Vraag & Antwoord

Beveiliging & privacy

PC langzaam + virusscanner uit?

28 antwoorden
  • Sinds ongeveer een week heb ik problemen met mijn laptop met Windows 7. Hij is, niet continu maar wel zeer regelmatig, ontzettend langzaam. Op deze momenten wordt er 100% CPU gebruikt óf tegen de 100% physical memory. Tegerlijktijd krijg ik af en toe de melding van Windows dat Avast doorgeeft dat Avast uitgeschakeld staat terwijl deze op dat moment niet uitgeschakeld staat en af en toe ook dat Windows Defender uitgeschakeld is. Ik heb verscheidene zaken geprobeerd maar het lukt mij niet om de oorzaak te vinden: 1) full scan gedraaid met Avast; geen malware 2) full scan gedraaid met MBAM; geen malware, zie scanresultaten hieronder 3) Avast opnieuw geinstalleerd (vanwege melding) 4) Online scan gedraaid (ESET); geen malware Ik meen geen vreemde zaken te hebben gedaan maar ben bang, vooral vanwege de melding met mijn virusscanner dat ik wellicht toch last heb van malware. Ik heb niet kunnen ontdekken wat de verschillen zijn tussen de momenten waarop de laptop traag is en niet. In- en uitschakelen van de netwerkverbinding lijkt weinig tot geen verschil te maken. Kan iemand naar mijn HiJackthis-log kijken of een andere tip geven waarmee ik verder kan onderzoeken wat er aan de hand is? [b:85ffc31e2a]MBAM[/b:85ffc31e2a] Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.07.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 naam:: naam-LAPTOP [administrator] 7-2-2012 6:51:01 mbam-log-2012-02-07 (06-51-01).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 462637 Time elapsed: 1 hour(s), 34 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) [b:85ffc31e2a]HIJackthis[/b:85ffc31e2a] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:05:20, on 12-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12272 bytes
  • Hallo vlindermeisje, dan moeten we maar dieper gaan kijken in jouw Windows. [b:17a22886c5]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:17a22886c5] [color=#0000FF:17a22886c5][list:17a22886c5][*:17a22886c5]Lees telkens elke instruktie eerst goed door. [*:17a22886c5]De gegeven instrukties gelden alleen jouw Windows. [*:17a22886c5]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken. [*:17a22886c5]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn. [*:17a22886c5]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef, [*:17a22886c5] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post. [*:17a22886c5]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:17a22886c5]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:17a22886c5]Ook indien je iets niet begrijpt, meldt dat dan. [*:17a22886c5]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:17a22886c5][/color:17a22886c5] [color=#FF0000:17a22886c5][b:17a22886c5]Stap •1•[/b:17a22886c5][/color:17a22886c5] [b:17a22886c5]Welk programma[/b:17a22886c5]: [b:17a22886c5]TDSSStarter.exe[/b:17a22886c5] [b:17a22886c5]Waarvoor/waarom[/b:17a22886c5]: Rootkitscanner [b:17a22886c5]Moeilijkheidsgraad[/b:17a22886c5]: geen Download [b:17a22886c5][url=http://home.kpn.nl/stefsmeenk/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:17a22886c5] naar het bureaublad. Tijdelijk downloadlink: [b:17a22886c5][url=http://www.malwareinfo.nl/tools/TDSSKStarter.exe]TDSSStarter[/url][/b:17a22886c5] [b:17a22886c5]"TDSSSStarter.exe" gebruiken[/b:17a22886c5]: [list:17a22886c5][*:17a22886c5] [b:17a22886c5][color=#0000FF:17a22886c5]Sluit nu eerst alle nog openstaande programmavensters![/color:17a22886c5][/b:17a22886c5] [list:17a22886c5][*:17a22886c5][b:17a22886c5][color=#0000FF:17a22886c5]Windows 2000[/color:17a22886c5][/b:17a22886c5] en [color=#0000FF:17a22886c5][b:17a22886c5]Windows XP[/b:17a22886c5][/color:17a22886c5]: start het tool middels dubbelklik op "[i:17a22886c5] TDSSStarter .exe[/i:17a22886c5]". [*:17a22886c5][color=#0000FF:17a22886c5][b:17a22886c5]Windows Vista[/b:17a22886c5][/color:17a22886c5] en [color=#0000FF:17a22886c5][b:17a22886c5]Windows 7[/b:17a22886c5][/color:17a22886c5]: start het tool middels rechtsklik op "[i:17a22886c5]TDSSStarter.exe[/i:17a22886c5]" en dan kiezen voor [i:17a22886c5][b:17a22886c5]Als Administrator uitvoeren[/b:17a22886c5][/i:17a22886c5].[/list:u:17a22886c5] [*:17a22886c5]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten. [*:17a22886c5]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:17a22886c5] [color=#FF0000:17a22886c5][b:17a22886c5]Stap •2•[/b:17a22886c5][/color:17a22886c5] [b:17a22886c5]Welk programma[/b:17a22886c5]: ComboFix [b:17a22886c5]Waarvoor/waarom[/b:17a22886c5]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:17a22886c5]Moeilijkheidsgraad[/b:17a22886c5]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:17a22886c5]Downloadlokatie[/b:17a22886c5]: Dit programma absoluut naar het bureaublad downloaden! [b:17a22886c5]Download ComboFix via één van deze locaties[/b:17a22886c5]: [list:17a22886c5][*:17a22886c5][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:17a22886c5]Bleepingcomputer[/b:17a22886c5][/url] [*:17a22886c5][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:17a22886c5]ForoSpyware[/b:17a22886c5][/url] [*:17a22886c5][url=http://subs.geekstogo.com/ComboFix.exe][b:17a22886c5]Geekstogo[/b:17a22886c5][/url][/list:u:17a22886c5] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:17a22886c5]Hier[/b:17a22886c5][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:17a22886c5]Hier[/b:17a22886c5][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:17a22886c5]hier[/b:17a22886c5][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:17a22886c5]Voor alle duidelijkheid nogmaals[/b:17a22886c5]: ComboFix dient vanaf het bureaublad gestart te worden. [b:17a22886c5]Opmerkingen[/b:17a22886c5]: [list:17a22886c5][*:17a22886c5] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:17a22886c5] [b:17a22886c5]ComboFix opstarten[/b:17a22886c5]: [list:17a22886c5][*:17a22886c5] [b:17a22886c5][color=#0000FF:17a22886c5]Sluit nu eerst alle nog openstaande programmavensters![/color:17a22886c5][/b:17a22886c5] [list:17a22886c5][*:17a22886c5][b:17a22886c5][color=#0000FF:17a22886c5]Windows 2000[/color:17a22886c5][/b:17a22886c5] en [color=#0000FF:17a22886c5][b:17a22886c5]Windows XP[/b:17a22886c5][/color:17a22886c5]: start ComboFix.exe middels dubbelklik op ComboFix.exe. [*:17a22886c5][color=#0000FF:17a22886c5][b:17a22886c5]Windows Vista[/b:17a22886c5][/color:17a22886c5] en [color=#0000FF:17a22886c5][b:17a22886c5]Windows 7[/b:17a22886c5][/color:17a22886c5]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:17a22886c5][b:17a22886c5]Als Administrator uitvoeren[/b:17a22886c5][/i:17a22886c5].[/list:u:17a22886c5][/list:u:17a22886c5] [b:17a22886c5]ComboFix is opgestart[/b:17a22886c5]: [list:17a22886c5][*:17a22886c5]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:17a22886c5]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen! [*:17a22886c5]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:17a22886c5]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:17a22886c5]Post de inhoud van dit logbestand in je volgende bericht. [*:17a22886c5]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:17a22886c5] [b:17a22886c5]Belangrijke opmerking[/b:17a22886c5]: [list:17a22886c5][*:17a22886c5][b:17a22886c5][color=Red:17a22886c5]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:17a22886c5][/b:17a22886c5] [*:17a22886c5][b:17a22886c5][color=blue:17a22886c5]Illegal operation attempted on a registery key that has been marked for deletion.[/color:17a22886c5][/b:17a22886c5] [*:17a22886c5][b:17a22886c5][color=Red:17a22886c5]Start dan de computer opnieuw op.[/color:17a22886c5][/b:17a22886c5][/list:u:17a22886c5] [color=#FF0000:17a22886c5][b:17a22886c5]Stap •3•[/b:17a22886c5][/color:17a22886c5] [b:17a22886c5]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:17a22886c5] [list:17a22886c5][*:17a22886c5] TDSSKStarter-log [*:17a22886c5] ComboFix.txt-log [/list:u:17a22886c5]
  • Hoi Abraham54, bedankt voor je reactie en je hulp. Ik heb de stappen uitgevoerd: [b:621797c59f]stap 1[/b:621797c59f] 14:31:14.0637 2560 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 14:31:14.0637 2560 ============================================================ 14:31:14.0637 2560 Current date / time: 2012/02/12 14:31:14.0637 14:31:14.0637 2560 SystemInfo: 14:31:14.0637 2560 14:31:14.0637 2560 OS Version: 6.1.7601 ServicePack: 1.0 14:31:14.0637 2560 Product type: Workstation 14:31:14.0637 2560 ComputerName: vlindermeisje-LAPTOP 14:31:14.0652 2560 UserName: vlindermeisje 14:31:14.0652 2560 Windows directory: C:\Windows 14:31:14.0652 2560 System windows directory: C:\Windows 14:31:14.0652 2560 Running under WOW64 14:31:14.0652 2560 Processor architecture: Intel x64 14:31:14.0652 2560 Number of processors: 4 14:31:14.0652 2560 Page size: 0x1000 14:31:14.0652 2560 Boot type: Normal boot 14:31:14.0652 2560 ============================================================ 14:31:17.0133 2560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:31:17.0164 2560 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:31:17.0179 2560 \Device\Harddisk0\DR0: 14:31:17.0179 2560 MBR used 14:31:17.0179 2560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:31:17.0179 2560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 14:31:17.0179 2560 \Device\Harddisk1\DR1: 14:31:17.0179 2560 MBR used 14:31:17.0179 2560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000 14:31:17.0601 2560 Initialize success 14:31:17.0601 2560 ============================================================ 14:31:17.0647 4960 ============================================================ 14:31:17.0647 4960 Scan started 14:31:17.0647 4960 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 14:31:17.0647 4960 ============================================================ 14:31:22.0639 4960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 14:31:24.0106 4960 1394ohci - ok 14:31:24.0574 4960 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys 14:31:25.0557 4960 Accelerometer - ok 14:31:26.0134 