26.0225 4960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    14:32:26.0288 4960 iScsiPrt - ok
    14:32:26.0631 4960 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
    14:32:26.0662 4960 JMCR - ok
    14:32:27.0255 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:32:27.0286 4960 kbdclass - ok
    14:32:27.0770 4960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:32:27.0832 4960 kbdhid - ok
    14:32:28.0253 4960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    14:32:28.0284 4960 KSecDD - ok
    14:32:28.0643 4960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    14:32:28.0706 4960 KSecPkg - ok
    14:32:29.0283 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:32:29.0439 4960 ksthunk - ok
    14:32:29.0766 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:32:29.0907 4960 lltdio - ok
    14:32:30.0546 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:32:30.0578 4960 LSI_FC - ok
    14:32:31.0092 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:32:31.0124 4960 LSI_SAS - ok
    14:32:31.0451 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:32:31.0467 4960 LSI_SAS2 - ok
    14:32:31.0950 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:32:31.0966 4960 LSI_SCSI - ok
    14:32:32.0387 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:32:32.0543 4960 luafv - ok
    14:32:33.0120 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:32:33.0152 4960 megasas - ok
    14:32:33.0651 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:32:33.0666 4960 MegaSR - ok
    14:32:34.0197 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:32:34.0353 4960 Modem - ok
    14:32:34.0727 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:32:34.0868 4960 monitor - ok
    14:32:35.0304 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:32:35.0320 4960 mouclass - ok
    14:32:36.0100 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:32:36.0240 4960 mouhid - ok
    14:32:36.0771 4960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    14:32:36.0786 4960 mountmgr - ok
    14:32:37.0114 4960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    14:32:37.0145 4960 mpio - ok
    14:32:37.0691 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:32:37.0785 4960 mpsdrv - ok
    14:32:38.0300 4960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    14:32:38.0409 4960 MRxDAV - ok
    14:32:38.0892 4960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:32:38.0986 4960 mrxsmb - ok
    14:32:39.0423 4960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:32:39.0797 4960 mrxsmb10 - ok
    14:32:40.0593 4960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:32:40.0733 4960 mrxsmb20 - ok
    14:32:41.0279 4960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    14:32:41.0295 4960 msahci - ok
    14:32:41.0778 4960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    14:32:41.0810 4960 msdsm - ok
    14:32:42.0324 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:32:42.0465 4960 Msfs - ok
    14:32:43.0151 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:32:43.0448 4960 mshidkmdf - ok
    14:32:43.0713 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    14:32:43.0728 4960 msisadrv - ok
    14:32:44.0118 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:32:44.0196 4960 MSKSSRV - ok
    14:32:44.0742 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:32:44.0805 4960 MSPCLOCK - ok
    14:32:45.0320 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:32:45.0507 4960 MSPQM - ok
    14:32:46.0037 4960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    14:32:46.0053 4960 MsRPC - ok
    14:32:46.0396 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    14:32:46.0412 4960 mssmbios - ok
    14:32:46.0677 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:32:46.0724 4960 MSTEE - ok
    14:32:47.0067 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:32:47.0223 4960 MTConfig - ok
    14:32:47.0738 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:32:47.0753 4960 Mup - ok
    14:32:48.0393 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
    wifi.sys
    14:32:48.0502 4960 NativeWifiP - ok
    14:32:49.0095 4960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers
    dis.sys
    14:32:49.0266 4960 NDIS - ok
    14:32:49.0532 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
    discap.sys
    14:32:49.0703 4960 NdisCap - ok
    14:32:49.0953 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
    distapi.sys
    14:32:50.0078 4960 NdisTapi - ok
    14:32:50.0343 4960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS
    disuio.sys
    14:32:50.0530 4960 Ndisuio - ok
    14:32:50.0780 4960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS
    diswan.sys
    14:32:50.0842 4960 NdisWan - ok
    14:32:51.0248 4960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    14:32:51.0482 4960 NDProxy - ok
    14:32:51.0653 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
    etbios.sys
    14:32:51.0794 4960 NetBIOS - ok
    14:32:52.0215 4960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS
    etbt.sys
    14:32:52.0371 4960 NetBT - ok
    14:32:52.0932 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
    frd960.sys
    14:32:52.0964 4960 nfrd960 - ok
    14:32:53.0213 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:32:53.0338 4960 Npfs - ok
    14:32:53.0619 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
    siproxy.sys
    14:32:53.0759 4960 nsiproxy - ok
    14:32:54.0102 4960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    14:32:54.0321 4960 Ntfs - ok
    14:32:54.0695 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:32:54.0789 4960 Null - ok
    14:32:55.0085 4960 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers
    vhda64v.sys
    14:32:55.0101 4960 NVHDA - ok
    14:32:59.0157 4960 nvlddmkm (9fc53830053787fad2078f39d3ab68dc) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    14:32:59.0750 4960 nvlddmkm - ok
    14:33:00.0093 4960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers
    vraid.sys
    14:33:00.0140 4960 nvraid - ok
    14:33:00.0701 4960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers
    vstor.sys
    14:33:00.0717 4960 nvstor - ok
    14:33:01.0310 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers
    v_agp.sys
    14:33:01.0356 4960 nv_agp - ok
    14:33:01.0590 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    14:33:03.0790 4960 ohci1394 - ok
    14:33:04.0227 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:33:04.0258 4960 Parport - ok
    14:33:04.0648 4960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    14:33:04.0679 4960 partmgr - ok
    14:33:05.0288 4960 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
    14:33:05.0303 4960 pavboot - ok
    14:33:05.0896 4960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    14:33:05.0927 4960 pci - ok
    14:33:06.0458 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    14:33:06.0473 4960 pciide - ok
    14:33:06.0848 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:33:06.0863 4960 pcmcia - ok
    14:33:07.0409 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:33:07.0440 4960 pcw - ok
    14:33:08.0002 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:33:08.0158 4960 PEAUTH - ok
    14:33:08.0486 4960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    14:33:08.0626 4960 PptpMiniport - ok
    14:33:08.0938 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:33:09.0016 4960 Processor - ok
    14:33:09.0328 4960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    14:33:09.0468 4960 Psched - ok
    14:33:09.0983 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:33:10.0264 4960 ql2300 - ok
    14:33:10.0779 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:33:10.0810 4960 ql40xx - ok
    14:33:10.0841 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:33:10.0982 4960 QWAVEdrv - ok
    14:33:11.0356 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:33:11.0434 4960 RasAcd - ok
    14:33:12.0120 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:33:12.0198 4960 RasAgileVpn - ok
    14:33:12.0573 4960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:33:12.0744 4960 Rasl2tp - ok
    14:33:13.0041 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:33:13.0166 4960 RasPppoe - ok
    14:33:14.0070 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:33:14.0148 4960 RasSstp - ok
    14:33:14.0570 4960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    14:33:14.0757 4960 rdbss - ok
    14:33:15.0084 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:33:15.0240 4960 rdpbus - ok
    14:33:15.0490 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:33:15.0630 4960 RDPCDD - ok
    14:33:15.0818 4960 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    14:33:15.0974 4960 RDPDR - ok
    14:33:16.0566 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:33:16.0613 4960 RDPENCDD - ok
    14:33:16.0988 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:33:17.0050 4960 RDPREFMP - ok
    14:33:17.0378 4960 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    14:33:25.0068 4960 RdpVideoMiniport - ok
    14:33:25.0318 4960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    14:33:25.0396 4960 RDPWD - ok
    14:33:26.0238 4960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    14:33:26.0270 4960 rdyboost - ok
    14:33:27.0221 4960 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    14:33:27.0408 4960 RFCOMM - ok
    14:33:28.0079 4960 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    14:33:28.0251 4960 RimUsb - ok
    14:33:29.0140 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:33:29.0296 4960 rspndr - ok