4960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 14:31:26.0290 4960 ACPI - ok 14:31:26.0680 4960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 14:31:26.0851 4960 AcpiPmi - ok 14:31:27.0413 4960 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 14:31:27.0444 4960 adfs - ok 14:31:28.0271 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:31:28.0411 4960 adp94xx - ok 14:31:29.0020 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:31:29.0051 4960 adpahci - ok 14:31:29.0457 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:31:29.0503 4960 adpu320 - ok 14:31:30.0143 4960 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 14:31:30.0424 4960 AFD - ok 14:31:30.0814 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 14:31:30.0845 4960 agp440 - ok 14:31:31.0531 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 14:31:31.0563 4960 aliide - ok 14:31:31.0875 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 14:31:31.0906 4960 amdide - ok 14:31:32.0218 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:31:32.0374 4960 AmdK8 - ok 14:31:32.0889 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:31:33.0201 4960 AmdPPM - ok 14:31:33.0622 4960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 14:31:33.0653 4960 amdsata - ok 14:31:34.0199 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:31:34.0324 4960 amdsbs - ok 14:31:35.0057 4960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 14:31:35.0088 4960 amdxata - ok 14:31:35.0587 4960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 14:31:35.0728 4960 AppID - ok 14:31:36.0523 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:31:36.0539 4960 arc - ok 14:31:37.0085 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:31:37.0101 4960 arcsas - ok 14:31:37.0912 4960 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys 14:31:37.0927 4960 aswFsBlk - ok 14:31:38.0629 4960 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys 14:31:38.0645 4960 aswMonFlt - ok 14:31:39.0347 4960 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys 14:31:39.0363 4960 aswRdr - ok 14:31:39.0955 4960 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys 14:31:40.0065 4960 aswSnx - ok 14:31:40.0470 4960 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys 14:31:40.0595 4960 aswSP - ok 14:31:41.0125 4960 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys 14:31:41.0141 4960 aswTdi - ok 14:31:41.0687 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:31:41.0968 4960 AsyncMac - ok 14:31:42.0483 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 14:31:42.0514 4960 atapi - ok 14:31:43.0403 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:31:43.0637 4960 b06bdrv - ok 14:31:43.0996 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:31:44.0214 4960 b57nd60a - ok 14:31:45.0275 4960 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys 14:31:45.0462 4960 BCM43XX - ok 14:31:45.0993 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:31:46.0164 4960 Beep - ok 14:31:46.0476 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:31:46.0554 4960 blbdrive - ok 14:31:47.0053 4960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 14:31:47.0147 4960 bowser - ok 14:31:47.0553 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:31:47.0662 4960 BrFiltLo - ok 14:31:47.0974 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:31:48.0067 4960 BrFiltUp - ok 14:31:48.0723 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:31:48.0832 4960 Brserid - ok 14:31:49.0378 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:31:49.0503 4960 BrSerWdm - ok 14:31:49.0971 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:31:50.0049 4960 BrUsbMdm - ok 14:31:50.0220 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:31:50.0314 4960 BrUsbSer - ok 14:31:50.0548 4960 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 14:31:50.0626 4960 BthEnum - ok 14:31:50.0719 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:31:50.0797 4960 BTHMODEM - ok 14:31:50.0985 4960 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 14:31:51.0125 4960 BthPan - ok 14:31:51.0733 4960 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 14:31:51.0889 4960 BTHPORT - ok 14:31:52.0295 4960 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 14:31:52.0482 4960 BTHUSB - ok 14:31:52.0810 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:31:52.0997 4960 cdfs - ok 14:31:53.0496 4960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 14:31:53.0621 4960 cdrom - ok 14:31:54.0058 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:31:54.0245 4960 circlass - ok 14:31:54.0682 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:31:54.0744 4960 CLFS - ok 14:31:55.0321 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:31:55.0555 4960 CmBatt - ok 14:31:56.0039 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 14:31:56.0086 4960 cmdide - ok 14:31:56.0460 4960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 14:31:56.0585 4960 CNG - ok 14:31:57.0100 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:31:57.0131 4960 Compbatt - ok 14:31:57.0615 4960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 14:31:57.0771 4960 CompositeBus - ok 14:31:58.0348 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:31:58.0363 4960 crcdisk - ok 14:31:59.0081 4960 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 14:31:59.0237 4960 CSC - ok 14:31:59.0783 4960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 14:31:59.0939 4960 DfsC - ok 14:32:00.0423 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:32:00.0610 4960 discache - ok 14:32:01.0218 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:32:01.0249 4960 Disk - ok 14:32:01.0749 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:32:01.0889 4960 drmkaud - ok 14:32:02.0419 4960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 14:32:02.0544 4960 DXGKrnl - ok 14:32:03.0667 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:32:04.0042 4960 ebdrv - ok 14:32:04.0728 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:32:04.0775 4960 elxstor - ok 14:32:05.0446 4960 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys 14:32:05.0477 4960 enecir - ok 14:32:05.0945 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 14:32:06.0195 4960 ErrDev - ok 14:32:07.0162 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:32:07.0411 4960 exfat - ok 14:32:08.0176 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:32:08.0379 4960 fastfat - ok 14:32:09.0143 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:32:09.0252 4960 fdc - ok 14:32:09.0907 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:32:09.0939 4960 FileInfo - ok 14:32:10.0500 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:32:10.0703 4960 Filetrace - ok 14:32:11.0374 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:32:11.0499 4960 flpydisk - ok 14:32:12.0232 4960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 14:32:12.0372 4960 FltMgr - ok 14:32:12.0934 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:32:12.0965 4960 FsDepends - ok 14:32:13.0230 4960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 14:32:13.0246 4960 Fs_Rec - ok 14:32:13.0651 4960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:32:13.0683 4960 fvevol - ok 14:32:14.0057 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:32:14.0073 4960 gagp30kx - ok 14:32:14.0665 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:32:14.0743 4960 hcw85cir - ok 14:32:15.0009 4960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 14:32:15.0149 4960 HdAudAddService - ok 14:32:15.0524 4960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 14:32:15.0617 4960 HDAudBus - ok 14:32:16.0007 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:32:16.0116 4960 HidBatt - ok 14:32:16.0350 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:32:16.0491 4960 HidBth - ok 14:32:16.0912 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:32:17.0006 4960 HidIr - ok 14:32:17.0286 4960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 14:32:17.0396 4960 HidUsb - ok 14:32:17.0988 4960 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys 14:32:18.0020 4960 hpdskflt - ok 14:32:18.0628 4960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 14:32:18.0659 4960 HpSAMD - ok 14:32:19.0080 4960 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys 14:32:19.0205 4960 HTCAND64 - ok 14:32:19.0533 4960 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys 14:32:19.0564 4960 htcnprot - ok 14:32:19.0907 4960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 14:32:20.0110 4960 HTTP - ok 14:32:20.0484 4960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 14:32:20.0516 4960 hwpolicy - ok 14:32:20.0952 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 14:32:21.0077 4960 i8042prt - ok 14:32:21.0389 4960 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys 14:32:21.0420 4960 iaStor - ok 14:32:21.0842 4960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 14:32:21.0904 4960 iaStorV - ok 14:32:22.0372 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:32:22.0388 4960 iirsp - ok 14:32:22.0622 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 14:32:22.0637 4960 intelide - ok 14:32:22.0949 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:32:23.0090 4960 intelppm - ok 14:32:23.0464 4960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:32:23.0542 4960 IpFilterDriver - ok 14:32:23.0854 4960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 14:32:23.0994 4960 IPMIDRV - ok 14:32:24.0322 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:32:24.0587 4960 IPNAT - ok 14:32:25.0008 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:32:25.0149 4960 IRENUM - ok 14:32:25.0773 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 14:32:25.0788 4960 isapnp - ok 14:32:26.0225 4960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 14:32:26.0288 4960 iScsiPrt - ok 14:32:26.0631 4960 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys 14:32:26.0662 4960 JMCR - ok 14:32:27.0255 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:32:27.0286 4960 kbdclass - ok 14:32:27.0770 4960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 14:32:27.0832 4960 kbdhid - ok 14:32:28.0253 4960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 14:32:28.0284 4960 KSecDD - ok 14:32:28.0643 4960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 14:32:28.0706 4960 KSecPkg - ok 14:32:29.0283 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:32:29.0439 4960 ksthunk - ok 14:32:29.0766 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:32:29.0907 4960 lltdio - ok 14:32:30.0546 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:32:30.0578 4960 LSI_FC - ok 14:32:31.0092 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:32:31.0124 4960 LSI_SAS - ok 14:32:31.0451 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:32:31.0467 4960 LSI_SAS2 - ok 14:32:31.0950 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:32:31.0966 4960 LSI_SCSI - ok 14:32:32.0387 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:32:32.0543 4960 luafv - ok 14:32:33.0120 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:32:33.0152 4960 megasas - ok 14:32:33.0651 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:32:33.0666 4960 MegaSR - ok 14:32:34.0197 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:32:34.0353 4960 Modem - ok 14:32:34.0727 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:32:34.0868 4960 monitor - ok 14:32:35.0304 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:32:35.0320 4960 mouclass - ok 14:32:36.0100 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:32:36.0240 4960 mouhid - ok 14:32:36.0771 4960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 14:32:36.0786 4960 mountmgr - ok 14:32:37.0114 4960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 14:32:37.0145 4960 mpio - ok 14:32:37.0691 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:32:37.0785 4960 mpsdrv - ok 14:32:38.0300 4960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 14:32:38.0409 4960 MRxDAV - ok 14:32:38.0892 4960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:32:38.0986 4960 mrxsmb - ok 14:32:39.0423 4960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:32:39.0797 4960 mrxsmb10 - ok 14:32:40.0593 4960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:32:40.0733 4960 mrxsmb20 - ok 14:32:41.0279 4960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 14:32:41.0295 4960 msahci - ok 14:32:41.0778 4960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 14:32:41.0810 4960 msdsm - ok 14:32:42.0324 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:32:42.0465 4960 Msfs - ok 14:32:43.0151 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:32:43.0448 4960 mshidkmdf - ok 14:32:43.0713 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 14:32:43.0728 4960 msisadrv - ok 14:32:44.0118 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:32:44.0196 4960 MSKSSRV - ok 14:32:44.0742 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:32:44.0805 4960 MSPCLOCK - ok 14:32:45.0320 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:32:45.0507 4960 MSPQM - ok 14:32:46.0037 4960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 14:32:46.0053 4960 MsRPC - ok 14:32:46.0396 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 14:32:46.0412 4960 mssmbios - ok 14:32:46.0677 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:32:46.0724 4960 MSTEE - ok 14:32:47.0067 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:32:47.0223 4960 MTConfig - ok 14:32:47.0738 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:32:47.0753 4960 Mup - ok 14:32:48.0393 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:32:48.0502 4960 NativeWifiP - ok 14:32:49.0095 4960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 14:32:49.0266 4960 NDIS - ok 14:32:49.0532 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:32:49.0703 4960 NdisCap - ok 14:32:49.0953 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:32:50.0078 4960 NdisTapi - ok 14:32:50.0343 4960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 14:32:50.0530 4960 Ndisuio - ok 14:32:50.0780 4960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 14:32:50.0842 4960 NdisWan - ok 14:32:51.0248 4960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 14:32:51.0482 4960 NDProxy - ok 14:32:51.0653 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:32:51.0794 4960 NetBIOS - ok 14:32:52.0215 4960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 14:32:52.0371 4960 NetBT - ok 14:32:52.0932 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:32:52.0964 4960 nfrd960 - ok 14:32:53.0213 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:32:53.0338 4960 Npfs - ok 14:32:53.0619 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:32:53.0759 4960 nsiproxy - ok 14:32:54.0102 4960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 14:32:54.0321 4960 Ntfs - ok 14:32:54.0695 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:32:54.0789 4960 Null - ok 14:32:55.0085 4960 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys 14:32:55.0101 4960 NVHDA - ok 14:32:59.0157 4960 nvlddmkm (9fc53830053787fad2078f39d3ab68dc) C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:32:59.0750 4960 nvlddmkm - ok 14:33:00.0093 4960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 14:33:00.0140 4960 nvraid - ok 14:33:00.0701 4960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 14:33:00.0717 4960 nvstor - ok 14:33:01.0310 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 14:33:01.0356 4960 nv_agp - ok 14:33:01.0590 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 14:33:03.0790 4960 ohci1394 - ok 14:33:04.0227 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:33:04.0258 4960 Parport - ok 14:33:04.0648 4960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 14:33:04.0679 4960 partmgr - ok 14:33:05.0288 4960 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys 14:33:05.0303 4960 pavboot - ok 14:33:05.0896 4960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 14:33:05.0927 4960 pci - ok 14:33:06.0458 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 14:33:06.0473 4960 pciide - ok 14:33:06.0848 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:33:06.0863 4960 pcmcia - ok 14:33:07.0409 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:33:07.0440 4960 pcw - ok 14:33:08.0002 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:33:08.0158 4960 PEAUTH - ok 14:33:08.0486 4960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 14:33:08.0626 4960 PptpMiniport - ok 14:33:08.0938 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:33:09.0016 4960 Processor - ok 14:33:09.0328 4960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 14:33:09.0468 4960 Psched - ok 14:33:09.0983 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:33:10.0264 4960 ql2300 - ok 14:33:10.0779 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:33:10.0810 4960 ql40xx - ok 14:33:10.0841 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:33:10.0982 4960 QWAVEdrv - ok 14:33:11.0356 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:33:11.0434 4960 RasAcd - ok 14:33:12.0120 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:33:12.0198 4960 RasAgileVpn - ok 14:33:12.0573 4960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:33:12.0744 4960 Rasl2tp - ok 14:33:13.0041 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:33:13.0166 4960 RasPppoe - ok 14:33:14.0070 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:33:14.0148 4960 RasSstp - ok 14:33:14.0570 4960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 14:33:14.0757 4960 rdbss - ok 14:33:15.0084 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:33:15.0240 4960 rdpbus - ok 14:33:15.0490 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:33:15.0630 4960 RDPCDD - ok 14:33:15.0818 4960 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 14:33:15.0974 4960 RDPDR - ok 14:33:16.0566 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:33:16.0613 4960 RDPENCDD - ok 14:33:16.0988 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:33:17.0050 4960 RDPREFMP - ok 14:33:17.0378 4960 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 14:33:25.0068 4960 RdpVideoMiniport - ok 14:33:25.0318 4960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 14:33:25.0396 4960 RDPWD - ok 14:33:26.0238 4960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 14:33:26.0270 4960 rdyboost - ok 14:33:27.0221 4960 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 14:33:27.0408 4960 RFCOMM - ok 14:33:28.0079 4960 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 14:33:28.0251 4960 RimUsb - ok 14:33:29.0140 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:33:29.0296 4960 rspndr - ok 14:33:29.0733 4960 RSUSBSTOR - ok 14:33:30.0950 4960 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:33:31.0246 4960 RTL8167 - ok 14:33:32.0073 4960 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 14:33:32.0322 4960 s3cap - ok 14:33:32.0790 4960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 14:33:32.0822 4960 sbp2port - ok 14:33:33.0711 4960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 14:33:33.0914 4960 scfilter - ok 14:33:34.0460 4960 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 14:33:34.0616 4960 sdbus - ok 14:33:35.0006 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:33:35.0130 4960 secdrv - ok 14:33:35.0583 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:33:35.0630 4960 Serenum - ok 14:33:36.0051 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:33:36.0082 4960 Serial - ok 14:33:36.0566 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:33:36.0597 4960 sermouse - ok 14:33:36.0753 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 14:33:36.0940 4960 sffdisk - ok 14:33:37.0424 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 14:33:37.0611 4960 sffp_mmc - ok 14:33:38.0874 