    14:33:29.0733 4960 RSUSBSTOR - ok
    14:33:30.0950 4960 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:33:31.0246 4960 RTL8167 - ok
    14:33:32.0073 4960 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    14:33:32.0322 4960 s3cap - ok
    14:33:32.0790 4960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    14:33:32.0822 4960 sbp2port - ok
    14:33:33.0711 4960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    14:33:33.0914 4960 scfilter - ok
    14:33:34.0460 4960 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    14:33:34.0616 4960 sdbus - ok
    14:33:35.0006 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:33:35.0130 4960 secdrv - ok
    14:33:35.0583 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:33:35.0630 4960 Serenum - ok
    14:33:36.0051 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:33:36.0082 4960 Serial - ok
    14:33:36.0566 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:33:36.0597 4960 sermouse - ok
    14:33:36.0753 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    14:33:36.0940 4960 sffdisk - ok
    14:33:37.0424 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    14:33:37.0611 4960 sffp_mmc - ok
    14:33:38.0874 4960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    14:33:39.0842 4960 sffp_sd - ok
    14:33:40.0341 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:33:40.0372 4960 sfloppy - ok
    14:33:40.0809 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:33:40.0824 4960 SiSRaid2 - ok
    14:33:41.0152 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:33:41.0183 4960 SiSRaid4 - ok
    14:33:41.0776 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:33:41.0870 4960 Smb - ok
    14:33:42.0353 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:33:42.0384 4960 spldr - ok
    14:33:42.0540 4960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    14:33:42.0650 4960 srv - ok
    14:33:42.0790 4960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    14:33:42.0868 4960 srv2 - ok
    14:33:42.0977 4960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    14:33:43.0336 4960 srvnet - ok
    14:33:43.0866 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:33:43.0882 4960 stexstor - ok
    14:33:44.0397 4960 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
    14:33:44.0615 4960 STHDA - ok
    14:33:45.0005 4960 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    14:33:45.0036 4960 storflt - ok
    14:33:45.0177 4960 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    14:33:46.0737 4960 storvsc - ok
    14:33:47.0111 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    14:33:47.0127 4960 swenum - ok
    14:33:47.0454 4960 Synth3dVsc - ok
    14:33:48.0156 4960 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
    14:33:48.0250 4960 SynTP - ok
    14:33:49.0311 4960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    14:33:49.0467 4960 Tcpip - ok
    14:33:49.0716 4960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    14:33:49.0779 4960 TCPIP6 - ok
    14:33:50.0216 4960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    14:33:50.0387 4960 tcpipreg - ok
    14:33:50.0668 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:33:50.0840 4960 TDPIPE - ok
    14:33:51.0370 4960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    14:33:51.0432 4960 TDTCP - ok
    14:33:52.0025 4960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    14:33:52.0134 4960 tdx - ok
    14:33:52.0353 4960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    14:33:52.0384 4960 TermDD - ok
    14:33:52.0540 4960 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
    14:33:52.0665 4960 truecrypt - ok
    14:33:53.0070 4960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:33:53.0195 4960 tssecsrv - ok
    14:33:53.0304 4960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    14:33:53.0429 4960 TsUsbFlt - ok
    14:33:53.0445 4960 tsusbhub - ok
    14:33:53.0648 4960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    14:33:53.0772 4960 tunnel - ok
    14:33:53.0882 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:33:53.0913 4960 uagp35 - ok
    14:33:54.0116 4960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    14:33:54.0209 4960 udfs - ok
    14:33:54.0350 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    14:33:54.0365 4960 uliagpkx - ok
    14:33:54.0662 4960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    14:33:54.0802 4960 umbus - ok
    14:33:55.0052 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:33:55.0083 4960 UmPass - ok
    14:33:55.0676 4960 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    14:33:55.0832 4960 usbaudio - ok
    14:33:56.0768 4960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:33:56.0970 4960 usbccgp - ok
    14:33:58.0312 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    14:33:58.0452 4960 usbcir - ok
    14:33:58.0764 4960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    14:33:58.0936 4960 usbehci - ok
    14:33:59.0295 4960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    14:33:59.0466 4960 usbhub - ok
    14:33:59.0716 4960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    14:33:59.0747 4960 usbohci - ok
    14:34:00.0090 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:34:00.0215 4960 usbprint - ok
    14:34:00.0761 4960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:34:00.0917 4960 USBSTOR - ok
    14:34:01.0510 4960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    14:34:01.0572 4960 usbuhci - ok
    14:34:01.0806 4960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    14:34:01.0900 4960 usbvideo - ok
    14:34:01.0947 4960 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    14:34:02.0056 4960 usb_rndisx - ok
    14:34:02.0430 4960 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    14:34:02.0462 4960 VBoxNetAdp - ok
    14:34:02.0633 4960 VBoxNetFlt - ok
    14:34:02.0883 4960 VBoxUSB (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys
    14:34:02.0898 4960 VBoxUSB - ok
    14:34:03.0476 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    14:34:03.0491 4960 vdrvroot - ok
    14:34:03.0772 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:34:03.0912 4960 vga - ok
    14:34:04.0053 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:34:04.0224 4960 VgaSave - ok
    14:34:04.0864 4960 VGPU - ok
    14:34:05.0145 4960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    14:34:05.0176 4960 vhdmp - ok
    14:34:05.0441 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    14:34:05.0457 4960 viaide - ok
    14:34:05.0691 4960 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    14:34:05.0722 4960 vmbus - ok
    14:34:06.0143 4960 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    14:34:06.0393 4960 VMBusHID - ok
    14:34:06.0845 4960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    14:34:06.0876 4960 volmgr - ok
    14:34:07.0173 4960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    14:34:07.0360 4960 volmgrx - ok
    14:34:07.0719 4960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    14:34:07.0766 4960 volsnap - ok
    14:34:08.0280 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:34:08.0327 4960 vsmraid - ok
    14:34:08.0920 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    14:34:09.0092 4960 vwifibus - ok
    14:34:09.0622 4960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    14:34:09.0965 4960 vwififlt - ok
    14:34:10.0293 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:34:10.0418 4960 WacomPen - ok
    14:34:10.0621 4960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:34:11.0510 4960 WANARP - ok
    14:34:11.0666 4960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:34:11.0728 4960 Wanarpv6 - ok
    14:34:12.0196 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:34:12.0227 4960 Wd - ok
    14:34:12.0508 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:34:12.0571 4960 Wdf01000 - ok
    14:34:12.0976 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:34:16.0783 4960 WfpLwf - ok
    14:34:17.0095 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:34:17.0126 4960 WIMMount - ok
    14:34:17.0672 4960 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
    14:34:17.0859 4960 WINUSB - ok
    14:34:18.0467 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    14:34:18.0608 4960 WmiAcpi - ok
    14:34:19.0013 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:34:19.0216 4960 ws2ifsl - ok
    14:34:19.0731 4960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    14:34:20.0183 4960 WudfPf - ok
    14:34:20.0480 4960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:34:20.0558 4960 WUDFRd - ok
    14:34:20.0636 4960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    14:34:20.0932 4960 \Device\Harddisk0\DR0 - ok
    14:34:20.0932 4960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    14:34:21.0556 4960 \Device\Harddisk1\DR1 - ok
    14:34:21.0572 4960 Boot (0x1200) (191c58afcbcc48a0877afcf304945e65) \Device\Harddisk0\DR0\Partition0
    14:34:21.0572 4960 \Device\Harddisk0\DR0\Partition0 - ok
    14:34:21.0587 4960 Boot (0x1200) (d49058e2d2b9cc411d9d7edcee4aada4) \Device\Harddisk0\DR0\Partition1
    14:34:21.0587 4960 \Device\Harddisk0\DR0\Partition1 - ok
    14:34:21.0587 4960 Boot (0x1200) (0d62821303dfbe6b60a7014e59e09559) \Device\Harddisk1\DR1\Partition0
    14:34:21.0587 4960 \Device\Harddisk1\DR1\Partition0 - ok
    14:34:21.0587 4960 ============================================================
    14:34:21.0587 4960 Scan finished
    14:34:21.0587 4960 ============================================================
    14:34:23.0943 3576 Deinitialize success

    ==============================================
    Last Created System Restore Point
    ==============================================
    No restore point in system.
    ==============================================
    EOF

    [b:621797c59f]Stap 2[/b:621797c59f]

    ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 15:04:21.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.247 [GMT 1:00]
    Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 13:30 . 2012-02-12 13:34 ——– d—–w- C:\TDSSStarter
    2012-02-12 09:12 . 2012-02-12 09:12 ——– d—–w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics
    2012-02-12 09:11 . 2012-02-12 09:11 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Diagnostics
    2012-02-11 05:36 . 2012-01-06 05:15 8602168 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll
    2012-02-06 20:05 . 2012-02-06 20:05 ——– d—–w- c:\windows\system32\appmgmt
    2012-02-06 19:51 . 2012-02-06 19:51 ——– d—–w- c:\program files (x86)\ESET
    2012-02-06 19:26 . 2012-02-06 19:26 388096 —-a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 19:26 . 2012-02-06 19:26 ——– d—–w- c:\program files (x86)\Trend Micro
    2012-02-05 17:48 . 2011-11-28 17:53 304472 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-05 17:48 . 2011-11-28 17:51 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-05 17:47 . 2011-11-28 17:52 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-05 17:47 . 2011-11-28 17:52 58712 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-05 17:47 . 2011-11-28 17:54 591192 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-05 17:47 . 2011-11-28 17:52 66904 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-05 17:44 . 2011-11-28 18:01 41184 —-a-w- c:\windows\avastSS.scr
    2012-02-05 17:44 . 2011-11-28 18:01 199816 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-05 16:20 . 2012-02-06 20:15 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-02-05 16:20 . 2012-02-06 20:15 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2012-02-05 08:34 . 2012-02-05 08:34 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes
    2012-02-05 08:33 . 2012-02-05 08:33 ——– d—–w- c:\programdata\Malwarebytes
    2012-02-05 08:33 . 2012-02-05 08:33 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-05 08:33 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 14:17 . 2012-02-03 14:17 ——– d—–w- c:\users\vlindermeisje\Logitech
    2012-02-03 14:16 . 2012-02-03 14:17 ——– d—–w- c:\program files (x86)\Common Files\Remote Control Software Common
    2012-02-03 14:16 . 2012-02-03 14:16 ——– d—–w- c:\program files (x86)\Logitech
    2012-02-03 14:16 . 2012-02-03 14:16 ——– d—–w- c:\program files (x86)\Common Files\Remote Control USB Driver
    2012-02-03 14:15 . 2006-02-07 14:44 65024 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-02-03 14:15 . 2012-02-03 14:15 200836 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-02-03 14:15 . 2006-02-07 14:45 757760 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-02-03 14:15 . 2006-02-07 14:40 204800 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-02-03 14:15 . 2006-02-07 14:40 69715 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-02-03 14:15 . 2006-02-07 14:40 274432 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-02-03 14:15 . 2006-02-07 14:39 32768 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-02-03 14:15 . 2005-11-13 22:19 5632 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-02-03 14:15 . 2012-02-03 14:15 331908 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-01-28 10:20 . 2012-01-28 10:20 ——– d—–w- c:\users\vlindermeisje\VirtualBox VMs
    2012-01-28 10:19 . 2012-02-04 16:53 ——– d—–w- c:\users\vlindermeisje\.VirtualBox
    2012-01-28 10:18 . 2011-12-19 12:45 224048 —-a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-01-28 10:18 . 2012-02-05 16:05 ——– dc—-w- c:\windows\system32\DRVSTORE
    2012-01-28 10:18 . 2011-12-19 12:45 130864 —-a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-01-27 19:25 . 2012-01-27 20:23 ——– d—–w- C:\android_root
    2012-01-27 18:18 . 2012-01-27 18:23 ——– d—–w- c:\users\vlindermeisje\.android
    2012-01-27 18:17 . 2012-01-27 18:17 ——– d—–w- c:\program files (x86)\Android
    2012-01-27 18:16 . 2012-02-05 16:05 ——– d—–w- c:\program files\Oracle
    2012-01-27 18:15 . 2011-11-08 18:40 750488 —-a-w- c:\windows\system32
    pdeployJava1.dll
    2012-01-27 18:15 . 2011-11-08 18:40 660368 —-a-w- c:\windows\system32\deployJava1.dll
    2012-01-27 18:13 . 2012-01-27 18:15 ——– d—–w- c:\program files\Java
    2012-01-27 18:13 . 2012-02-06 18:41 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Htc
    2012-01-27 18:13 . 2012-01-27 18:14 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\HTC
    2012-01-27 18:10 . 2012-01-27 18:10 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations
    2012-01-27 18:09 . 2012-01-27 18:09 ——– d—–w- c:\program files (x86)\Spirent Communications
    2012-01-27 18:09 . 2012-01-27 18:12 ——– d—–w- c:\program files (x86)\HTC
    2012-01-21 19:04 . 2012-01-25 17:54 ——– d—–w- c:\users\vlindermeisje\.freemind
    2012-01-21 19:04 . 2012-01-21 19:04 ——– d—–w- c:\program files (x86)\FreeMind
    2012-01-19 12:46 . 2012-01-19 12:46 ——– d—–w- c:\program files (x86)\KeyTweak
    2012-01-15 12:07 . 2012-02-12 07:47 ——– d—–r- c:\users\vlindermeisje\Dropbox
    2012-01-15 12:05 . 2012-02-12 07:47 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\Dropbox
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 23:52 . 2011-11-05 13:18 279656 ——w- c:\windows\system32\MpSigStub.exe
    2012-01-04 16:02 . 2012-01-04 16:02 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-12-19 12:45 . 2011-12-19 12:45 146736 —-a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2011-12-19 12:45 . 2011-12-19 12:45 117040 —-a-w- c:\windows\system32\drivers\VBoxUSB.sys
    2011-12-16 21:31 . 2011-03-28 17:36 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-14 22:26 . 2011-12-14 22:26 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-12-14 22:26 . 2011-12-14 22:26 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-12-14 22:26 . 2011-12-14 22:26 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-12-14 22:26 . 2011-12-14 22:26 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-12-14 22:26 . 2011-12-14 22:26 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-12-14 22:26 . 2011-12-14 22:26 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-12-14 22:26 . 2011-12-14 22:26 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-12-14 22:26 . 2011-12-14 22:26 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-12-14 22:26 . 2011-12-14 22:26 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-12-14 22:26 . 2011-12-14 22:26 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-12-14 22:26 . 2011-12-14 22:26 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-12-14 22:26 . 2011-12-14 22:26 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-12-14 22:26 . 2011-12-14 22:26 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-12-14 22:26 . 2011-12-14 22:26 448512 —-a-w- c:\windows\system32\html.iec
    2011-12-14 22:26 . 2011-12-14 22:26 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-12-14 22:26 . 2011-12-14 22:26 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-12-14 22:26 . 2011-12-14 22:26 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-12-14 22:26 . 2011-12-14 22:26 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-12-14 22:26 . 2011-12-14 22:26 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-12-14 22:26 . 2011-12-14 22:26 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-12-14 22:26 . 2011-12-14 22:26 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-12-14 22:26 . 2011-12-14 22:26 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-12-14 22:26 . 2011-12-14 22:26 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-12-14 22:26 . 2011-12-14 22:26 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-12-14 22:26 . 2011-12-14 22:26 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-12-14 22:26 . 2011-12-14 22:26 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-12-14 22:26 . 2011-12-14 22:26 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-12-14 22:26 . 2011-12-14 22:26 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-12-14 22:26 . 2011-12-14 22:26 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-12-14 22:26 . 2011-12-14 22:26 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-12-14 22:26 . 2011-12-14 22:26 1493504 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 22:26 . 2011-12-14 22:26 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-12-14 22:26 . 2011-12-14 22:26 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-12-14 22:26 . 2011-12-14 22:26 1390080 —-a-w- c:\windows\system32\wininet.dll
    2011-12-14 22:26 . 2011-12-14 22:26 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-12-14 22:26 . 2011-12-14 22:26 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-12-14 22:26 . 2011-12-14 22:26 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-12-14 22:26 . 2011-12-14 22:26 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-12-14 22:26 . 2011-12-14 22:26 1127424 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-12-14 22:26 . 2011-12-14 22:26 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-12-14 22:26 . 2011-12-14 22:26 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-12-14 22:26 . 2011-12-14 22:26 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-12-07 21:49 . 2011-12-07 21:49 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2011-11-05 13:23 256960 —-a-w- c:\windows\system32\aswBoot.exe
    2011-11-24 04:52 . 2011-12-14 18:05 3145216 —-a-w- c:\windows\system32\win32k.sys
    2011-11-20 10:09 . 2011-12-10 18:32 74752 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-11-19 14:58 . 2012-01-11 14:17 77312 —-a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 14:17 67072 —-a-w- c:\windows\SysWow64\packager.dll
    2011-11-17 06:49 . 2012-01-12 19:50 152432 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-11-17 06:49 . 2012-01-12 19:50 95600 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-17 06:44 . 2012-01-12 19:50 459232 —-a-w- c:\windows\system32\drivers\cng.sys
    2011-11-17 06:41 . 2012-01-11 14:17 1731920 —-a-w- c:\windows\system32
    tdll.dll
    2011-11-17 06:35 . 2012-01-12 19:50 395776 —-a-w- c:\windows\system32\webio.dll
    2011-11-17 06:35 . 2012-01-12 19:50 136192 —-a-w- c:\windows\system32\sspicli.dll
    2011-11-17 06:35 . 2012-01-12 19:50 29184 —-a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 06:35 . 2012-01-12 19:50 340992 —-a-w- c:\windows\system32\schannel.dll
    2011-11-17 06:35 . 2012-01-12 19:50 28160 —-a-w- c:\windows\system32\secur32.dll
    2011-11-17 06:35 . 2012-01-12 19:50 1447936 —-a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 06:33 . 2012-01-12 19:50 31232 —-a-w- c:\windows\system32\lsass.exe
    2011-11-17 05:38 . 2012-01-11 14:17 1292080 —-a-w- c:\windows\SysWow64
    tdll.dll
    2011-11-17 05:35 . 2012-01-12 19:50 314880 —-a-w- c:\windows\SysWow64\webio.dll
    2011-11-17 05:34 . 2012-01-12 19:50 224768 —-a-w- c:\windows\SysWow64\schannel.dll
    2011-11-17 05:34 . 2012-01-12 19:50 22016 —-a-w- c:\windows\SysWow64\secur32.dll
    2011-11-17 05:28 . 2012-01-12 19:50 96768 —-a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
    vhda64v.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 53620504
    *Deregistered* - 53620504
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 —-a-w- c:\windows\System32\cmd.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
    .
    2012-02-01 c:\windows\Tasks\SyncBack Monthly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-11 c:\windows\Tasks\SyncBack Nightly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-05 c:\windows\Tasks\SyncBack Weekly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil
  • Het log van ComboFix is niet compleet!