4960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 14:33:39.0842 4960 sffp_sd - ok 14:33:40.0341 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:33:40.0372 4960 sfloppy - ok 14:33:40.0809 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:33:40.0824 4960 SiSRaid2 - ok 14:33:41.0152 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:33:41.0183 4960 SiSRaid4 - ok 14:33:41.0776 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:33:41.0870 4960 Smb - ok 14:33:42.0353 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:33:42.0384 4960 spldr - ok 14:33:42.0540 4960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 14:33:42.0650 4960 srv - ok 14:33:42.0790 4960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 14:33:42.0868 4960 srv2 - ok 14:33:42.0977 4960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 14:33:43.0336 4960 srvnet - ok 14:33:43.0866 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:33:43.0882 4960 stexstor - ok 14:33:44.0397 4960 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys 14:33:44.0615 4960 STHDA - ok 14:33:45.0005 4960 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 14:33:45.0036 4960 storflt - ok 14:33:45.0177 4960 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 14:33:46.0737 4960 storvsc - ok 14:33:47.0111 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 14:33:47.0127 4960 swenum - ok 14:33:47.0454 4960 Synth3dVsc - ok 14:33:48.0156 4960 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys 14:33:48.0250 4960 SynTP - ok 14:33:49.0311 4960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 14:33:49.0467 4960 Tcpip - ok 14:33:49.0716 4960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 14:33:49.0779 4960 TCPIP6 - ok 14:33:50.0216 4960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 14:33:50.0387 4960 tcpipreg - ok 14:33:50.0668 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:33:50.0840 4960 TDPIPE - ok 14:33:51.0370 4960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 14:33:51.0432 4960 TDTCP - ok 14:33:52.0025 4960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 14:33:52.0134 4960 tdx - ok 14:33:52.0353 4960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 14:33:52.0384 4960 TermDD - ok 14:33:52.0540 4960 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys 14:33:52.0665 4960 truecrypt - ok 14:33:53.0070 4960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:33:53.0195 4960 tssecsrv - ok 14:33:53.0304 4960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 14:33:53.0429 4960 TsUsbFlt - ok 14:33:53.0445 4960 tsusbhub - ok 14:33:53.0648 4960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 14:33:53.0772 4960 tunnel - ok 14:33:53.0882 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:33:53.0913 4960 uagp35 - ok 14:33:54.0116 4960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 14:33:54.0209 4960 udfs - ok 14:33:54.0350 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 14:33:54.0365 4960 uliagpkx - ok 14:33:54.0662 4960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 14:33:54.0802 4960 umbus - ok 14:33:55.0052 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:33:55.0083 4960 UmPass - ok 14:33:55.0676 4960 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 14:33:55.0832 4960 usbaudio - ok 14:33:56.0768 4960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 14:33:56.0970 4960 usbccgp - ok 14:33:58.0312 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 14:33:58.0452 4960 usbcir - ok 14:33:58.0764 4960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 14:33:58.0936 4960 usbehci - ok 14:33:59.0295 4960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 14:33:59.0466 4960 usbhub - ok 14:33:59.0716 4960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 14:33:59.0747 4960 usbohci - ok 14:34:00.0090 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:34:00.0215 4960 usbprint - ok 14:34:00.0761 4960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:34:00.0917 4960 USBSTOR - ok 14:34:01.0510 4960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 14:34:01.0572 4960 usbuhci - ok 14:34:01.0806 4960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 14:34:01.0900 4960 usbvideo - ok 14:34:01.0947 4960 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 14:34:02.0056 4960 usb_rndisx - ok 14:34:02.0430 4960 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 14:34:02.0462 4960 VBoxNetAdp - ok 14:34:02.0633 4960 VBoxNetFlt - ok 14:34:02.0883 4960 VBoxUSB (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys 14:34:02.0898 4960 VBoxUSB - ok 14:34:03.0476 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 14:34:03.0491 4960 vdrvroot - ok 14:34:03.0772 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:34:03.0912 4960 vga - ok 14:34:04.0053 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:34:04.0224 4960 VgaSave - ok 14:34:04.0864 4960 VGPU - ok 14:34:05.0145 4960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 14:34:05.0176 4960 vhdmp - ok 14:34:05.0441 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 14:34:05.0457 4960 viaide - ok 14:34:05.0691 4960 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 14:34:05.0722 4960 vmbus - ok 14:34:06.0143 4960 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 14:34:06.0393 4960 VMBusHID - ok 14:34:06.0845 4960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 14:34:06.0876 4960 volmgr - ok 14:34:07.0173 4960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 14:34:07.0360 4960 volmgrx - ok 14:34:07.0719 4960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 14:34:07.0766 4960 volsnap - ok 14:34:08.0280 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:34:08.0327 4960 vsmraid - ok 14:34:08.0920 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 14:34:09.0092 4960 vwifibus - ok 14:34:09.0622 4960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 14:34:09.0965 4960 vwififlt - ok 14:34:10.0293 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:34:10.0418 4960 WacomPen - ok 14:34:10.0621 4960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:34:11.0510 4960 WANARP - ok 14:34:11.0666 4960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:34:11.0728 4960 Wanarpv6 - ok 14:34:12.0196 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:34:12.0227 4960 Wd - ok 14:34:12.0508 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:34:12.0571 4960 Wdf01000 - ok 14:34:12.0976 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:34:16.0783 4960 WfpLwf - ok 14:34:17.0095 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:34:17.0126 4960 WIMMount - ok 14:34:17.0672 4960 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS 14:34:17.0859 4960 WINUSB - ok 14:34:18.0467 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 14:34:18.0608 4960 WmiAcpi - ok 14:34:19.0013 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:34:19.0216 4960 ws2ifsl - ok 14:34:19.0731 4960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 14:34:20.0183 4960 WudfPf - ok 14:34:20.0480 4960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:34:20.0558 4960 WUDFRd - ok 14:34:20.0636 4960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:34:20.0932 4960 \Device\Harddisk0\DR0 - ok 14:34:20.0932 4960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 14:34:21.0556 4960 \Device\Harddisk1\DR1 - ok 14:34:21.0572 4960 Boot (0x1200) (191c58afcbcc48a0877afcf304945e65) \Device\Harddisk0\DR0\Partition0 14:34:21.0572 4960 \Device\Harddisk0\DR0\Partition0 - ok 14:34:21.0587 4960 Boot (0x1200) (d49058e2d2b9cc411d9d7edcee4aada4) \Device\Harddisk0\DR0\Partition1 14:34:21.0587 4960 \Device\Harddisk0\DR0\Partition1 - ok 14:34:21.0587 4960 Boot (0x1200) (0d62821303dfbe6b60a7014e59e09559) \Device\Harddisk1\DR1\Partition0 14:34:21.0587 4960 \Device\Harddisk1\DR1\Partition0 - ok 14:34:21.0587 4960 ============================================================ 14:34:21.0587 4960 Scan finished 14:34:21.0587 4960 ============================================================ 14:34:23.0943 3576 Deinitialize success ============================================== Last Created System Restore Point ============================================== No restore point in system. ============================================== EOF [b:621797c59f]Stap 2[/b:621797c59f] ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 15:04:21.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.247 [GMT 1:00] Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))) . . 2012-02-12 13:30 . 2012-02-12 13:34 -------- d-----w- C:\TDSSStarter 2012-02-12 09:12 . 2012-02-12 09:12 -------- d-----w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics 2012-02-12 09:11 . 2012-02-12 09:11 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Diagnostics 2012-02-11 05:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll 2012-02-06 20:05 . 2012-02-06 20:05 -------- d-----w- c:\windows\system32\appmgmt 2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\ESET 2012-02-06 19:26 . 2012-02-06 19:26 388096 ----a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-06 19:26 . 2012-02-06 19:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-05 17:48 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-05 17:48 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-05 17:47 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-02-05 17:47 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-05 17:47 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-05 17:47 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-02-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-05 08:34 . 2012-02-05 08:34 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes 2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\programdata\Malwarebytes 2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-05 08:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 14:17 . 2012-02-03 14:17 -------- d-----w- c:\users\vlindermeisje\Logitech 2012-02-03 14:16 . 