    Maar doe nu eerst het volgende:

    [b:87c5b3fca9]Welk programma[/b:87c5b3fca9]: "aswMBR.exe'
    [b:87c5b3fca9]Waarvoor/waarom[/b:87c5b3fca9]: MBR-Rootkitscanner
    [b:87c5b3fca9]Moeilijkheidsgraad[/b:87c5b3fca9]: geen
    [b:87c5b3fca9]Downloadlokatie[/b:87c5b3fca9]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:87c5b3fca9]Download[/b:87c5b3fca9] [b:87c5b3fca9]aswMBR.exe[/b:87c5b3fca9] [b:87c5b3fca9]hier[/b:87c5b3fca9].


    [b:87c5b3fca9]aswMBR.exe gebruiken[/b:87c5b3fca9]:
    [list:87c5b3fca9][*:87c5b3fca9]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:87c5b3fca9]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:87c5b3fca9]Als Administrator uitvoeren[/b:87c5b3fca9].[/list:u:87c5b3fca9]

    [list:87c5b3fca9][*:87c5b3fca9] Klik in het volgende venster op "[b:87c5b3fca9]Nee[/b:87c5b3fca9]"[/list:u:87c5b3fca9]
    [img:87c5b3fca9]http://www.imgdumper.nl/uploads4/4e4115af00b45/4e4115af00378-aswmbrno.png[/img:87c5b3fca9]

    [img:87c5b3fca9]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:87c5b3fca9]
    [list:87c5b3fca9][*:87c5b3fca9] Klik nu in het zwarte scherm op de knop [b:87c5b3fca9]Scan[/b:87c5b3fca9]
    [*:87c5b3fca9] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:87c5b3fca9]Save log[/b:87c5b3fca9][/list:u:87c5b3fca9]
    [img:87c5b3fca9]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:87c5b3fca9]
    [list:87c5b3fca9][*:87c5b3fca9] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:87c5b3fca9] Tevens vindt je nu op het bureaublad ook het bestand [b:87c5b3fca9]MBR.dat[/b:87c5b3fca9]!
    [*:87c5b3fca9] [b:87c5b3fca9]MBR.dat[/b:87c5b3fca9] is een backupbestand, bewaar dat dus voorlopig.
    [*:87c5b3fca9] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:87c5b3fca9]aswMBR.txt[/b:87c5b3fca9][*:87c5b3fca9] Post de inhoud van [b:87c5b3fca9]aswMBR.txt[/b:87c5b3fca9] in jouw volgende bericht.[/list:u:87c5b3fca9]

    N.B.: zorg er voor dat externe HD's/USB-sticks eerst worden verwijderd.
  • Ik zie het. Ik zal 'm nogmaals plaatsen. Heb eerst aswMBR.exe gedraaid:

    [b:8b2effef67]aswMBR:[/b:8b2effef67]
    aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
    Run date: 2012-02-12 15:45:47
    —————————–
    15:45:47.905 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:45:47.905 Number of processors: 4 586 0x2502
    15:45:47.905 ComputerName: vlindermeisje-LAPTOP UserName: vlindermeisje
    15:45:54.098 Initialize success
    15:45:55.643 AVAST engine defs: 12021200
    15:46:06.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    15:46:06.001 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
    15:46:06.017 Disk 0 MBR read successfully
    15:46:06.017 Disk 0 MBR scan
    15:46:06.048 Disk 0 Windows 7 default MBR code
    15:46:06.063 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:46:06.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
    15:46:06.079 Service scanning
    15:46:10.353 Modules scanning
    15:46:10.353 Disk 0 trace - called modules:
    15:46:10.385 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    15:46:10.385 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800583f060]
    15:46:10.400 3 CLASSPNP.SYS[fffff88001b6b43f] -> nt!IofCallDriver -> [0xfffffa80056d9b10]
    15:46:10.416 5 hpdskflt.sys[fffff88001b12189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a14050]
    15:46:11.711 AVAST engine scan C:\Windows
    15:46:15.158 AVAST engine scan C:\Windows\system32
    15:49:45.072 AVAST engine scan C:\Windows\system32\drivers
    15:50:00.360 AVAST engine scan C:\Users\vlindermeisje
    15:59:09.668 AVAST engine scan C:\ProgramData
    15:59:49.979 Scan finished successfully
    16:00:51.693 Disk 0 MBR has been saved successfully to "C:\Users\vlindermeisje\Desktop\MBR.dat"
    16:00:51.708 The log file has been saved successfully to "C:\Users\vlindermeisje\Desktop\aswMBR.txt"