2012-02-03 14:17 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common 2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Logitech 2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver 2012-02-03 14:15 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-02-03 14:15 . 2012-02-03 14:15 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-02-03 14:15 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-02-03 14:15 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-02-03 14:15 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-02-03 14:15 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-02-03 14:15 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-02-03 14:15 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-02-03 14:15 . 2012-02-03 14:15 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-01-28 10:20 . 2012-01-28 10:20 -------- d-----w- c:\users\vlindermeisje\VirtualBox VMs 2012-01-28 10:19 . 2012-02-04 16:53 -------- d-----w- c:\users\vlindermeisje\.VirtualBox 2012-01-28 10:18 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-01-28 10:18 . 2012-02-05 16:05 -------- dc----w- c:\windows\system32\DRVSTORE 2012-01-28 10:18 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-01-27 19:25 . 2012-01-27 20:23 -------- d-----w- C:\android_root 2012-01-27 18:18 . 2012-01-27 18:23 -------- d-----w- c:\users\vlindermeisje\.android 2012-01-27 18:17 . 2012-01-27 18:17 -------- d-----w- c:\program files (x86)\Android 2012-01-27 18:16 . 2012-02-05 16:05 -------- d-----w- c:\program files\Oracle 2012-01-27 18:15 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-01-27 18:15 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-27 18:13 . 2012-01-27 18:15 -------- d-----w- c:\program files\Java 2012-01-27 18:13 . 2012-02-06 18:41 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Htc 2012-01-27 18:13 . 2012-01-27 18:14 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\HTC 2012-01-27 18:10 . 2012-01-27 18:10 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations 2012-01-27 18:09 . 2012-01-27 18:09 -------- d-----w- c:\program files (x86)\Spirent Communications 2012-01-27 18:09 . 2012-01-27 18:12 -------- d-----w- c:\program files (x86)\HTC 2012-01-21 19:04 . 2012-01-25 17:54 -------- d-----w- c:\users\vlindermeisje\.freemind 2012-01-21 19:04 . 2012-01-21 19:04 -------- d-----w- c:\program files (x86)\FreeMind 2012-01-19 12:46 . 2012-01-19 12:46 -------- d-----w- c:\program files (x86)\KeyTweak 2012-01-15 12:07 . 2012-02-12 07:47 -------- d-----r- c:\users\vlindermeisje\Dropbox 2012-01-15 12:05 . 2012-02-12 07:47 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-26 23:52 . 2011-11-05 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-04 16:02 . 2012-01-04 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-12-19 12:45 . 2011-12-19 12:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys 2011-12-16 21:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-12-14 22:26 . 2011-12-14 22:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-12-14 22:26 . 2011-12-14 22:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-12-14 22:26 . 2011-12-14 22:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-12-14 22:26 . 2011-12-14 22:26 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-12-14 22:26 . 2011-12-14 22:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-12-14 22:26 . 2011-12-14 22:26 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-12-14 22:26 . 2011-12-14 22:26 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-12-14 22:26 . 2011-12-14 22:26 448512 ----a-w- c:\windows\system32\html.iec 2011-12-14 22:26 . 2011-12-14 22:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-12-14 22:26 . 2011-12-14 22:26 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-12-14 22:26 . 2011-12-14 22:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-12-14 22:26 . 2011-12-14 22:26 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-14 22:26 . 2011-12-14 22:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-12-14 22:26 . 2011-12-14 22:26 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-12-14 22:26 . 2011-12-14 22:26 222208 ----a-w- c:\windows\system32\msls31.dll 2011-12-14 22:26 . 2011-12-14 22:26 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-12-14 22:26 . 2011-12-14 22:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-14 22:26 . 2011-12-14 22:26 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-12-14 22:26 . 2011-12-14 22:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-12-14 22:26 . 2011-12-14 22:26 160256 ----a-w- c:\windows\system32\wextract.exe 2011-12-14 22:26 . 2011-12-14 22:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-12-14 22:26 . 2011-12-14 22:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-12-14 22:26 . 2011-12-14 22:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-14 22:26 . 2011-12-14 22:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-12-14 22:26 . 2011-12-14 22:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-12-14 22:26 . 2011-12-14 22:26 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-12-14 22:26 . 2011-12-14 22:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-12-14 22:26 . 2011-12-14 22:26 12288 ----a-w- c:\windows\system32\mshta.exe 2011-12-14 22:26 . 2011-12-14 22:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-12-14 22:26 . 2011-12-14 22:26 114176 ----a-w- c:\windows\system32\admparse.dll 2011-12-14 22:26 . 2011-12-14 22:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-14 22:26 . 2011-12-14 22:26 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-12-14 22:26 . 2011-12-14 22:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-12-14 22:26 . 2011-12-14 22:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-12-07 21:49 . 2011-12-07 21:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2011-11-05 13:23 256960 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-24 04:52 . 2011-12-14 18:05 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 10:09 . 2011-12-10 18:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-11-19 14:58 . 2012-01-11 14:17 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 14:17 67072 ----a-w- c:\windows\SysWow64\packager.dll 2011-11-17 06:49 . 2012-01-12 19:50 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2011-11-17 06:49 . 2012-01-12 19:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-11-17 06:44 . 2012-01-12 19:50 459232 ----a-w- c:\windows\system32\drivers\cng.sys 2011-11-17 06:41 . 2012-01-11 14:17 1731920 ----a-w- c:\windows\system32\ntdll.dll 2011-11-17 06:35 . 2012-01-12 19:50 395776 ----a-w- c:\windows\system32\webio.dll 2011-11-17 06:35 . 2012-01-12 19:50 136192 ----a-w- c:\windows\system32\sspicli.dll 2011-11-17 06:35 . 2012-01-12 19:50 29184 ----a-w- c:\windows\system32\sspisrv.dll 2011-11-17 06:35 . 2012-01-12 19:50 340992 ----a-w- c:\windows\system32\schannel.dll 2011-11-17 06:35 . 2012-01-12 19:50 28160 ----a-w- c:\windows\system32\secur32.dll 2011-11-17 06:35 . 2012-01-12 19:50 1447936 ----a-w- c:\windows\system32\lsasrv.dll 2011-11-17 06:33 . 2012-01-12 19:50 31232 ----a-w- c:\windows\system32\lsass.exe 2011-11-17 05:38 . 2012-01-11 14:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-11-17 05:35 . 2012-01-12 19:50 314880 ----a-w- c:\windows\SysWow64\webio.dll 2011-11-17 05:34 . 2012-01-12 19:50 224768 ----a-w- c:\windows\SysWow64\schannel.dll 2011-11-17 05:34 . 2012-01-12 19:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2011-11-17 05:28 . 2012-01-12 19:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 53620504 *Deregistered* - 53620504 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24] . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24] . 2012-02-01 c:\windows\Tasks\SyncBack Monthly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-11 c:\windows\Tasks\SyncBack Nightly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-05 c:\windows\Tasks\SyncBack Weekly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil
  • Het log van ComboFix is niet compleet! Maar doe nu eerst het volgende: [b:87c5b3fca9]Welk programma[/b:87c5b3fca9]: "aswMBR.exe' [b:87c5b3fca9]Waarvoor/waarom[/b:87c5b3fca9]: MBR-Rootkitscanner [b:87c5b3fca9]Moeilijkheidsgraad[/b:87c5b3fca9]: geen [b:87c5b3fca9]Downloadlokatie[/b:87c5b3fca9]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:87c5b3fca9]Download[/b:87c5b3fca9] [b:87c5b3fca9]aswMBR.exe[/b:87c5b3fca9] [url=http://public.avast.com/~gmerek/aswMBR.exe][b:87c5b3fca9]hier[/b:87c5b3fca9][/url]. [b:87c5b3fca9]aswMBR.exe gebruiken[/b:87c5b3fca9]: [list:87c5b3fca9][*:87c5b3fca9]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe". [*:87c5b3fca9]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:87c5b3fca9]Als Administrator uitvoeren[/b:87c5b3fca9].[/list:u:87c5b3fca9] [list:87c5b3fca9][*:87c5b3fca9] Klik in het volgende venster op "[b:87c5b3fca9]Nee[/b:87c5b3fca9]"[/list:u:87c5b3fca9] [img:87c5b3fca9]http://www.imgdumper.nl/uploads4/4e4115af00b45/4e4115af00378-aswmbrno.png[/img:87c5b3fca9] [img:87c5b3fca9]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:87c5b3fca9] [list:87c5b3fca9][*:87c5b3fca9] Klik nu in het zwarte scherm op de knop [b:87c5b3fca9]Scan[/b:87c5b3fca9] [*:87c5b3fca9] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:87c5b3fca9]Save log[/b:87c5b3fca9][/list:u:87c5b3fca9] [img:87c5b3fca9]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:87c5b3fca9] [list:87c5b3fca9][*:87c5b3fca9] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen. [*:87c5b3fca9] Tevens vindt je nu op het bureaublad ook het bestand [b:87c5b3fca9]MBR.dat[/b:87c5b3fca9]! [*:87c5b3fca9] [b:87c5b3fca9]MBR.dat[/b:87c5b3fca9] is een backupbestand, bewaar dat dus voorlopig. [*:87c5b3fca9] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:87c5b3fca9]aswMBR.txt[/b:87c5b3fca9][*:87c5b3fca9] Post de inhoud van [b:87c5b3fca9]aswMBR.txt[/b:87c5b3fca9] in jouw volgende bericht.[/list:u:87c5b3fca9] N.B.: zorg er voor dat externe HD's/USB-sticks eerst worden verwijderd.