    [b:8b2effef67]combofix poging 2:[/b:8b2effef67]
    ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 15:04:21.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.247 [GMT 1:00]
    Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 13:30 . 2012-02-12 13:34 ——– d—–w- C:\TDSSStarter
    2012-02-12 09:12 . 2012-02-12 09:12 ——– d—–w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics
    2012-02-12 09:11 . 2012-02-12 09:11 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Diagnostics
    2012-02-11 05:36 . 2012-01-06 05:15 8602168 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll
    2012-02-06 20:05 . 2012-02-06 20:05 ——– d—–w- c:\windows\system32\appmgmt
    2012-02-06 19:51 . 2012-02-06 19:51 ——– d—–w- c:\program files (x86)\ESET
    2012-02-06 19:26 . 2012-02-06 19:26 388096 —-a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 19:26 . 2012-02-06 19:26 ——– d—–w- c:\program files (x86)\Trend Micro
    2012-02-05 17:48 . 2011-11-28 17:53 304472 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-05 17:48 . 2011-11-28 17:51 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-05 17:47 . 2011-11-28 17:52 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-05 17:47 . 2011-11-28 17:52 58712 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-05 17:47 . 2011-11-28 17:54 591192 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-05 17:47 . 2011-11-28 17:52 66904 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-05 17:44 . 2011-11-28 18:01 41184 —-a-w- c:\windows\avastSS.scr
    2012-02-05 17:44 . 2011-11-28 18:01 199816 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-05 16:20 . 2012-02-06 20:15 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-02-05 16:20 . 2012-02-06 20:15 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2012-02-05 08:34 . 2012-02-05 08:34 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes
    2012-02-05 08:33 . 2012-02-05 08:33 ——– d—–w- c:\programdata\Malwarebytes
    2012-02-05 08:33 . 2012-02-05 08:33 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-05 08:33 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 14:17 . 2012-02-03 14:17 ——– d—–w- c:\users\vlindermeisje\Logitech
    2012-02-03 14:16 . 2012-02-03 14:17 ——– d—–w- c:\program files (x86)\Common Files\Remote Control Software Common
    2012-02-03 14:16 . 2012-02-03 14:16 ——– d—–w- c:\program files (x86)\Logitech
    2012-02-03 14:16 . 2012-02-03 14:16 ——– d—–w- c:\program files (x86)\Common Files\Remote Control USB Driver
    2012-02-03 14:15 . 2006-02-07 14:44 65024 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-02-03 14:15 . 2012-02-03 14:15 200836 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-02-03 14:15 . 2006-02-07 14:45 757760 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-02-03 14:15 . 2006-02-07 14:40 204800 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-02-03 14:15 . 2006-02-07 14:40 69715 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-02-03 14:15 . 2006-02-07 14:40 274432 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-02-03 14:15 . 2006-02-07 14:39 32768 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-02-03 14:15 . 2005-11-13 22:19 5632 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-02-03 14:15 . 2012-02-03 14:15 331908 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-01-28 10:20 . 2012-01-28 10:20 ——– d—–w- c:\users\vlindermeisje\VirtualBox VMs
    2012-01-28 10:19 . 2012-02-04 16:53 ——– d—–w- c:\users\vlindermeisje\.VirtualBox
    2012-01-28 10:18 . 2011-12-19 12:45 224048 —-a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-01-28 10:18 . 2012-02-05 16:05 ——– dc—-w- c:\windows\system32\DRVSTORE
    2012-01-28 10:18 . 2011-12-19 12:45 130864 —-a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-01-27 19:25 . 2012-01-27 20:23 ——– d—–w- C:\android_root
    2012-01-27 18:18 . 2012-01-27 18:23 ——– d—–w- c:\users\vlindermeisje\.android
    2012-01-27 18:17 . 2012-01-27 18:17 ——– d—–w- c:\program files (x86)\Android
    2012-01-27 18:16 . 2012-02-05 16:05 ——– d—–w- c:\program files\Oracle
    2012-01-27 18:15 . 2011-11-08 18:40 750488 —-a-w- c:\windows\system32
    pdeployJava1.dll
    2012-01-27 18:15 . 2011-11-08 18:40 660368 —-a-w- c:\windows\system32\deployJava1.dll
    2012-01-27 18:13 . 2012-01-27 18:15 ——– d—–w- c:\program files\Java
    2012-01-27 18:13 . 2012-02-06 18:41 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Htc
    2012-01-27 18:13 . 2012-01-27 18:14 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\HTC
    2012-01-27 18:10 . 2012-01-27 18:10 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations
    2012-01-27 18:09 . 2012-01-27 18:09 ——– d—–w- c:\program files (x86)\Spirent Communications
    2012-01-27 18:09 . 2012-01-27 18:12 ——– d—–w- c:\program files (x86)\HTC
    2012-01-21 19:04 . 2012-01-25 17:54 ——– d—–w- c:\users\vlindermeisje\.freemind
    2012-01-21 19:04 . 2012-01-21 19:04 ——– d—–w- c:\program files (x86)\FreeMind
    2012-01-19 12:46 . 2012-01-19 12:46 ——– d—–w- c:\program files (x86)\KeyTweak
    2012-01-15 12:07 . 2012-02-12 07:47 ——– d—–r- c:\users\vlindermeisje\Dropbox
    2012-01-15 12:05 . 2012-02-12 07:47 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\Dropbox
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 23:52 . 2011-11-05 13:18 279656 ——w- c:\windows\system32\MpSigStub.exe
    2012-01-04 16:02 . 2012-01-04 16:02 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-12-19 12:45 . 2011-12-19 12:45 146736 —-a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2011-12-19 12:45 . 2011-12-19 12:45 117040 —-a-w- c:\windows\system32\drivers\VBoxUSB.sys
    2011-12-16 21:31 . 2011-03-28 17:36 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-14 22:26 . 2011-12-14 22:26 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-12-14 22:26 . 2011-12-14 22:26 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-12-14 22:26 . 2011-12-14 22:26 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-12-14 22:26 . 2011-12-14 22:26 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-12-14 22:26 . 2011-12-14 22:26 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-12-14 22:26 . 2011-12-14 22:26 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-12-14 22:26 . 2011-12-14 22:26 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-12-14 22:26 . 2011-12-14 22:26 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-12-14 22:26 . 2011-12-14 22:26 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-12-14 22:26 . 2011-12-14 22:26 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-12-14 22:26 . 2011-12-14 22:26 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-12-14 22:26 . 2011-12-14 22:26 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-12-14 22:26 . 2011-12-14 22:26 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-12-14 22:26 . 2011-12-14 22:26 448512 —-a-w- c:\windows\system32\html.iec
    2011-12-14 22:26 . 2011-12-14 22:26 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-12-14 22:26 . 2011-12-14 22:26 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-12-14 22:26 . 2011-12-14 22:26 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-12-14 22:26 . 2011-12-14 22:26 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-12-14 22:26 . 2011-12-14 22:26 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-12-14 22:26 . 2011-12-14 22:26 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-12-14 22:26 . 2011-12-14 22:26 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-12-14 22:26 . 2011-12-14 22:26 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-12-14 22:26 . 2011-12-14 22:26 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-12-14 22:26 . 2011-12-14 22:26 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-12-14 22:26 . 2011-12-14 22:26 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-12-14 22:26 . 2011-12-14 22:26 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-12-14 22:26 . 2011-12-14 22:26 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-12-14 22:26 . 2011-12-14 22:26 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-12-14 22:26 . 2011-12-14 22:26 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-12-14 22:26 . 2011-12-14 22:26 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-12-14 22:26 . 2011-12-14 22:26 1493504 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 22:26 . 2011-12-14 22:26 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-12-14 22:26 . 2011-12-14 22:26 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-12-14 22:26 . 2011-12-14 22:26 1390080 —-a-w- c:\windows\system32\wininet.dll
    2011-12-14 22:26 . 2011-12-14 22:26 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-12-14 22:26 . 2011-12-14 22:26 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-12-14 22:26 . 2011-12-14 22:26 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-12-14 22:26 . 2011-12-14 22:26 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-12-14 22:26 . 2011-12-14 22:26 1127424 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-12-14 22:26 . 2011-12-14 22:26 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-12-14 22:26 . 2011-12-14 22:26 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-12-14 22:26 . 2011-12-14 22:26 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-12-07 21:49 . 2011-12-07 21:49 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2011-11-05 13:23 256960 —-a-w- c:\windows\system32\aswBoot.exe
    2011-11-24 04:52 . 2011-12-14 18:05 3145216 —-a-w- c:\windows\system32\win32k.sys
    2011-11-20 10:09 . 2011-12-10 18:32 74752 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-11-19 14:58 . 2012-01-11 14:17 77312 —-a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 14:17 67072 —-a-w- c:\windows\SysWow64\packager.dll
    2011-11-17 06:49 . 2012-01-12 19:50 152432 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-11-17 06:49 . 2012-01-12 19:50 95600 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-17 06:44 . 2012-01-12 19:50 459232 —-a-w- c:\windows\system32\drivers\cng.sys
    2011-11-17 06:41 . 2012-01-11 14:17 1731920 —-a-w- c:\windows\system32
    tdll.dll
    2011-11-17 06:35 . 2012-01-12 19:50 395776 —-a-w- c:\windows\system32\webio.dll
    2011-11-17 06:35 . 2012-01-12 19:50 136192 —-a-w- c:\windows\system32\sspicli.dll
    2011-11-17 06:35 . 2012-01-12 19:50 29184 —-a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 06:35 . 2012-01-12 19:50 340992 —-a-w- c:\windows\system32\schannel.dll
    2011-11-17 06:35 . 2012-01-12 19:50 28160 —-a-w- c:\windows\system32\secur32.dll
    2011-11-17 06:35 . 2012-01-12 19:50 1447936 —-a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 06:33 . 2012-01-12 19:50 31232 —-a-w- c:\windows\system32\lsass.exe
    2011-11-17 05:38 . 2012-01-11 14:17 1292080 —-a-w- c:\windows\SysWow64
    tdll.dll
    2011-11-17 05:35 . 2012-01-12 19:50 314880 —-a-w- c:\windows\SysWow64\webio.dll
    2011-11-17 05:34 . 2012-01-12 19:50 224768 —-a-w- c:\windows\SysWow64\schannel.dll
    2011-11-17 05:34 . 2012-01-12 19:50 22016 —-a-w- c:\windows\SysWow64\secur32.dll
    2011-11-17 05:28 . 2012-01-12 19:50 96768 —-a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
    vhda64v.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 53620504
    *Deregistered* - 53620504
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 —-a-w- c:\windows\System32\cmd.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
    .
    2012-02-01 c:\windows\Tasks\SyncBack Monthly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-11 c:\windows\Tasks\SyncBack Nightly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-05 c:\windows\Tasks\SyncBack Weekly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-02-12 15:21:18
    ComboFix-quarantined-files.txt 2012-02-12 14:21
    .
    Pre-Run: 11.856.023.552 bytes free
    Post-Run: 11.786.752.000 bytes free
    .
    - - End Of File - - 066145A7AA612E3BB173F290FA2C75B8
  • Er is nog een onderdeel van een vorige Panda installatie in jouw Windows.

    Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:65aff76428]Kladblok (of Notepad)[/b:65aff76428]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:65aff76428]ClearJavaCache::

    File::
    c:\windows\system32\drivers\pavboot64.sys

    Driver::
    pavboot64[/color:65aff76428][/b:65aff76428]


    Sla dit kladblokbestand op je bureaublad op als [b:65aff76428]CFScript.txt[/b:65aff76428].

    [b:65aff76428]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:65aff76428][/b:65aff76428]


    Sleep CFScript.txt in ComboFix.exe


    [img:65aff76428]http://crew.nucia.eu/smeenk/CFScript.gif[/img:65aff76428]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
    Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:65aff76428]C:\Combofix.txt[/b:65aff76428]

    [b:65aff76428]Belangrijke opmerking[/b:65aff76428]:
    [list:65aff76428][*:65aff76428][b:65aff76428]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:65aff76428][/b:65aff76428]
    [*:65aff76428][b:65aff76428]Illegal operation attempted on a registery key that has been marked for deletion.[/color:65aff76428][/b:65aff76428]
    [*:65aff76428][b:65aff76428]Start dan de computer opnieuw op.[/color:65aff76428][/b:65aff76428][/list:u:65aff76428]
  • Ik heb dat gedaan. Ik snap alleen niet wat je bedoelt met het posten via de kleurcodeerder. Hier de log:


    ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 16:22:52.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.2365 [GMT 1:00]
    Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\vlindermeisje\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\pavboot64.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\pavboot64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_pavboot
    ——-\Service_pavboot
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 13:30 . 2012-02-12 13:34 ——– d—–w- C:\TDSSStarter
    2012-02-12 09:12 . 2012-02-12 09:12 ——– d—–w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics
    2012-02-12 09:11 . 2012-02-12 09:11 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Diagnostics
    2012-02-11 05:36 . 2012-01-06 05:15 8602168 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll
    2012-02-06 20:05 . 2012-02-06 20:05 ——– d—–w- c:\windows\system32\appmgmt
    2012-02-06 19:51 . 2012-02-06 19:51 ——– d—–w- c:\program files (x86)\ESET
    2012-02-06 19:26 . 2012-02-06 19:26 388096 —-a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 19:26 . 2012-02-06 19:26 ——– d—–w- c:\program files (x86)\Trend Micro
    2012-02-05 17:48 . 2011-11-28 17:53 304472 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-02-05 17:48 . 2011-11-28 17:51 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-02-05 17:47 . 2011-11-28 17:52 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-02-05 17:47 . 2011-11-28 17:52 58712 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-02-05 17:47 . 2011-11-28 17:54 591192 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-05 17:47 . 2011-11-28 17:52 66904 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-05 17:44 . 2011-11-28 18:01 41184 —-a-w- c:\windows\avastSS.scr
    2012-02-05 17:44 . 2011-11-28 18:01 199816 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-02-05 16:20 . 2012-02-06 20:15 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-02-05 16:20 . 2012-02-06 20:15 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2012-02-05 08:34 . 2012-02-05 08:34 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes
    2012-02-05 08:33 . 2012-02-05 08:33 ——– d—–w- c:\programdata\Malwarebytes
    2012-02-05 08:33 . 2012-02-05 08:33 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-05 08:33 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 14:17 . 2012-02-03 14:17 ——– d—–w- c:\users\vlindermeisje\Logitech
    2012-02-03 14:16 . 2012-02-03 14:17 ——– d—–w- c:\program files (x86)\Common Files\Remote Control Software Common
    2012-02-03 14:16 . 2012-02-03 14:16 ——– d—–w- c:\program files (x86)\Logitech
    2012-02-03 14:16 . 2012-02-03 14:16 ——– d—–w- c:\program files (x86)\Common Files\Remote Control USB Driver
    2012-02-03 14:15 . 2006-02-07 14:44 65024 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-02-03 14:15 . 2012-02-03 14:15 200836 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-02-03 14:15 . 2006-02-07 14:45 757760 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-02-03 14:15 . 2006-02-07 14:40 204800 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-02-03 14:15 . 2006-02-07 14:40 69715 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-02-03 14:15 . 2006-02-07 14:40 274432 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-02-03 14:15 . 2006-02-07 14:39 32768 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-02-03 14:15 . 2005-11-13 22:19 5632 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-02-03 14:15 . 2012-02-03 14:15 331908 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-01-28 10:20 . 2012-01-28 10:20 ——– d—–w- c:\users\vlindermeisje\VirtualBox VMs
    2012-01-28 10:19 . 2012-02-04 16:53 ——– d—–w- c:\users\vlindermeisje\.VirtualBox
    2012-01-28 10:18 . 2011-12-19 12:45 224048 —-a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-01-28 10:18 . 2012-02-05 16:05 ——– dc—-w- c:\windows\system32\DRVSTORE
    2012-01-28 10:18 . 2011-12-19 12:45 130864 —-a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-01-27 19:25 . 2012-01-27 20:23 ——– d—–w- C:\android_root
    2012-01-27 18:18 . 2012-01-27 18:23 ——– d—–w- c:\users\vlindermeisje\.android
    2012-01-27 18:17 . 2012-01-27 18:17 ——– d—–w- c:\program files (x86)\Android
    2012-01-27 18:16 . 2012-02-05 16:05 ——– d—–w- c:\program files\Oracle
    2012-01-27 18:15 . 2011-11-08 18:40 750488 —-a-w- c:\windows\system32
    pdeployJava1.dll
    2012-01-27 18:15 . 2011-11-08 18:40 660368 —-a-w- c:\windows\system32\deployJava1.dll
    2012-01-27 18:13 . 2012-01-27 18:15 ——– d—–w- c:\program files\Java
    2012-01-27 18:13 . 2012-02-06 18:41 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Htc
    2012-01-27 18:13 . 2012-01-27 18:14 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\HTC
    2012-01-27 18:10 . 2012-01-27 18:10 ——– d—–w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations
    2012-01-27 18:09 . 2012-01-27 18:09 ——– d—–w- c:\program files (x86)\Spirent Communications
    2012-01-27 18:09 . 2012-01-27 18:12 ——– d—–w- c:\program files (x86)\HTC
    2012-01-21 19:04 . 2012-01-25 17:54 ——– d—–w- c:\users\vlindermeisje\.freemind
    2012-01-21 19:04 . 2012-01-21 19:04 ——– d—–w- c:\program files (x86)\FreeMind
    2012-01-19 12:46 . 2012-01-19 12:46 ——– d—–w- c:\program files (x86)\KeyTweak
    2012-01-15 12:07 . 2012-02-12 07:47 ——– d—–r- c:\users\vlindermeisje\Dropbox
    2012-01-15 12:05 . 2012-02-12 07:47 ——– d—–w- c:\users\vlindermeisje\AppData\Roaming\Dropbox
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 23:52 . 2011-11-05 13:18 279656 ——w- c:\windows\system32\MpSigStub.exe
    2012-01-04 16:02 . 2012-01-04 16:02 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-12-19 12:45 . 2011-12-19 12:45 146736 —-a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2011-12-19 12:45 . 2011-12-19 12:45 117040 —-a-w- c:\windows\system32\drivers\VBoxUSB.sys
    2011-12-16 21:31 . 2011-03-28 17:36 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-14 22:26 . 2011-12-14 22:26 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-12-14 22:26 . 2011-12-14 22:26 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-12-14 22:26 . 2011-12-14 22:26 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-12-14 22:26 . 2011-12-14 22:26 85504 —-a-w- c:\windows\system32\iesetup.dll
    2011-12-14 22:26 . 2011-12-14 22:26 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-12-14 22:26 . 2011-12-14 22:26 76800 —-a-w- c:\windows\system32\tdc.ocx
    2011-12-14 22:26 . 2011-12-14 22:26 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-12-14 22:26 . 2011-12-14 22:26 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2011-12-14 22:26 . 2011-12-14 22:26 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2011-12-14 22:26 . 2011-12-14 22:26 603648 —-a-w- c:\windows\system32\vbscript.dll
    2011-12-14 22:26 . 2011-12-14 22:26 49664 —-a-w- c:\windows\system32\imgutil.dll
    2011-12-14 22:26 . 2011-12-14 22:26 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2011-12-14 22:26 . 2011-12-14 22:26 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-12-14 22:26 . 2011-12-14 22:26 448512 —-a-w- c:\windows\system32\html.iec
    2011-12-14 22:26 . 2011-12-14 22:26 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2011-12-14 22:26 . 2011-12-14 22:26 367104 —-a-w- c:\windows\SysWow64\html.iec
    2011-12-14 22:26 . 2011-12-14 22:26 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2011-12-14 22:26 . 2011-12-14 22:26 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2011-12-14 22:26 . 2011-12-14 22:26 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-12-14 22:26 . 2011-12-14 22:26 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-12-14 22:26 . 2011-12-14 22:26 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2011-12-14 22:26 . 2011-12-14 22:26 2309120 —-a-w- c:\windows\system32\jscript9.dll
    2011-12-14 22:26 . 2011-12-14 22:26 222208 —-a-w- c:\windows\system32\msls31.dll
    2011-12-14 22:26 . 2011-12-14 22:26 1798144 —-a-w- c:\windows\SysWow64\jscript9.dll
    2011-12-14 22:26 . 2011-12-14 22:26 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-12-14 22:26 . 2011-12-14 22:26 165888 —-a-w- c:\windows\system32\iexpress.exe
    2011-12-14 22:26 . 2011-12-14 22:26 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2011-12-14 22:26 . 2011-12-14 22:26 160256 —-a-w- c:\windows\system32\wextract.exe
    2011-12-14 22:26 . 2011-12-14 22:26 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2011-12-14 22:26 . 2011-12-14 22:26 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2011-12-14 22:26 . 2011-12-14 22:26 1493504 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 22:26 . 2011-12-14 22:26 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-12-14 22:26 . 2011-12-14 22:26 1427456 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-12-14 22:26 . 2011-12-14 22:26 1390080 —-a-w- c:\windows\system32\wininet.dll
    2011-12-14 22:26 . 2011-12-14 22:26 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-12-14 22:26 . 2011-12-14 22:26 12288 —-a-w- c:\windows\system32\mshta.exe
    2011-12-14 22:26 . 2011-12-14 22:26 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2011-12-14 22:26 . 2011-12-14 22:26 114176 —-a-w- c:\windows\system32\admparse.dll
    2011-12-14 22:26 . 2011-12-14 22:26 1127424 —-a-w- c:\windows\SysWow64\wininet.dll
    2011-12-14 22:26 . 2011-12-14 22:26 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2011-12-14 22:26 . 2011-12-14 22:26 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-12-14 22:26 . 2011-12-14 22:26 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2011-12-07 21:49 . 2011-12-07 21:49 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2011-11-05 13:23 256960 —-a-w- c:\windows\system32\aswBoot.exe
    2011-11-24 04:52 . 2011-12-14 18:05 3145216 —-a-w- c:\windows\system32\win32k.sys
    2011-11-20 10:09 . 2011-12-10 18:32 74752 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-11-19 14:58 . 2012-01-11 14:17 77312 —-a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 14:17 67072 —-a-w- c:\windows\SysWow64\packager.dll
    2011-11-17 06:49 . 2012-01-12 19:50 152432 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-11-17 06:49 . 2012-01-12 19:50 95600 —-a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-17 06:44 . 2012-01-12 19:50 459232 —-a-w- c:\windows\system32\drivers\cng.sys
    2011-11-17 06:41 . 2012-01-11 14:17 1731920 —-a-w- c:\windows\system32
    tdll.dll
    2011-11-17 06:35 . 2012-01-12 19:50 395776 —-a-w- c:\windows\system32\webio.dll
    2011-11-17 06:35 . 2012-01-12 19:50 136192 —-a-w- c:\windows\system32\sspicli.dll
    2011-11-17 06:35 . 2012-01-12 19:50 29184 —-a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 06:35 . 2012-01-12 19:50 340992 —-a-w- c:\windows\system32\schannel.dll
    2011-11-17 06:35 . 2012-01-12 19:50 28160 —-a-w- c:\windows\system32\secur32.dll
    2011-11-17 06:35 . 2012-01-12 19:50 1447936 —-a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 06:33 . 2012-01-12 19:50 31232 —-a-w- c:\windows\system32\lsass.exe
    2011-11-17 05:38 . 2012-01-11 14:17 1292080 —-a-w- c:\windows\SysWow64
    tdll.dll
    2011-11-17 05:35 . 2012-01-12 19:50 314880 —-a-w- c:\windows\SysWow64\webio.dll
    2011-11-17 05:34 . 2012-01-12 19:50 224768 —-a-w- c:\windows\SysWow64\schannel.dll
    2011-11-17 05:34 . 2012-01-12 19:50 22016 —-a-w- c:\windows\SysWow64\secur32.dll
    2011-11-17 05:28 . 2012-01-12 19:50 96768 —-a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_14.17.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2012-02-12 15:34 33706 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-11-05 13:30 . 2012-02-12 15:34 8662 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1447412775-543404776-4026076476-1000_UserData.bin
    - 2012-02-12 07:46 . 2012-02-12 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-12 15:32 . 2012-02-12 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-02-12 07:46 . 2012-02-12 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-02-12 15:32 . 2012-02-12 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-02-11 21:07 480184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-02-12 15:31 480184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-11-05 14:59 . 2012-02-12 15:31 33839820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1447412775-543404776-4026076476-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
    vhda64v.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 —-a-w- c:\windows\System32\cmd.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24]
    .
    2012-02-01 c:\windows\Tasks\SyncBack Monthly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-11 c:\windows\Tasks\SyncBack Nightly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    2012-02-05 c:\windows\Tasks\SyncBack Weekly.job
    - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896]
    "combofix"="c:\combofix\CF29422.3XE" [2010-11-20 345088]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-02-12 16:48:35 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-02-12 15:48
    ComboFix2.txt 2012-02-12 14:21
    .
    Pre-Run: 11.831.844.864 bytes free
    Post-Run: 11.630.362.624 bytes free
    .
    - - End Of File - - 0EBA08F9DC28C32FA252D84CF9B531A3
  • Hoe heeft jouw Windows op de laatste ComboFixscan gereageerd?
  • Geen echte verandering. Virusscanner wordt op dit moment wel herkend door Windows (maar hiervoor ook af en toe dus weet nog niet of dat is opgelost). Hij blijft echter (ongeveer 75% van de tijd) ontzettend traag. Op dit moment is hij ook erg traag en zit op de 94 tot 99% physical memory use.
  • Dan gaan we naar de volgende stap:

    Download de [b:979c725642]Emsisoft Emergency Kit[/color:979c725642][/b:979c725642] naar het bureaublad en pak het [b:979c725642]ZIP[/b:979c725642] bestand uit.
    [list:979c725642]
    [*:979c725642] Open de map "[b:979c725642]EmsisoftEmergencyKit[/b:979c725642]" en dubbelklik op "[b:979c725642]Start.exe[/b:979c725642]"
    [*:979c725642] Klik nu op "[b:979c725642]Emergency Kit Scanner[/b:979c725642]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:979c725642]Ja[/b:979c725642]"
    [img:979c725642]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:979c725642]
    [*:979c725642] Als de update gereed is en de melding "[b:979c725642]Update process is succesvol afgerond[/b:979c725642]" verschijnt klikt u op "[b:979c725642]menu[/b:979c725642]" en dan op "[b:979c725642]Scan PC[/b:979c725642]"
    [*:979c725642] Selecteer de optie "[b:979c725642]Diep[/b:979c725642]" als deze niet standaard al zo is ingesteld.
    [*:979c725642] Klik Nu op de knop "[b:979c725642]Scan[/b:979c725642]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
    [*:979c725642] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

    Opmerking:

    Als u deze melding ziet.

    [b:979c725642]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:979c725642]

    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:979c725642] "Versturen als vals alarm (False Positive)".[/b:979c725642]


    [*:979c725642] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:979c725642]verwijder geselecteerde[/b:979c725642]" u zal nu de volgende melding krijgen maar klik hier op "[b:979c725642]Ja[/b:979c725642]"
    [img:979c725642]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:979c725642]
    [*:979c725642] Als het verwijderen gereed is klikt u op de knop "[b:979c725642]View report[/b:979c725642]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:979c725642]a2scan_110730-111615.txt[/b:979c725642]
    [*:979c725642] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
    [*:979c725642] Herstart nu de computer.[/list:u:979c725642]
  • Hier is de log:


    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 12-2-2012 20:44:50

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 12-2-2012 20:45:23

    C:\Users\vlindermeisje\Documents\Backups\Desktop\B&w\Black And White - Keygen.exe Ontdekt: Riskware.Keygen.BlackAnd.White!IK

    Gescand

    Bestanden: 1150982
    Sporen: 404391
    Cookies: 147
    Processen: 59

    Gevonden

    Bestanden: 1
    Sporen: 0
    Cookies: 0
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 13-2-2012 0:23:10
    Scantijd: 3:37:47
  • Heb zojuist weer melding gekregen dat virusscanner en Windows Defender zijn uitgeschakeld. Ook dat is dus nog steeds aanwezig.
  • Dat je in ieder geval een keygen hebt gebruikt, zegt al veel over de problemen!

    [b:c29fae96bf]de ESET online scan (Klik).[/b:c29fae96bf]
    [list:c29fae96bf]
    [*:c29fae96bf]Klik op de knop [b:c29fae96bf]ESET Online Scanner[/b:c29fae96bf]
    [*:c29fae96bf]Zet een vinkje bij [b:c29fae96bf]YES, I accept the Terms of Use[/b:c29fae96bf]
    [*:c29fae96bf]Klik op [b:c29fae96bf]Start[/b:c29fae96bf]
    [*:c29fae96bf]Sta het ActiveX control toe om te installeren.
    [*:c29fae96bf]Zet een vinkje bij de volgende opties:
    [list:c29fae96bf][*:c29fae96bf][b:c29fae96bf]Remove found threats[/b:c29fae96bf]
    [*:c29fae96bf][b:c29fae96bf]Scan archives[/b:c29fae96bf][/list:u:c29fae96bf]
    [*:c29fae96bf]Klik vervolgens op [b:c29fae96bf]"Advanced Settings"[/color:c29fae96bf][/b:c29fae96bf]
    [list:c29fae96bf][*:c29fae96bf][b:c29fae96bf]Scan for potentially unwanted applications[/b:c29fae96bf]
    [*:c29fae96bf][b:c29fae96bf]Scan for potentially unsafe applications[/b:c29fae96bf]
    [*:c29fae96bf][b:c29fae96bf]Enable Anti-Stealth technology [/b:c29fae96bf][/list:u:c29fae96bf]
    [*:c29fae96bf]Klik op [b:c29fae96bf]Start[/b:c29fae96bf]
    [*:c29fae96bf]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:c29fae96bf]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
    [*:c29fae96bf]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
    [*:c29fae96bf]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:c29fae96bf]
    [b:c29fae96bf]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:c29fae96bf][/color:c29fae96bf]
  • Ik denk dat dat wel meevalt. Die keygen is van minstens 2 jaar geleden (wist niet eens dat hij er nog op stond, zal met een back-up mee zijn gegaan) en heb ik op deze installatie (2 maanden oud) niet gebruikt. Ik kan me dus niet voorstellen dat deze spontaan na meer dan 2 jaar opeens problemen oplevert. Maar kan me natuurlijk vergissen. ;-)

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=13a10c0234825842bf34666a9b471ed6
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-02-14 12:06:30
    # local_time=2012-02-14 01:06:30 (+0100, W. Europe Standard Time)
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 613509 613509 0 0
    # compatibility_mode=5893 16776573 100 94 7529 80796165 0 0
    # compatibility_mode=8192 67108863 100 0 612039 612039 0 0
    # scanned=273242
    # found=0
    # cleaned=0
    # scan_time=11675
  • Hoi vlindermeisje, wat betreft je opmerking over die keygen: ik ben blij dat je deze niet gebruikt gebruikt hebt.
    Verwijder dan ook die bestanden met die keygen volledig.

    En gebruik verder ook geen keygens, cracks enz., om op die wijze niet bloot te staan aan besmettingen in Windows!

    Een opmerking: Windows Defender is niet noodzakelijk bij gebruik van Avast!
    [b:50d956f995]Windows Defender deaktiveren[/b:50d956f995][/color:50d956f995]
    Daarvoor ga je naar "Start\Uitvoeren" en de opdracht luidt: [b:50d956f995]services.msc[/b:50d956f995].
    Klik op de knop OK.
    N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.

    In het venster Services scroll je naar [b:50d956f995]Windows Defender[/color:50d956f995][/b:50d956f995].
    Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd".

    Klik nu eerst op de knop [b:50d956f995]Toepassen[/b:50d956f995]; vervolgens klik je op de knop [b:50d956f995]Stoppen[/b:50d956f995], wacht even en klik uiteindelijk op [b:50d956f995]OK[/b:50d956f995].
    Daarna mag je het venster Services weer sluiten.


    Wat betreft Avast. mogelijk is Avast beschadigd.

    Installeer Avast dan ook opnieuw; het kan zijn dat je daarvoor eerst Avast moet deïnstalleren.

    [b:50d956f995]Downloadlink Avast 6 Free[/b:50d956f995]
  • Deze heb ik inderdaad ondertussen verwijderd, ook van al mijn back-ups. Keygens ben ik inderdaad al een flinke tijd van afgestapt.

    Ik heb Windows Defender gedeactiveerd. Avast had ik al opnieuw geinstalleerd voor het plaatsen van dit topic maar ik zal dit voor de zekerheid nogmaals proberen.
  • Post maar een nieuw Hijack This-log.
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:04:05, on 16-2-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\TrueCrypt\TrueCrypt.exe
    C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
    vvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12113 bytes
  • Ziet er goed uit, alleen Avast webrep mis ik.

    Ondervindt jij nog problemen?
    Zoja, welke precies?
  • Nog steeds dezelfde problemen (traag, bijna 100 procent memory-use) en een nieuw probleem. Ik krijg bij het intypen van CTRL-ALT-DEL sinds gisteren de melding: "the logon process was unable to display security and logon options when CTRL + ALT + DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch."

    Begin me af te vragen of m'n laptop niet gewoon defect is. Melding nog niet kunnen googlen want ik ben een chkdsk aan het doen en typ dit op een kleine telefoon.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.