  • Ik zie het. Ik zal 'm nogmaals plaatsen. Heb eerst aswMBR.exe gedraaid: [b:8b2effef67]aswMBR:[/b:8b2effef67] aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-02-12 15:45:47 ----------------------------- 15:45:47.905 OS Version: Windows x64 6.1.7601 Service Pack 1 15:45:47.905 Number of processors: 4 586 0x2502 15:45:47.905 ComputerName: vlindermeisje-LAPTOP UserName: vlindermeisje 15:45:54.098 Initialize success 15:45:55.643 AVAST engine defs: 12021200 15:46:06.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 15:46:06.001 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3 15:46:06.017 Disk 0 MBR read successfully 15:46:06.017 Disk 0 MBR scan 15:46:06.048 Disk 0 Windows 7 default MBR code 15:46:06.063 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 15:46:06.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848 15:46:06.079 Service scanning 15:46:10.353 Modules scanning 15:46:10.353 Disk 0 trace - called modules: 15:46:10.385 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 15:46:10.385 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800583f060] 15:46:10.400 3 CLASSPNP.SYS[fffff88001b6b43f] -> nt!IofCallDriver -> [0xfffffa80056d9b10] 15:46:10.416 5 hpdskflt.sys[fffff88001b12189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a14050] 15:46:11.711 AVAST engine scan C:\Windows 15:46:15.158 AVAST engine scan C:\Windows\system32 15:49:45.072 AVAST engine scan C:\Windows\system32\drivers 15:50:00.360 AVAST engine scan C:\Users\vlindermeisje 15:59:09.668 AVAST engine scan C:\ProgramData 15:59:49.979 Scan finished successfully 16:00:51.693 Disk 0 MBR has been saved successfully to "C:\Users\vlindermeisje\Desktop\MBR.dat" 16:00:51.708 The log file has been saved successfully to "C:\Users\vlindermeisje\Desktop\aswMBR.txt" [b:8b2effef67]combofix poging 2:[/b:8b2effef67] ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 15:04:21.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.247 [GMT 1:00] Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))) . . 2012-02-12 13:30 . 2012-02-12 13:34 -------- d-----w- C:\TDSSStarter 2012-02-12 09:12 . 2012-02-12 09:12 -------- d-----w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics 2012-02-12 09:11 . 2012-02-12 09:11 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Diagnostics 2012-02-11 05:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll 2012-02-06 20:05 . 2012-02-06 20:05 -------- d-----w- c:\windows\system32\appmgmt 2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\ESET 2012-02-06 19:26 . 2012-02-06 19:26 388096 ----a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-06 19:26 . 2012-02-06 19:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-05 17:48 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-05 17:48 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-05 17:47 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-02-05 17:47 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-05 17:47 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-05 17:47 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-02-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-05 08:34 . 2012-02-05 08:34 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes 2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\programdata\Malwarebytes 2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-05 08:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 14:17 . 2012-02-03 14:17 -------- d-----w- c:\users\vlindermeisje\Logitech 2012-02-03 14:16 . 2012-02-03 14:17 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common 2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Logitech 2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver 2012-02-03 14:15 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-02-03 14:15 . 2012-02-03 14:15 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-02-03 14:15 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-02-03 14:15 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-02-03 14:15 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-02-03 14:15 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-02-03 14:15 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-02-03 14:15 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-02-03 14:15 . 2012-02-03 14:15 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-01-28 10:20 . 2012-01-28 10:20 -------- d-----w- c:\users\vlindermeisje\VirtualBox VMs 2012-01-28 10:19 . 2012-02-04 16:53 -------- d-----w- c:\users\vlindermeisje\.VirtualBox 2012-01-28 10:18 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-01-28 10:18 . 2012-02-05 16:05 -------- dc----w- c:\windows\system32\DRVSTORE 2012-01-28 10:18 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-01-27 19:25 . 2012-01-27 20:23 -------- d-----w- C:\android_root 2012-01-27 18:18 . 2012-01-27 18:23 -------- d-----w- c:\users\vlindermeisje\.android 2012-01-27 18:17 . 2012-01-27 18:17 -------- d-----w- c:\program files (x86)\Android 2012-01-27 18:16 . 2012-02-05 16:05 -------- d-----w- c:\program files\Oracle 2012-01-27 18:15 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-01-27 18:15 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-27 18:13 . 2012-01-27 18:15 -------- d-----w- c:\program files\Java 2012-01-27 18:13 . 2012-02-06 18:41 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Htc 2012-01-27 18:13 . 2012-01-27 18:14 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\HTC 2012-01-27 18:10 . 2012-01-27 18:10 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations 2012-01-27 18:09 . 2012-01-27 18:09 -------- d-----w- c:\program files (x86)\Spirent Communications 2012-01-27 18:09 . 2012-01-27 18:12 -------- d-----w- c:\program files (x86)\HTC 2012-01-21 19:04 . 2012-01-25 17:54 -------- d-----w- c:\users\vlindermeisje\.freemind 2012-01-21 19:04 . 2012-01-21 19:04 -------- d-----w- c:\program files (x86)\FreeMind 2012-01-19 12:46 . 2012-01-19 12:46 -------- d-----w- c:\program files (x86)\KeyTweak 2012-01-15 12:07 . 2012-02-12 07:47 -------- d-----r- c:\users\vlindermeisje\Dropbox 2012-01-15 12:05 . 2012-02-12 07:47 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-26 23:52 . 2011-11-05 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-04 16:02 . 2012-01-04 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-12-19 12:45 . 2011-12-19 12:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys 2011-12-16 21:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-12-14 22:26 . 2011-12-14 22:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-12-14 22:26 . 2011-12-14 22:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-12-14 22:26 . 2011-12-14 22:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-12-14 22:26 . 2011-12-14 22:26 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-12-14 22:26 . 2011-12-14 22:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-12-14 22:26 . 2011-12-14 22:26 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-12-14 22:26 . 2011-12-14 22:26 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-12-14 22:26 . 2011-12-14 22:26 448512 ----a-w- c:\windows\system32\html.iec 2011-12-14 22:26 . 2011-12-14 22:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-12-14 22:26 . 2011-12-14 22:26 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-12-14 22:26 . 2011-12-14 22:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-12-14 22:26 . 2011-12-14 22:26 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-14 22:26 . 2011-12-14 22:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-12-14 22:26 . 2011-12-14 22:26 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-12-14 22:26 . 2011-12-14 22:26 222208 ----a-w- c:\windows\system32\msls31.dll 2011-12-14 22:26 . 2011-12-14 22:26 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-12-14 22:26 . 2011-12-14 22:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-14 22:26 . 2011-12-14 22:26 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-12-14 22:26 . 2011-12-14 22:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-12-14 22:26 . 2011-12-14 22:26 160256 ----a-w- c:\windows\system32\wextract.exe 2011-12-14 22:26 . 2011-12-14 22:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-12-14 22:26 . 2011-12-14 22:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-12-14 22:26 . 2011-12-14 22:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-14 22:26 . 2011-12-14 22:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-12-14 22:26 . 2011-12-14 22:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-12-14 22:26 . 2011-12-14 22:26 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-12-14 22:26 . 2011-12-14 22:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-12-14 22:26 . 2011-12-14 22:26 12288 ----a-w- c:\windows\system32\mshta.exe 2011-12-14 22:26 . 2011-12-14 22:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-12-14 22:26 . 2011-12-14 22:26 114176 ----a-w- c:\windows\system32\admparse.dll 2011-12-14 22:26 . 2011-12-14 22:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-14 22:26 . 2011-12-14 22:26 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-12-14 22:26 . 2011-12-14 22:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-12-14 22:26 . 2011-12-14 22:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-12-07 21:49 . 2011-12-07 21:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2011-11-05 13:23 256960 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-24 04:52 . 2011-12-14 18:05 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 10:09 . 2011-12-10 18:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-11-19 14:58 . 2012-01-11 14:17 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 14:17 67072 ----a-w- c:\windows\SysWow64\packager.dll 2011-11-17 06:49 . 2012-01-12 19:50 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2011-11-17 06:49 . 2012-01-12 19:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-11-17 06:44 . 2012-01-12 19:50 459232 ----a-w- c:\windows\system32\drivers\cng.sys 2011-11-17 06:41 . 2012-01-11 14:17 1731920 ----a-w- c:\windows\system32\ntdll.dll 2011-11-17 06:35 . 2012-01-12 19:50 395776 ----a-w- c:\windows\system32\webio.dll 2011-11-17 06:35 . 2012-01-12 19:50 136192 ----a-w- c:\windows\system32\sspicli.dll 2011-11-17 06:35 . 2012-01-12 19:50 29184 ----a-w- c:\windows\system32\sspisrv.dll 2011-11-17 06:35 . 2012-01-12 19:50 340992 ----a-w- c:\windows\system32\schannel.dll 2011-11-17 06:35 . 2012-01-12 19:50 28160 ----a-w- c:\windows\system32\secur32.dll 2011-11-17 06:35 . 2012-01-12 19:50 1447936 ----a-w- c:\windows\system32\lsasrv.dll 2011-11-17 06:33 . 2012-01-12 19:50 31232 ----a-w- c:\windows\system32\lsass.exe 2011-11-17 05:38 . 2012-01-11 14:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-11-17 05:35 . 2012-01-12 19:50 314880 ----a-w- c:\windows\SysWow64\webio.dll 2011-11-17 05:34 . 2012-01-12 19:50 224768 ----a-w- c:\windows\SysWow64\schannel.dll 2011-11-17 05:34 . 2012-01-12 19:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2011-11-17 05:28 . 2012-01-12 19:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 53620504 *Deregistered* - 53620504 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24] . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24] . 2012-02-01 c:\windows\Tasks\SyncBack Monthly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-11 c:\windows\Tasks\SyncBack Nightly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-05 c:\windows\Tasks\SyncBack Weekly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-02-12 15:21:18 ComboFix-quarantined-files.txt 2012-02-12 14:21 . Pre-Run: 11.856.023.552 bytes free Post-Run: 11.786.752.000 bytes free . - - End Of File - - 066145A7AA612E3BB173F290FA2C75B8
  • Er is nog een onderdeel van een vorige Panda installatie in jouw Windows. Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:65aff76428]Kladblok (of Notepad)[/b:65aff76428]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:65aff76428][color=#0000FF:65aff76428]ClearJavaCache:: File:: c:\windows\system32\drivers\pavboot64.sys Driver:: pavboot64[/color:65aff76428][/b:65aff76428] Sla dit kladblokbestand op je bureaublad op als [b:65aff76428]CFScript.txt[/b:65aff76428]. [b:65aff76428][color=#FF0000:65aff76428]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:65aff76428][/b:65aff76428] Sleep CFScript.txt in ComboFix.exe [img:65aff76428]http://crew.nucia.eu/smeenk/CFScript.gif[/img:65aff76428] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder! Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:65aff76428]C:\Combofix.txt[/b:65aff76428] [b:65aff76428]Belangrijke opmerking[/b:65aff76428]: [list:65aff76428][*:65aff76428][b:65aff76428][color=#FF0000:65aff76428]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:65aff76428][/b:65aff76428] [*:65aff76428][b:65aff76428][color=#0000FF:65aff76428]Illegal operation attempted on a registery key that has been marked for deletion.[/color:65aff76428][/b:65aff76428] [*:65aff76428][b:65aff76428][color=#FF0000:65aff76428]Start dan de computer opnieuw op.[/color:65aff76428][/b:65aff76428][/list:u:65aff76428]
  • Ik heb dat gedaan. Ik snap alleen niet wat je bedoelt met het posten via de kleurcodeerder. Hier de log: ComboFix 12-02-11.03 - vlindermeisje 12-02-2012 16:22:52.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4023.2365 [GMT 1:00] Gestart vanuit: c:\users\vlindermeisje\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\vlindermeisje\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\pavboot64.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\pavboot64.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_pavboot -------\Service_pavboot . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))) . . 2012-02-12 13:30 . 2012-02-12 13:34 -------- d-----w- C:\TDSSStarter 2012-02-12 09:12 . 2012-02-12 09:12 -------- d-----w- c:\users\vlindermeisje\AppData\Local\ElevatedDiagnostics 2012-02-12 09:11 . 2012-02-12 09:11 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Diagnostics 2012-02-11 05:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3446D4C8-1BCA-4F85-B645-B8EDCD456BD4}\mpengine.dll 2012-02-06 20:05 . 2012-02-06 20:05 -------- d-----w- c:\windows\system32\appmgmt 2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\ESET 2012-02-06 19:26 . 2012-02-06 19:26 388096 ----a-r- c:\users\vlindermeisje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-06 19:26 . 2012-02-06 19:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-02-05 17:48 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-05 17:48 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-05 17:47 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-02-05 17:47 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-05 17:47 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-05 17:47 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-02-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-02-05 16:20 . 2012-02-06 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-05 08:34 . 2012-02-05 08:34 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Malwarebytes 2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\programdata\Malwarebytes 2012-02-05 08:33 . 2012-02-05 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-05 08:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 14:17 . 2012-02-03 14:17 -------- d-----w- c:\users\vlindermeisje\Logitech 2012-02-03 14:16 . 2012-02-03 14:17 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common 2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Logitech 2012-02-03 14:16 . 2012-02-03 14:16 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver 2012-02-03 14:15 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-02-03 14:15 . 2012-02-03 14:15 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-02-03 14:15 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-02-03 14:15 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-02-03 14:15 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-02-03 14:15 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-02-03 14:15 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-02-03 14:15 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-02-03 14:15 . 2012-02-03 14:15 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-01-28 10:20 . 2012-01-28 10:20 -------- d-----w- c:\users\vlindermeisje\VirtualBox VMs 2012-01-28 10:19 . 2012-02-04 16:53 -------- d-----w- c:\users\vlindermeisje\.VirtualBox 2012-01-28 10:18 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-01-28 10:18 . 2012-02-05 16:05 -------- dc----w- c:\windows\system32\DRVSTORE 2012-01-28 10:18 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-01-27 19:25 . 2012-01-27 20:23 -------- d-----w- C:\android_root 2012-01-27 18:18 . 2012-01-27 18:23 -------- d-----w- c:\users\vlindermeisje\.android 2012-01-27 18:17 . 2012-01-27 18:17 -------- d-----w- c:\program files (x86)\Android 2012-01-27 18:16 . 2012-02-05 16:05 -------- d-----w- c:\program files\Oracle 2012-01-27 18:15 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-01-27 18:15 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-27 18:13 . 2012-01-27 18:15 -------- d-----w- c:\program files\Java 2012-01-27 18:13 . 2012-02-06 18:41 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Htc 2012-01-27 18:13 . 2012-01-27 18:14 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\HTC 2012-01-27 18:10 . 2012-01-27 18:10 -------- d-----w- c:\users\vlindermeisje\AppData\Local\Downloaded Installations 2012-01-27 18:09 . 2012-01-27 18:09 -------- d-----w- c:\program files (x86)\Spirent Communications 2012-01-27 18:09 . 2012-01-27 18:12 -------- d-----w- c:\program files (x86)\HTC 2012-01-21 19:04 . 2012-01-25 17:54 -------- d-----w- c:\users\vlindermeisje\.freemind 2012-01-21 19:04 . 2012-01-21 19:04 -------- d-----w- c:\program files (x86)\FreeMind 2012-01-19 12:46 . 2012-01-19 12:46 -------- d-----w- c:\program files (x86)\KeyTweak 2012-01-15 12:07 . 2012-02-12 07:47 -------- d-----r- c:\users\vlindermeisje\Dropbox 2012-01-15 12:05 . 2012-02-12 07:47 -------- d-----w- c:\users\vlindermeisje\AppData\Roaming\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-26 23:52 . 2011-11-05 13:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-04 16:02 . 2012-01-04 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-12-19 12:45 . 2011-12-19 12:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys 2011-12-16 21:31 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-12-14 22:26 . 2011-12-14 22:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-12-14 22:26 . 2011-12-14 22:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-12-14 22:26 . 2011-12-14 22:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-12-14 22:26 . 2011-12-14 22:26 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-12-14 22:26 . 2011-12-14 22:26 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-12-14 22:26 . 2011-12-14 22:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-12-14 22:26 . 2011-12-14 22:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-12-14 22:26 . 2011-12-14 22:26 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-12-14 22:26 . 2011-12-14 22:26 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-12-14 22:26 . 2011-12-14 22:26 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-12-14 22:26 . 2011-12-14 22:26 448512 ----a-w- c:\windows\system32\html.iec 2011-12-14 22:26 . 2011-12-14 22:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-12-14 22:26 . 2011-12-14 22:26 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-12-14 22:26 . 2011-12-14 22:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-12-14 22:26 . 2011-12-14 22:26 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-12-14 22:26 . 2011-12-14 22:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-14 22:26 . 2011-12-14 22:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-12-14 22:26 . 2011-12-14 22:26 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-12-14 22:26 . 2011-12-14 22:26 222208 ----a-w- c:\windows\system32\msls31.dll 2011-12-14 22:26 . 2011-12-14 22:26 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-12-14 22:26 . 2011-12-14 22:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-14 22:26 . 2011-12-14 22:26 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-12-14 22:26 . 2011-12-14 22:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-12-14 22:26 . 2011-12-14 22:26 160256 ----a-w- c:\windows\system32\wextract.exe 2011-12-14 22:26 . 2011-12-14 22:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-12-14 22:26 . 2011-12-14 22:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-12-14 22:26 . 2011-12-14 22:26 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-14 22:26 . 2011-12-14 22:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-12-14 22:26 . 2011-12-14 22:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-12-14 22:26 . 2011-12-14 22:26 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-12-14 22:26 . 2011-12-14 22:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-12-14 22:26 . 2011-12-14 22:26 12288 ----a-w- c:\windows\system32\mshta.exe 2011-12-14 22:26 . 2011-12-14 22:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-12-14 22:26 . 2011-12-14 22:26 114176 ----a-w- c:\windows\system32\admparse.dll 2011-12-14 22:26 . 2011-12-14 22:26 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-14 22:26 . 2011-12-14 22:26 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-12-14 22:26 . 2011-12-14 22:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-12-14 22:26 . 2011-12-14 22:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-12-07 21:49 . 2011-12-07 21:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2011-11-05 13:23 256960 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-24 04:52 . 2011-12-14 18:05 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 10:09 . 2011-12-10 18:32 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-11-19 14:58 . 2012-01-11 14:17 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 14:17 67072 ----a-w- c:\windows\SysWow64\packager.dll 2011-11-17 06:49 . 2012-01-12 19:50 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2011-11-17 06:49 . 2012-01-12 19:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-11-17 06:44 . 2012-01-12 19:50 459232 ----a-w- c:\windows\system32\drivers\cng.sys 2011-11-17 06:41 . 2012-01-11 14:17 1731920 ----a-w- c:\windows\system32\ntdll.dll 2011-11-17 06:35 . 2012-01-12 19:50 395776 ----a-w- c:\windows\system32\webio.dll 2011-11-17 06:35 . 2012-01-12 19:50 136192 ----a-w- c:\windows\system32\sspicli.dll 2011-11-17 06:35 . 2012-01-12 19:50 29184 ----a-w- c:\windows\system32\sspisrv.dll 2011-11-17 06:35 . 2012-01-12 19:50 340992 ----a-w- c:\windows\system32\schannel.dll 2011-11-17 06:35 . 2012-01-12 19:50 28160 ----a-w- c:\windows\system32\secur32.dll 2011-11-17 06:35 . 2012-01-12 19:50 1447936 ----a-w- c:\windows\system32\lsasrv.dll 2011-11-17 06:33 . 2012-01-12 19:50 31232 ----a-w- c:\windows\system32\lsass.exe 2011-11-17 05:38 . 2012-01-11 14:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-11-17 05:35 . 2012-01-12 19:50 314880 ----a-w- c:\windows\SysWow64\webio.dll 2011-11-17 05:34 . 2012-01-12 19:50 224768 ----a-w- c:\windows\SysWow64\schannel.dll 2011-11-17 05:34 . 2012-01-12 19:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2011-11-17 05:28 . 2012-01-12 19:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-12_14.17.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-02-12 15:34 33706 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-05 13:30 . 2012-02-12 15:34 8662 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1447412775-543404776-4026076476-1000_UserData.bin - 2012-02-12 07:46 . 2012-02-12 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-12 15:32 . 2012-02-12 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-12 07:46 . 2012-02-12 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-12 15:32 . 2012-02-12 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-02-11 21:07 480184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-12 15:31 480184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-05 14:59 . 2012-02-12 15:31 33839820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1447412775-543404776-4026076476-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-10 738168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\users\vlindermeisje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-11 1038088] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24] . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 13:24] . 2012-02-01 c:\windows\Tasks\SyncBack Monthly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-11 c:\windows\Tasks\SyncBack Nightly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-11 c:\windows\Tasks\SyncBack School_dropbox.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . 2012-02-05 c:\windows\Tasks\SyncBack Weekly.job - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2011-11-05 14:42] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\vlindermeisje\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-12-09 611896] "combofix"="c:\combofix\CF29422.3XE" [2010-11-20 345088] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\vlindermeisje\AppData\Roaming\Mozilla\Firefox\Profiles\aenfudpd.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Voltooingstijd: 2012-02-12 16:48:35 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-12 15:48 ComboFix2.txt 2012-02-12 14:21 . Pre-Run: 11.831.844.864 bytes free Post-Run: 11.630.362.624 bytes free . - - End Of File - - 0EBA08F9DC28C32FA252D84CF9B531A3
  • Hoe heeft jouw Windows op de laatste ComboFixscan gereageerd?
  • Geen echte verandering. Virusscanner wordt op dit moment wel herkend door Windows (maar hiervoor ook af en toe dus weet nog niet of dat is opgelost). Hij blijft echter (ongeveer 75% van de tijd) ontzettend traag. Op dit moment is hij ook erg traag en zit op de 94 tot 99% physical memory use.
  • Dan gaan we naar de volgende stap: Download de [b:979c725642][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:979c725642]Emsisoft Emergency Kit[/color:979c725642][/url][/b:979c725642] naar het bureaublad en pak het [b:979c725642]ZIP[/b:979c725642] bestand uit. [list:979c725642] [*:979c725642] Open de map "[b:979c725642]EmsisoftEmergencyKit[/b:979c725642]" en dubbelklik op "[b:979c725642]Start.exe[/b:979c725642]" [*:979c725642] Klik nu op "[b:979c725642]Emergency Kit Scanner[/b:979c725642]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:979c725642]Ja[/b:979c725642]" [img:979c725642]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:979c725642] [*:979c725642] Als de update gereed is en de melding "[b:979c725642]Update process is succesvol afgerond[/b:979c725642]" verschijnt klikt u op "[b:979c725642]menu[/b:979c725642]" en dan op "[b:979c725642]Scan PC[/b:979c725642]" [*:979c725642] Selecteer de optie "[b:979c725642]Diep[/b:979c725642]" als deze niet standaard al zo is ingesteld. [*:979c725642] Klik Nu op de knop "[b:979c725642]Scan[/b:979c725642]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:979c725642] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. Opmerking: Als u deze melding ziet. [b:979c725642]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:979c725642] Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:979c725642] "Versturen als vals alarm (False Positive)".[/b:979c725642] [*:979c725642] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:979c725642]verwijder geselecteerde[/b:979c725642]" u zal nu de volgende melding krijgen maar klik hier op "[b:979c725642]Ja[/b:979c725642]" [img:979c725642]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:979c725642] [*:979c725642] Als het verwijderen gereed is klikt u op de knop "[b:979c725642]View report[/b:979c725642]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:979c725642]a2scan_110730-111615.txt[/b:979c725642] [*:979c725642] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:979c725642] Herstart nu de computer.[/list:u:979c725642]
  • Hier is de log: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 12-2-2012 20:44:50 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 12-2-2012 20:45:23 C:\Users\vlindermeisje\Documents\Backups\Desktop\B&w\Black And White - Keygen.exe Ontdekt: Riskware.Keygen.BlackAnd.White!IK Gescand Bestanden: 1150982 Sporen: 404391 Cookies: 147 Processen: 59 Gevonden Bestanden: 1 Sporen: 0 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 13-2-2012 0:23:10 Scantijd: 3:37:47
  • Heb zojuist weer melding gekregen dat virusscanner en Windows Defender zijn uitgeschakeld. Ook dat is dus nog steeds aanwezig.
  • Dat je in ieder geval een keygen hebt gebruikt, zegt al veel over de problemen! [b:c29fae96bf][url=http://www.eset.com/onlinescan/]de ESET online scan (Klik).[/url][/b:c29fae96bf] [list:c29fae96bf] [*:c29fae96bf]Klik op de knop [b:c29fae96bf]ESET Online Scanner[/b:c29fae96bf] [*:c29fae96bf]Zet een vinkje bij [b:c29fae96bf]YES, I accept the Terms of Use[/b:c29fae96bf] [*:c29fae96bf]Klik op [b:c29fae96bf]Start[/b:c29fae96bf] [*:c29fae96bf]Sta het ActiveX control toe om te installeren. [*:c29fae96bf]Zet een vinkje bij de volgende opties: [list:c29fae96bf][*:c29fae96bf][b:c29fae96bf]Remove found threats[/b:c29fae96bf] [*:c29fae96bf][b:c29fae96bf]Scan archives[/b:c29fae96bf][/list:u:c29fae96bf] [*:c29fae96bf]Klik vervolgens op [b:c29fae96bf][color=#0000FF:c29fae96bf]"Advanced Settings"[/color:c29fae96bf][/b:c29fae96bf] [list:c29fae96bf][*:c29fae96bf][b:c29fae96bf]Scan for potentially unwanted applications[/b:c29fae96bf] [*:c29fae96bf][b:c29fae96bf]Scan for potentially unsafe applications[/b:c29fae96bf] [*:c29fae96bf][b:c29fae96bf]Enable Anti-Stealth technology [/b:c29fae96bf][/list:u:c29fae96bf] [*:c29fae96bf]Klik op [b:c29fae96bf]Start[/b:c29fae96bf] [*:c29fae96bf]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:c29fae96bf]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:c29fae96bf]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt [*:c29fae96bf]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:c29fae96bf] [color=#0000FF:c29fae96bf][b:c29fae96bf]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:c29fae96bf][/color:c29fae96bf]
  • Ik denk dat dat wel meevalt. Die keygen is van minstens 2 jaar geleden (wist niet eens dat hij er nog op stond, zal met een back-up mee zijn gegaan) en heb ik op deze installatie (2 maanden oud) niet gebruikt. Ik kan me dus niet voorstellen dat deze spontaan na meer dan 2 jaar opeens problemen oplevert. Maar kan me natuurlijk vergissen. ;-) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=13a10c0234825842bf34666a9b471ed6 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-02-14 12:06:30 # local_time=2012-02-14 01:06:30 (+0100, W. Europe Standard Time) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 613509 613509 0 0 # compatibility_mode=5893 16776573 100 94 7529 80796165 0 0 # compatibility_mode=8192 67108863 100 0 612039 612039 0 0 # scanned=273242 # found=0 # cleaned=0 # scan_time=11675
  • Hoi vlindermeisje, wat betreft je opmerking over die keygen: ik ben blij dat je deze niet gebruikt gebruikt hebt. Verwijder dan ook die bestanden met die keygen volledig. En gebruik verder ook geen keygens, cracks enz., om op die wijze niet bloot te staan aan besmettingen in Windows! Een opmerking: Windows Defender is niet noodzakelijk bij gebruik van Avast! [color=#0000FF:50d956f995][b:50d956f995]Windows Defender deaktiveren[/b:50d956f995][/color:50d956f995] Daarvoor ga je naar "Start\Uitvoeren" en de opdracht luidt: [b:50d956f995]services.msc[/b:50d956f995]. Klik op de knop OK. N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken. In het venster Services scroll je naar [b:50d956f995][color=#0000FF:50d956f995]Windows Defender[/color:50d956f995][/b:50d956f995]. Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd". Klik nu eerst op de knop [b:50d956f995]Toepassen[/b:50d956f995]; vervolgens klik je op de knop [b:50d956f995]Stoppen[/b:50d956f995], wacht even en klik uiteindelijk op [b:50d956f995]OK[/b:50d956f995]. Daarna mag je het venster Services weer sluiten. Wat betreft Avast. mogelijk is Avast beschadigd. Installeer Avast dan ook opnieuw; het kan zijn dat je daarvoor eerst Avast moet deïnstalleren. [url=http://www.av.eu/nl/avast_antivirus_producten/avast_Free_Antivirus/][b:50d956f995]Downloadlink Avast 6 Free[/b:50d956f995][/url]
  • Deze heb ik inderdaad ondertussen verwijderd, ook van al mijn back-ups. Keygens ben ik inderdaad al een flinke tijd van afgestapt. Ik heb Windows Defender gedeactiveerd. Avast had ik al opnieuw geinstalleerd voor het plaatsen van dit topic maar ik zal dit voor de zekerheid nogmaals proberen.
  • Post maar een nieuw Hijack This-log.
  • Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:04:05, on 16-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Users\vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1447412775-543404776-4026076476-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = vlindermeisje\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12113 bytes
  • Ziet er goed uit, alleen Avast webrep mis ik. Ondervindt jij nog problemen? Zoja, welke precies?
  • Nog steeds dezelfde problemen (traag, bijna 100 procent memory-use) en een nieuw probleem. Ik krijg bij het intypen van CTRL-ALT-DEL sinds gisteren de melding: "the logon process was unable to display security and logon options when CTRL + ALT + DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch." Begin me af te vragen of m'n laptop niet gewoon defect is. Melding nog niet kunnen googlen want ik ben een chkdsk aan het doen en typ dit op een kleine telefoon.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.